08-12-2008 02:03 PM - edited 03-03-2019 11:07 PM
I have a simple OSPF setup with Areas 1 & 0. One of the internal routers in Area 1 advertise a default route using "default-information originate....." command.
My question is how do I prevent this default route (which appears as type E2 within Area 1) from being propagated into Area 0? There are several routers in Area 0, so using "distribute-list in" command on every Area 0 router is not an option.
08-12-2008 04:42 PM
Check out this feature: OSPF ABR Type 3 LSA Filtering
This feature is designed to filter routes between areas at ABRs.
You need a prefix list to match the default route:
ip prefix-list DEFAULT seq 10 permit 0.0.0.0/0
And this line in your ospf config:
area 1 filter-list prefix DEFAULT out
I haven't tested it with E2 routes, but it should work.
Good luck,
Ryan
08-12-2008 04:46 PM
I tried it out and unfortunately that only works with LSA Type 3 and not external routes (Type 5).
08-12-2008 05:31 PM
Try this at your router
enable
configure terminal
router ospf process-id
area area-id nssa translate type7 suppress-fa end
08-12-2008 06:54 PM
Well, my area 1 is not NSSA. Will it work in that case?
08-13-2008 06:04 AM
Hi
Im not very sure about the below suggestion.
Can u try a distribute-list out in the originating router as cisco claims it works for external routes ?
Let me know if this sugession is stupid one.
08-13-2008 06:09 AM
Doing anything on the originating router will not work as the default route needs to be propagated to all routers inside Area 1 (where it originated). The requirement is to block it from getting advertised to Area 0 and other areas.
08-13-2008 06:35 AM
hi Ryan
i am wondring why u put permit in the prefix list that match the 0.0.0.0/0
while he wants to deny it ?
thanks in advance
08-13-2008 06:32 AM
put the folowing command on each router in area 1 has interface connected to area 0
distribute-list prefix prefix-list-name out interface-type interface-number
where the interface represent the physical interface with erea 0 router
for eample
if u connected through interface serial 0/1
router ofspf 1
distribute-list prefix filter-ospf2 out Serial0/1
ip prefix-list filter-ospf2 seq 15 deny 0.0.0.0/0
should be fine
08-13-2008 07:10 AM
Would be nice if distribution lists worked this way for OSPF but all they do is prevent routes from being created from the lsa entries they do not affect the LSA advertisements themselves. Even if you can configure a outbound distribution list it will not have any effect.
The case Ryan is using is a prefix list filter on a area not a distribution list. Unfortunately default route is almost always a type 5 or type 7 so it will have no effect.
I have a similar issue and was hoping someone has a alternative the inbound distribution lists on multiple routers.
08-13-2008 08:01 AM
Very correct Tim. No distribution list will prevent a Type 5 LSA from being flooded throughout the OSPF network.
08-13-2008 09:03 AM
Hello Tim,
in a case like this I would start to think to use two ospf processes at the current ABRs (0,1) and then filter the default route when redistributing edge ospf process into core ospf process.
It is a little more complex but you do it on one or two routers: all routers in area 0 and other areas are untouched.
Or I would consider to make area 1 an NSSA area and to avoid to advertise the prefix at ABRs(1,0) by setting no-propagate on the ASBR that generates the default route.
Otherwise you need to filter on all routers in all areas except area 1.
Is this manageable on the long term ?
Hope to help
Giuseppe
08-13-2008 09:27 AM
Hmm...NSSA may not work for Area 1 as it needs to receive external routes from Area 0.
Filtering on all routers is theoretically possible but impractical for a large network.
So it looks like there is no way you can filter Type 5 LSAs between areas (on an ABR) expect on a router by router basis. Am I thinking correctly?
This is kind of a thumbs down for OSPF, but in the current situation, I guess I will work around with configuring static default routes on Area 1 routers.
08-13-2008 10:17 AM
NSSA you have a chance to do this in a very narrow case. I did not post it before because it is a bad thing to do.
The key is that a ABR router will not translate type 7 to type 5 and distribute them into area 0 if the P bit is not set. The P will not be set if the asbr router that creates the type 7 is also a ABR router. This is in theory because this router has already translated from 7 to 5 and so nobody else in the NSSA should.
The trick is to add a second area "not zero" to a ASBR router. This makes it a ABR router but since it really doen't have a connection to area 0 it didn't really do the type 7 to 5 conversion even though it is telling everyone else it did by clearing the p bit.
You now have external routes that do not leave a area but you set yourself up for a bunch of other ponetial issues.
Not that I would ever recommends this but I have had it happen by accident.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide