OSPF Ninja Filtering — Area Range
- By Joe Astorino
- June 8, 2011
- 3 Comments
Today I am going to show you guys a subtle way to accomplish OSPF inter-area filtering. The more traditional way to do OSPF inter-area filtering is to use the area filter-list command. With the area filter-list command, you call a prefix-list that matches networks you want to allow/deny into or out of a particular OSPF area. You implement this on an ABR. Today we will look at a more “under the radar” way to accomplish the same thing
Another way we can accomplish this is by using summarization on our ABR with a certain little well-known command switch. Let’s look at the diagram:
We have a simple setup here with two OSPF areas — the backbone area 0 between R4 and R5 and area 25 between R2 and R5. First, let’s add a loopback 2.2.2.2/32 to R2 and advertise it into OSPF
R2(config-if)#ip add 2.2.2.2 255.255.255.255 R2(config-if)#router ospf 1 R2(config-router)#network 2.2.2.2 0.0.0.0 area 25
Let’s make sure we can see this on R4
R4>show ip route ospf 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/129] via 192.168.45.5, 00:00:37, Serial0/0 O IA 192.168.25.0/24 [110/128] via 192.168.45.5, 00:02:51, Serial0/0
Good! We have our routes. Now, let’s say that for whatever reason we want the point-to-point subnet 192.168.25.0/24 to show up on R4, but we don’t want to see R2’s loopback. Normally, we could implement an area filter-list on R5 to accomplish this. However, this blog is about ninja filtering. It’s always good to know an alternate way to do something, and in some cases just a flat out strange way! This is especially true if you are studying for the CCIE lab exam. We will accomplish this goal using summarization.
Normally, we can summarize an OSPF area on the ABR by using the area range command on the ABR. Using proper summarization techniques helps keep LSDB and routing tables smaller and more efficient through the OSPF domain. It also helps keep routing updates to a minimum. For example, say that in area 25 we had 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24. On R5 we could configure area 25 range 10.0.0.0 255.255.252.0. At that point, R5 would advertise a single summary type 3 LSA into the backbone instead of four individual routes.
Now…how can we use this to accomplish our goal of not letting 2.2.2.2/32 into area 0? Always know all your options!!! Let’s take a look
R2(config-router)#area 25 range 2.2.2.2 255.255.255.255 ? advertise Advertise this range (default) cost User specified metric for this range not-advertise DoNotAdvertise this range
The key here is the not-advertise option. What this does is pretty self-explanatory. What it does is it prevents the ABR from injecting a type 3 summary LSA into the backbone AND it prevents the more specific routes from going into the backbone as well. So essentially, it hides networks within an area. Let’s try it.
R5(config-router)#area 25 range 2.2.2.2 255.255.255.255 not-advertise
Now, let’s look at R5. We should NOT see a summary LSA as part of area 0 for 2.2.2.2.
R5#show ip ospf database summary OSPF Router with ID (5.5.5.5) (Process ID 1) Summary Net Link States (Area 0) LS age: 1798 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 192.168.25.0 (summary Network Number) Advertising Router: 5.5.5.5 LS Seq Number: 80000001 Checksum: 0xAFB6 Length: 28 Network Mask: /24 TOS: 0 Metric: 64 Summary Net Link States (Area 25) LS age: 1798 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 192.168.45.0 (summary Network Number) Advertising Router: 5.5.5.5 LS Seq Number: 80000001 Checksum: 0xD27F Length: 28 Network Mask: /24 TOS: 0 Metric: 64
If we were not filtering the 2.2.2.2/32 we would see a type 3 summary LSA here in area 0 for it, but we don’t. It worked!
Now, let’s check our routing table on R4 to make sure it worked
R4>show ip route ospf O IA 192.168.25.0/24 [110/128] via 192.168.45.5, 00:25:44, Serial0/0
Booya…no 2.2.2.2/32 route! That about does it. Keep in mind that using the area range command to summarize a single /32 doesn’t really make any sense. It’s just about learning what you can do. In the real world maybe you did have those four /24 networks that you could summarize into a /22. Maybe you didn’t want the rest of the OSPF domain to reach that entire area block. In that case you would simply say something like “area 25 range 10.0.0.0 255.255.252.0 not-advertise”. That may be a bit more practical example.
Thanks Joe, this is good to know!
Nice and straight article dude! Thanks!
Good one, Keep rocking..