Filtering ospf external routes between areas

Unanswered Question
Aug 12th, 2008

I have a simple OSPF setup with Areas 1 & 0. One of the internal routers in Area 1 advertise a default route using "default-information originate....." command.

My question is how do I prevent this default route (which appears as type E2 within Area 1) from being propagated into Area 0? There are several routers in Area 0, so using "distribute-list in" command on every Area 0 router is not an option.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
4rmorris Tue, 08/12/2008 - 16:42

Check out this feature: OSPF ABR Type 3 LSA Filtering

This feature is designed to filter routes between areas at ABRs.

You need a prefix list to match the default route:

ip prefix-list DEFAULT seq 10 permit

And this line in your ospf config:

area 1 filter-list prefix DEFAULT out

I haven't tested it with E2 routes, but it should work.

Good luck,


amazumde Tue, 08/12/2008 - 16:46

I tried it out and unfortunately that only works with LSA Type 3 and not external routes (Type 5).

sdoremus33 Tue, 08/12/2008 - 17:31

Try this at your router


configure terminal

router ospf process-id

area area-id nssa translate type7 suppress-fa end

amazumde Tue, 08/12/2008 - 18:54

Well, my area 1 is not NSSA. Will it work in that case?

rajivrajan1 Wed, 08/13/2008 - 06:04


Im not very sure about the below suggestion.

Can u try a distribute-list out in the originating router as cisco claims it works for external routes ?

Let me know if this sugession is stupid one.

amazumde Wed, 08/13/2008 - 06:09

Doing anything on the originating router will not work as the default route needs to be propagated to all routers inside Area 1 (where it originated). The requirement is to block it from getting advertised to Area 0 and other areas.

Marwan ALshawi Wed, 08/13/2008 - 06:35

hi Ryan

i am wondring why u put permit in the prefix list that match the

while he wants to deny it ?

thanks in advance

Marwan ALshawi Wed, 08/13/2008 - 06:32

put the folowing command on each router in area 1 has interface connected to area 0

distribute-list prefix prefix-list-name out interface-type interface-number

where the interface represent the physical interface with erea 0 router

for eample

if u connected through interface serial 0/1

router ofspf 1

distribute-list prefix filter-ospf2 out Serial0/1

ip prefix-list filter-ospf2 seq 15 deny

should be fine

tdrais Wed, 08/13/2008 - 07:10

Would be nice if distribution lists worked this way for OSPF but all they do is prevent routes from being created from the lsa entries they do not affect the LSA advertisements themselves. Even if you can configure a outbound distribution list it will not have any effect.

The case Ryan is using is a prefix list filter on a area not a distribution list. Unfortunately default route is almost always a type 5 or type 7 so it will have no effect.

I have a similar issue and was hoping someone has a alternative the inbound distribution lists on multiple routers.

amazumde Wed, 08/13/2008 - 08:01

Very correct Tim. No distribution list will prevent a Type 5 LSA from being flooded throughout the OSPF network.

Giuseppe Larosa Wed, 08/13/2008 - 09:03

Hello Tim,

in a case like this I would start to think to use two ospf processes at the current ABRs (0,1) and then filter the default route when redistributing edge ospf process into core ospf process.

It is a little more complex but you do it on one or two routers: all routers in area 0 and other areas are untouched.

Or I would consider to make area 1 an NSSA area and to avoid to advertise the prefix at ABRs(1,0) by setting no-propagate on the ASBR that generates the default route.

Otherwise you need to filter on all routers in all areas except area 1.

Is this manageable on the long term ?

Hope to help


amazumde Wed, 08/13/2008 - 09:27

Hmm...NSSA may not work for Area 1 as it needs to receive external routes from Area 0.

Filtering on all routers is theoretically possible but impractical for a large network.

So it looks like there is no way you can filter Type 5 LSAs between areas (on an ABR) expect on a router by router basis. Am I thinking correctly?

This is kind of a thumbs down for OSPF, but in the current situation, I guess I will work around with configuring static default routes on Area 1 routers.

tdrais Wed, 08/13/2008 - 10:17

NSSA you have a chance to do this in a very narrow case. I did not post it before because it is a bad thing to do.

The key is that a ABR router will not translate type 7 to type 5 and distribute them into area 0 if the P bit is not set. The P will not be set if the asbr router that creates the type 7 is also a ABR router. This is in theory because this router has already translated from 7 to 5 and so nobody else in the NSSA should.

The trick is to add a second area "not zero" to a ASBR router. This makes it a ABR router but since it really doen't have a connection to area 0 it didn't really do the type 7 to 5 conversion even though it is telling everyone else it did by clearing the p bit.

You now have external routes that do not leave a area but you set yourself up for a bunch of other ponetial issues.

Not that I would ever recommends this but I have had it happen by accident.


This Discussion