Intra-area filtering can be accomplished in OSPF with an inbound distribute-list, filtering only affects the local routing table not the OSPFdatabase.
Note: when implementing this it can result traffic black holes, ensure that all routers still agree on the forwarding paths in the network.
pre-verification:
Rack1R5#show ip route | inc 150.
150.1.0.0/16 is variably subnetted, 10 subnets, 2 masks
O IA 150.1.7.0/24 [110/67] via 155.1.0.1, 00:05:53, Serial0/0
C 150.1.5.0/24 is directly connected, Loopback0
O IA 150.1.6.6/32 [110/66] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.4.4/32 [110/65] via 155.1.45.4, 00:05:53, Serial0/1
O 150.1.3.3/32 [110/65] via 155.1.0.3, 00:05:53, Serial0/0
O 150.1.2.2/32 [110/65] via 155.1.0.2, 00:05:53, Serial0/0
O 150.1.1.1/32 [110/65] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.10.0/24 [110/152] via 155.1.58.8, 00:07:41, FastEthernet0/0
O IA 150.1.9.0/24 [110/68] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.8.0/24 [110/2] via 155.1.58.8, 00:07:41, FastEthernet0/0
150.1.0.0/16 is variably subnetted, 10 subnets, 2 masks
O IA 150.1.7.0/24 [110/67] via 155.1.0.1, 00:05:53, Serial0/0
C 150.1.5.0/24 is directly connected, Loopback0
O IA 150.1.6.6/32 [110/66] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.4.4/32 [110/65] via 155.1.45.4, 00:05:53, Serial0/1
O 150.1.3.3/32 [110/65] via 155.1.0.3, 00:05:53, Serial0/0
O 150.1.2.2/32 [110/65] via 155.1.0.2, 00:05:53, Serial0/0
O 150.1.1.1/32 [110/65] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.10.0/24 [110/152] via 155.1.58.8, 00:07:41, FastEthernet0/0
O IA 150.1.9.0/24 [110/68] via 155.1.0.1, 00:05:53, Serial0/0
O 150.1.8.0/24 [110/2] via 155.1.58.8, 00:07:41, FastEthernet0/0
applying the distribute-list command on R5
Rack1R5(config)#access-list 1 deny 150.1.1.1
Rack1R5(config)#access-list 1 deny 150.1.2.2
Rack1R5(config)#access-list 1 permit any
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#distribute-list 1 in
Rack1R5(config)#access-list 1 deny 150.1.2.2
Rack1R5(config)#access-list 1 permit any
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#distribute-list 1 in
result: 150.1.1.1 and 150.1.2.2 is not installed in the routing table.
Rack1R5#show ip route | inc 150.
150.1.0.0/16 is variably subnetted, 8 subnets, 2 masks
O IA 150.1.7.0/24 [110/67] via 155.1.0.1, 00:00:08, Serial0/0
C 150.1.5.0/24 is directly connected, Loopback0
O IA 150.1.6.6/32 [110/66] via 155.1.0.1, 00:00:08, Serial0/0
O 150.1.4.4/32 [110/65] via 155.1.45.4, 00:00:08, Serial0/1
O 150.1.3.3/32 [110/65] via 155.1.0.3, 00:00:08, Serial0/0
O 150.1.10.0/24 [110/152] via 155.1.58.8, 00:00:08, FastEthernet0/0
O IA 150.1.9.0/24 [110/68] via 155.1.0.1, 00:00:08, Serial0/0
O 150.1.8.0/24 [110/2] via 155.1.58.8, 00:00:08, FastEthernet0/0
150.1.0.0/16 is variably subnetted, 8 subnets, 2 masks
O IA 150.1.7.0/24 [110/67] via 155.1.0.1, 00:00:08, Serial0/0
C 150.1.5.0/24 is directly connected, Loopback0
O IA 150.1.6.6/32 [110/66] via 155.1.0.1, 00:00:08, Serial0/0
O 150.1.4.4/32 [110/65] via 155.1.45.4, 00:00:08, Serial0/1
O 150.1.3.3/32 [110/65] via 155.1.0.3, 00:00:08, Serial0/0
O 150.1.10.0/24 [110/152] via 155.1.58.8, 00:00:08, FastEthernet0/0
O IA 150.1.9.0/24 [110/68] via 155.1.0.1, 00:00:08, Serial0/0
O 150.1.8.0/24 [110/2] via 155.1.58.8, 00:00:08, FastEthernet0/0
@ SW2, the route to 150.1.1.1 and 150.1.2.2 is in the routing table and ospf database, but unable to ping, this is due to at ABR R5 distribute-list filter.
Rack1SW2#show ip route 150.1.1.1
Routing entry for 150.1.1.1/32
Known via "ospf 1", distance 110, metric 95, type inter area
Last update from 155.1.58.5 on Vlan58, 00:00:45 ago
Routing Descriptor Blocks:
* 155.1.58.5, from 150.1.5.5, 00:00:45 ago, via Vlan58
Route metric is 95, traffic share count is 1
Rack1SW2#show ip route 150.1.2.2
Routing entry for 150.1.2.2/32
Known via "ospf 1", distance 110, metric 95, type inter area
Last update from 155.1.58.5 on Vlan58, 00:00:51 ago
Routing Descriptor Blocks:
* 155.1.58.5, from 150.1.5.5, 00:00:51 ago, via Vlan58
Route metric is 95, traffic share count is 1
Rack1SW2#show ip route 150.1.2.2
Routing entry for 150.1.2.2/32
Known via "ospf 1", distance 110, metric 95, type inter area
Last update from 155.1.58.5 on Vlan58, 00:01:22 ago
Routing Descriptor Blocks:
* 155.1.58.5, from 150.1.5.5, 00:01:22 ago, via Vlan58
Route metric is 95, traffic share count is 1
Rack1SW2#ping 150.1.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Rack1SW2(config)#access-list 1 deny 150.1.1.1
Rack1SW2(config)#access-list 1 deny 150.1.2.2
Rack1SW2(config)#access-list 1 permit any
Rack1SW2(config)#router ospf 1
Rack1SW2(config-router)# distribute-list 1 in
verifcation: the route is not in the routing table but inside the ospf database.
Rack1SW2#show ip route 150.1.1.1
% Subnet not in table
Rack1SW2#show ip route 150.1.2.2
% Subnet not in table
Rack1SW2#show ip ospf database summary 150.1.1.1
OSPF Router with ID (150.1.8.8) (Process ID 1)
Summary Net Link States (Area 3)
Routing Bit Set on this LSA
LS age: 1 (DoNotAge)
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 150.1.1.1 (summary Network Number)
Advertising Router: 150.1.5.5
LS Seq Number: 80000001
Checksum: 0x605A
Length: 28
Network Mask: /32
TOS: 0 Metric: 65
Rack1SW2#show ip ospf database summary 150.1.2.2
OSPF Router with ID (150.1.8.8) (Process ID 1)
Summary Net Link States (Area 3)
Routing Bit Set on this LSA
LS age: 1 (DoNotAge)
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 150.1.2.2 (summary Network Number)
Advertising Router: 150.1.5.5
LS Seq Number: 80000001
Checksum: 0x4B6D
Length: 28
Network Mask: /32
TOS: 0 Metric: 65
% Subnet not in table
Rack1SW2#show ip route 150.1.2.2
% Subnet not in table
Rack1SW2#show ip ospf database summary 150.1.1.1
OSPF Router with ID (150.1.8.8) (Process ID 1)
Summary Net Link States (Area 3)
Routing Bit Set on this LSA
LS age: 1 (DoNotAge)
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 150.1.1.1 (summary Network Number)
Advertising Router: 150.1.5.5
LS Seq Number: 80000001
Checksum: 0x605A
Length: 28
Network Mask: /32
TOS: 0 Metric: 65
Rack1SW2#show ip ospf database summary 150.1.2.2
OSPF Router with ID (150.1.8.8) (Process ID 1)
Summary Net Link States (Area 3)
Routing Bit Set on this LSA
LS age: 1 (DoNotAge)
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 150.1.2.2 (summary Network Number)
Advertising Router: 150.1.5.5
LS Seq Number: 80000001
Checksum: 0x4B6D
Length: 28
Network Mask: /32
TOS: 0 Metric: 65
Note: SW4 has similar result with SW2.
No comments:
Post a Comment