Tuesday, September 1, 2015

OSPF Route Filtering



Case 1 Route filtering with Distribute list

R6

int lo5
ip add 69.1.1.1 255.255.255.255
int lo6
ip add 69.2.1.1 255.255.255.255
int lo7
ip add 69.3.1.1 255.255.255.255
int lo8
ip add 69.4.1.1 255.255.255.255

router ospf 10
#net 69.0.0.0 0.255.255.255 area 3

R1

access-list 1 deny   69.1.1.1
access-list 1 deny   69.2.1.1
access-list 1 permit any

router ospf 10
distribute-list 1 in

***************************LOG************************
********************************************************

Before applying the configuration n R1

R1

      69.0.0.0/32 is subnetted, 4 subnets
O        69.1.1.1 [110/2] via 16.0.0.6, 00:00:06, FastEthernet0/0
O        69.2.1.1 [110/2] via 16.0.0.6, 00:00:07, FastEthernet0/0
O        69.3.1.1 [110/2] via 16.0.0.6, 00:00:07, FastEthernet0/0
O        69.4.1.1 [110/2] via 16.0.0.6, 00:00:07, FastEthernet0/0

after applying the Configuration

      69.0.0.0/32 is subnetted, 2 subnets
O        69.3.1.1 [110/2] via 16.0.0.6, 00:00:06, FastEthernet0/0
O        69.4.1.1 [110/2] via 16.0.0.6, 00:00:06, FastEthernet0/0

69.1.1.1 & 69.2.1.1 is not in Routing table but it will not prevent prefix in Database so  other router will have routes in  routing table.
filter is  only local to the router’s routing table
in 

R2

R2#sh ip ospf  database |  be  Summary Net Link States
                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
6.6.6.6         1.1.1.1         924         0x80000001 0x006AB4
9.9.9.9         2.2.2.2         1689        0x80000003 0x00E73A
16.0.0.0        1.1.1.1         697         0x80000005 0x009C87
69.1.1.1        1.1.1.1         720         0x80000001 0x00D915
69.2.1.1        1.1.1.1         720         0x80000001 0x00CD20
69.3.1.1        1.1.1.1         720         0x80000001 0x00C12B
69.4.1.1        1.1.1.1         720         0x80000001 0x00B536
172.16.0.2      2.2.2.2         938         0x80000005 0x00ABC6
172.16.0.9      2.2.2.2         938         0x80000005 0x0099E5

      69.0.0.0/32 is subnetted, 4 subnets
O IA     69.1.1.1 [110/4] via 23.0.0.3, 00:13:00, FastEthernet0/1
O IA     69.2.1.1 [110/4] via 23.0.0.3, 00:13:00, FastEthernet0/1
O IA     69.3.1.1 [110/4] via 23.0.0.3, 00:13:00, FastEthernet0/1
O IA     69.4.1.1 [110/4] via 23.0.0.3, 00:13:00, FastEthernet0/1

Case -2 OSPF Filtering with Route-Maps

R1(config)#router ospf 10
R1(config-router)#no distribute-list 1 in

route-map filter deny 10
 match ip address 1
!
route-map filter permit 20
!
!
access-list 1 permit 69.1.1.1
access-list 1 permit 69.2.1.1

!



R1(config-router)#distribute-list route-map filter out
% OUT direction is not allowed in case of OSPF

router ospf 10
distribute-list route-map filter in

**************LOGS***************



R1

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
6.6.6.6         1.1.1.1         1489        0x80000001 0x006AB4
9.9.9.9         2.2.2.2         238         0x80000004 0x00E53B
16.0.0.0        1.1.1.1         1262        0x80000005 0x009C87
69.1.1.1        1.1.1.1         1285        0x80000001 0x00D915
69.2.1.1        1.1.1.1         1285        0x80000001 0x00CD20
69.3.1.1        1.1.1.1         1285        0x80000001 0x00C12B
69.4.1.1        1.1.1.1         1285        0x80000001 0x00B536
172.16.0.2      2.2.2.2         1506        0x80000005 0x00ABC6
172.16.0.9      2.2.2.2         1506        0x80000005 0x0099E5

R1#sh ip  route 69.1.1.1
% Subnet not in table

R1#sh ip  route 69.2.1.1
% Subnet not in table

R1#sh ip  route 69.3.1.1
Routing entry for 69.3.1.1/32
  Known via "ospf 10", distance 110, metric 2, type intra area
  Last update from 16.0.0.6 on FastEthernet0/0, 00:00:49 ago
  Routing Descriptor Blocks:
  * 16.0.0.6, from 66.6.6.6, 00:00:49 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is 1

R1#sh ip  route 69.4.1.1
Routing entry for 69.4.1.1/32
  Known via "ospf 10", distance 110, metric 2, type intra area
  Last update from 16.0.0.6 on FastEthernet0/0, 00:00:57 ago
  Routing Descriptor Blocks:
  * 16.0.0.6, from 66.6.6.6, 00:00:57 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is 1



No comments:

Post a Comment