OSPF Ninja Filtering — Area Range

Today I am going to show you guys a subtle way to accomplish OSPF inter-area filtering. The more traditional way to do OSPF inter-area filtering is to use the area filter-list command. With the area filter-list command, you call a prefix-list that matches networks you want to allow/deny into or out of a particular OSPF area. You implement this on an ABR. Today we will look at a more “under the radar” way to accomplish the same thing

Another way we can accomplish this is by using summarization on our ABR with a certain little well-known command switch. Let’s look at the diagram:

We have a simple setup here with two OSPF areas — the backbone area 0 between R4 and R5 and area 25 between R2 and R5. First, let’s add a loopback 2.2.2.2/32 to R2 and advertise it into OSPF

R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#router ospf 1
R2(config-router)#network 2.2.2.2 0.0.0.0 area 25

Let’s make sure we can see this on R4

R4>show ip route ospf
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/129] via 192.168.45.5, 00:00:37, Serial0/0
O IA 192.168.25.0/24 [110/128] via 192.168.45.5, 00:02:51, Serial0/0

Good! We have our routes. Now, let’s say that for whatever reason we want the point-to-point subnet 192.168.25.0/24 to show up on R4, but we don’t want to see R2’s loopback. Normally, we could implement an area filter-list on R5 to accomplish this. However, this blog is about ninja filtering. It’s always good to know an alternate way to do something, and in some cases just a flat out strange way! This is especially true if you are studying for the CCIE lab exam. We will accomplish this goal using summarization.

Normally, we can summarize an OSPF area on the ABR by using the area range command on the ABR. Using proper summarization techniques helps keep LSDB and routing tables smaller and more efficient through the OSPF domain. It also helps keep routing updates to a minimum. For example, say that in area 25 we had 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24. On R5 we could configure area 25 range 10.0.0.0 255.255.252.0. At that point, R5 would advertise a single summary type 3 LSA into the backbone instead of four individual routes.

Now…how can we use this to accomplish our goal of not letting 2.2.2.2/32 into area 0? Always know all your options!!! Let’s take a look

R2(config-router)#area 25 range 2.2.2.2 255.255.255.255 ?
  advertise      Advertise this range (default)
  cost           User specified metric for this range
  not-advertise  DoNotAdvertise this range

The key here is the not-advertise option. What this does is pretty self-explanatory. What it does is it prevents the ABR from injecting a type 3 summary LSA into the backbone AND it prevents the more specific routes from going into the backbone as well. So essentially, it hides networks within an area. Let’s try it.

R5(config-router)#area 25 range 2.2.2.2 255.255.255.255 not-advertise

Now, let’s look at R5. We should NOT see a summary LSA as part of area 0 for 2.2.2.2.

R5#show ip ospf database summary

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  LS age: 1798
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 192.168.25.0 (summary Network Number)
  Advertising Router: 5.5.5.5
  LS Seq Number: 80000001
  Checksum: 0xAFB6
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 64


                Summary Net Link States (Area 25)

  LS age: 1798
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 192.168.45.0 (summary Network Number)
  Advertising Router: 5.5.5.5
  LS Seq Number: 80000001
  Checksum: 0xD27F
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 64

If we were not filtering the 2.2.2.2/32 we would see a type 3 summary LSA here in area 0 for it, but we don’t. It worked!

Now, let’s check our routing table on R4 to make sure it worked

R4>show ip route ospf
O IA 192.168.25.0/24 [110/128] via 192.168.45.5, 00:25:44, Serial0/0

Booya…no 2.2.2.2/32 route! That about does it. Keep in mind that using the area range command to summarize a single /32 doesn’t really make any sense. It’s just about learning what you can do. In the real world maybe you did have those four /24 networks that you could summarize into a /22. Maybe you didn’t want the rest of the OSPF domain to reach that entire area block. In that case you would simply say something like “area 25 range 10.0.0.0 255.255.252.0 not-advertise”. That may be a bit more practical example.

Tags: area range, area range not-advertise, ccie, CCNP, Cisco, filtering, ninja filtering, not-advertise, ospf

3 Comments

Marc Abel says:

June 10, 2011 at 11:59 am

Thanks Joe, this is good to know!

Reply
Vinny says:

August 8, 2014 at 9:35 am

Nice and straight article dude! Thanks!

Reply
Suresh says:

March 7, 2015 at 3:06 pm

Good one, Keep rocking..

Reply