Saturday, July 2, 2011

LAB: OSPF LSA Type-3 Filtering


- Configure LSA Type-3 Filtering on R5 so that devices in area 0 do not have reachability information about the layer 3 EtherChannel link between SW2 and SW4 or SW4’s Loopback0 interface.
- Configure LSA Type-3 Filtering on R2 so that devices in area 51 do not have reachability information about the Loopback0 interface of R5; this should not affect devices in area 5.


LSA Type-3 Filtering is used to remove or filter LSAs from the database as advertisements move between areas.  it can be used to permit/deny any arbitrary inter-area routes based on a prefix-list.

filter list syntax supports both direction in/out allow to control LSAs especially on ABRs that terminate multiple areas.

on this scenario for R5 which is the ABR for area 0 and area 3 only.  we can use the syntax
area 3 filter-list prefix AREA_3_ROUTES out  
or
area 0 filter-list prefix AREA_3_ROUTES in
achieving the same result.

while on R2 which is the ABR of Areas 0, 5 and 51. filtering devices in area 51 to not have reachability information about the loopback int of R5.
area 51 filter-list prefix R5_LOOPBACK out this will apply to prefixes leaving area 0 going into 5 and 51, which in this case R5 loopback would not enter area 5 and 51 on R2.

area 51 filter-list prefix R5_LOOPBACK in  this will apply prefixes leaving area 0 and 51, R5's loopback enters area 5 but not area 51.

Rack1R2#show ip ospf database | begin  Area 51
*Mar  1 00:37:12.751: %SYS-5-CONFIG_I: Configured from console by console
Rack1R2#show ip ospf database | begin  Area 51
                Router Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum Link count
150.1.2.2       150.1.2.2       239         0x80000003 0x003AF9 1
192.10.1.254    192.10.1.254    195         0x80000003 0x00E61D 1

                Net Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum
192.10.1.254    192.10.1.254    195         0x80000002 0x0091AB

                Summary Net Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum
150.1.1.1       150.1.2.2       716         0x80000001 0x008B09
150.1.2.2       150.1.2.2       856         0x80000001 0x004ABA
150.1.3.3       150.1.2.2       837         0x80000001 0x00DFF0
150.1.4.4       150.1.2.2       804         0x80000001 0x004C42
150.1.5.5       150.1.2.2       3600        0x80000002 0x00FEFF
150.1.6.6       150.1.2.2       774         0x80000001 0x002C5D
150.1.7.0       150.1.2.2       239         0x80000003 0x006328
150.1.8.0       150.1.2.2       239         0x80000002 0x00CEFD
150.1.9.0       150.1.2.2       239         0x80000003 0x005731


applying the filter on R2

Rack1R2(config)#ip prefix-list R5_LOOPBACK deny 150.1.5.5/32             
Rack1R2(config)#ip prefix-list R5_LOOPBACK permit 0.0.0.0/0 le 32
Rack1R2(config)#router ospf 1
Rack1R2(config-router)#area 51 filter-list prefix R5_LOOPBACK in

verification

Rack1R2#show ip ospf database | begin  Area 51
                Router Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum Link count
150.1.2.2       150.1.2.2       263         0x80000003 0x003AF9 1
192.10.1.254    192.10.1.254    219         0x80000003 0x00E61D 1

                Net Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum
192.10.1.254    192.10.1.254    219         0x80000002 0x0091AB

                Summary Net Link States (Area 51)

Link ID         ADV Router      Age         Seq#       Checksum
150.1.1.1       150.1.2.2       740         0x80000001 0x008B09
150.1.2.2       150.1.2.2       880         0x80000001 0x004ABA
150.1.3.3       150.1.2.2       861         0x80000001 0x00DFF0
150.1.4.4       150.1.2.2       828         0x80000001 0x004C42
150.1.6.6       150.1.2.2       798         0x80000001 0x002C5D
150.1.7.0       150.1.2.2       263         0x80000003 0x006328
150.1.8.0       150.1.2.2       263         0x80000002 0x00CEFD
150.1.9.0       150.1.2.2       263         0x80000003 0x005731
150.1.10.0      150.1.2.2       263         0x80000002 0x00999A

Rack1R2#show ip ospf database | begin  Area 5
                Router Link States (Area 5)

Link ID         ADV Router      Age         Seq#       Checksum Link count
150.1.2.2       150.1.2.2       1707        0x80000004 0x00B5C4 2
150.1.3.3       150.1.3.3       1708        0x80000002 0x00F5E3 2

                Summary Net Link States (Area 5)

Link ID         ADV Router      Age         Seq#       Checksum
150.1.1.1       150.1.2.2       755         0x80000001 0x008B09
150.1.1.1       150.1.3.3       756         0x80000001 0x00572D
150.1.2.2       150.1.2.2       894         0x80000001 0x004ABA
150.1.3.3       150.1.3.3       877         0x80000001 0x0028D8
150.1.4.4       150.1.2.2       843         0x80000001 0x004C42
150.1.4.4       150.1.3.3       844         0x80000001 0x001866
150.1.5.5       150.1.2.2       1040        0x80000001 0x00B517
150.1.5.5       150.1.3.3       1040        0x80000001 0x00803C
150.1.6.6       150.1.2.2       813         0x80000001 0x002C5D
150.1.6.6       150.1.3.3       813         0x80000001 0x00F781
150.1.7.0       150.1.2.2       278         0x80000003 0x006328
150.1.7.0       150.1.3.3       1666        0x80000001 0x004EC5
150.1.8.0       150.1.2.2       278         0x80000002 0x00CEFD
150.1.8.0       150.1.3.3       1628        0x80000001 0x009B22
150.1.9.0       150.1.2.2       278         0x80000003 0x005731
150.1.9.0       150.1.3.3       1668        0x80000001 0x0042CE
150.1.10.0      150.1.2.2       280         0x80000002 0x00999A
150.1.10.0      150.1.3.3       1630        0x80000001 0x0067BD
155.1.0.1       150.1.2.2       280         0x80000002 0x004947
155.1.0.1       150.1.3.3       1630        0x80000001 0x00176A
155.1.0.2       150.1.2.2       280         0x80000002 0x0013EE
155.1.0.3       150.1.3.3       1711        0x80000001 0x00FD02
155.1.0.4       150.1.2.2       280         0x80000002 0x002B62
155.1.0.4       150.1.3.3       1630        0x80000001 0x00F885
155.1.0.5       150.1.2.2       280         0x80000002 0x009F2D
155.1.0.5       150.1.3.3       1630        0x80000001 0x006C51
155.1.5.0       150.1.2.2       280         0x80000002 0x00A427
155.1.5.0       150.1.3.3       1630        0x80000001 0x00714B
155.1.7.0       150.1.2.2       280         0x80000003 0x002264
155.1.7.0       150.1.3.3       1668        0x80000001 0x000D02
155.1.8.0       150.1.2.2       280         0x80000002 0x00A00D
155.1.8.0       150.1.3.3       1630        0x80000001 0x006E30
155.1.9.0       150.1.2.2       280         0x80000003 0x00166D
155.1.9.0       150.1.3.3       1668        0x80000001 0x00010B
155.1.13.0      150.1.3.3       1711        0x80000001 0x000FA6
155.1.37.0      150.1.2.2       280         0x80000003 0x00D691
155.1.37.0      150.1.3.3       1711        0x80000001 0x00B73A

@ R5

Rack1R5#show ip route | inc 150.1.10.0|155.1.108.0
O       155.1.108.0/24 [110/151] via 155.1.58.8, 00:03:31, FastEthernet0/0
O       150.1.10.0/24 [110/152] via 155.1.58.8, 00:03:31, FastEthernet0/0

applying filter on R5

Rack1R5(config)#ip prefix-list AREA_3_ROUTES deny 155.1.108.0/24
Rack1R5(config)#ip prefix-list AREA_3_ROUTES deny 150.1.10.0/24
Rack1R5(config)#ip prefix-list AREA_3_ROUTES permit 0.0.0.0/0 le 32
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#area 3 filter-list prefix AREA_3_ROUTES out
Rack1R5(config-router)#end

verification:

Rack1R3#show ip route | inc 150.1.10.0|155.1.108.0

note:

Area 0 have type-5 external LSA 10.10.10.10/32 installed in the database, but not in the routing table, the problem is related to a lookup failure on the forward address 150.1.10.10 which was filtered out at R5.

Rack1R3#show ip ospf database external 10.10.10.10

            OSPF Router with ID (150.1.3.3) (Process ID 1)

                Type-5 AS External Link States

  LS age: 933
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.10.10 (External Network Number )
  Advertising Router: 150.1.5.5
  LS Seq Number: 80000003
  Checksum: 0x1514
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 150.1.10.10
        External Route Tag: 0


Rack1R3#show ip route 10.10.10.10
% Network not in table
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)