×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

OSPF Filtering on ABR using Distribute List and its behavior

Answered Question
Feb 20th, 2014
User Badges:

Hello! My name is Ahmed & ive got a real problem with OSPF behavior using Distribute list!


What happens is that Distribute-list filters routes from coming into the routing table and can be applied on any type of LSA ! ok great!


But When i do this filtering on an ABR for LSA Type 3 routes then! Something really odd happens ! Now it is really really Obvious that LSA type 3 is


coming from another ABR located somewhere in Area 0 ! . . .so when i apply a distribute list then the route gets filtered from the routing table but not from


Area 0 Database Ok! fair enough! ..BUT....That ABR dosent advertise that route to ANY of its other connected AREA's which we technically call DOWN


STREAM AREA's  ! and its not even in their database! HOW?? HOW does this happen??? can someone Explain this! ??


See attachment please That will make you guys unserstand


Regards


Ahmed Mukhtar

Correct Answer by JohnTylerPearce about 3 years 5 months ago

This should help you out.



LSA type 3. Now this type is a bit tricky and brings in a lot of confusion. It is generated by an ABR to tell the routers in one area about the network in another area. Essentially, the router “pretends” like all the “foreign” networks are attached to it. From a topological perspective, this is true, because areas never know anything about another area’s topology – this information is lost when crossing the area boundaries. How are Type 3 LSAs generated? First of all, keep in mind that OSPF generates those by walking the main routing table, not the LSDB. This is per RFC 2328 clause 12.4.3 and in full accordance with distance-vector protocol behavior. Every route in the table has additional OSPF information associated with it, such as area number, route-type (intra-area, inter-area, external) next hop, and so on.


1) The ABR goes over the network reachability information in the RIB associated with intra-are routes for the particular area X and summarizes them honoring the area X range command settings. This results in Type-3 LSAs being generated and advertised into all other areas. Pay attention to the following important things:


1.1) Only intra-area routes are summarized. You cannot summarize inter-ara routes installed by processing type-3 LSAs learned from Area 0. Those will generate new type-3 LSAs in the ABR and will propagated them into non-backbone areas unmodified.


1.2) The intra-area routes are summarized PRIOR to applying the distribute-list filter and blocking the routes from entering the RIB. This is needed to allow for generation of a summary route, even if you don’t want the specific prefixes in the local RIB and calculate the correct metric if needed. Thus, even though OSPF walks over the RIB to gather the intra-area prefixes for summarization, it does so BEFORE applying the filter. The ultimate goal is making summarization the highest priority task, in order to increase network stability.


1.3) The OSPF metric for the summarized route is taken as the minimal among all intra-area routes. To ensure better routing stability, it is usually recommended setting the metric manually, to prevent LSA re-flooding in case some component route flaps and affects the summary metric.

2) Now, for dealing with the inter-area routes learned by the ARB, first of all, keep in mind that an ABR ONLY accepts and processes type-3 LSAs received from the backbone area. This is the well-know loop prevention mechanism built into OSPF, since OSPF behaves as a distance-vector protocol when dealing with inter-area routing information. This is a short description of how an ABR processes type-3 LSAs:


2.1) Ignore the type-3 LSA if it is NOT from the backbone area (prevents routing loops).


2.2) Walk over the inter-area routes learned via Area 0 in the RIB and generate respective type-3 LSAs which are flooded into the attached non-backbone areas. Thus, LSAs are effectively being re-generated based on the RIB contents.



You can see all of this through the following links.


http://blog.ine.com/2009/08/17/ospf-route-filtering-demystified/

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JohnTylerPearce Thu, 02/20/2014 - 07:01
User Badges:
  • Silver, 250 points or more

So, I bet what is happening is that, when you advertise that loopback network 60.6.6.0/24, within Area 4, it's advetised as LSA Type 1 (Router LSA). So on R3, when it creates LSA Type 3 for Area 0, it will look at its RIB, and see that Loopback, it will create a LSA Type 3, and push it into OSPF Area 0.


When this LSA Type 3 gets to R1, where you have your distribute-list configured, it's not allowing this route to be installed within the RIB, but obviously it will be installed in the OSPF LSDB.


Now, when R1, looks in its RIB, to create LSA Type 3's for its downstream Areas (Area 2 and 3) it doesn't not have this in its RIB and is unable to create a LSA Type3 for this network.


I believe this is what's happening.

Ahmed Mukhtar Thu, 02/20/2014 - 07:39
User Badges:

John Tayler Thank You But here is the catch! I had that exact same thought at first! but This only and ONLY happens with


LSA type 3 routes...Not with any other LSA routes ! and thats what confuses me! why Only LSA type 3?? why not Type 1?


why not type 2 or Type 5! ?? U can try this out...ive tried it all and dont understand that why only LSA 3 !!

JohnTylerPearce Thu, 02/20/2014 - 08:02
User Badges:
  • Silver, 250 points or more

Well you have to understand how OSPF floods the specfic LSA Types


LSA Type 1 (Router LSAs) are flooded within it's own area only, it does not go to any other area.

LSA Type 3 (Summary LSAs) are flooded by ABRs. These are created by looking at the RIB, and created LSA Type 3's from this.

LSA Type 5 (External LSAs) are flloded by ASBRs.


You will not be able to prevent LSA Type 1 and or LSA Type 2 from being in the OSPF LSDB. You could prevent them from showing up on the RIB(local to the router), but it will still be in the LSDB. This is normal operation for OSPF. This goes with Type 2 as well.

Ahmed Mukhtar Thu, 02/20/2014 - 08:25
User Badges:

Hey Tyler ! Thanks for replying but i know how all of this works and thats why iam confused...ok let me put it in a better way so that itseasy for you to understand..


Lets consult the diagram again...


Lets say on R3 i advertise a loopback 0 say 33.3.3.0/24 into AREA 0 ! ok so this will show up at R1 as a LSA Type 1..


and Router's in AREA 2 & 3 are getting this route as a LSA type 3 right


Now....if i use an access list to deny 33.3.3.0/24 and apply a distribut list in router ospf process then....33.3.3.0/24 will Not Show up in RIB but will show up in the LSD of AREA 0 right? Now AREA 2 & 3 WILL get the route 33.3.3.0/24 in their RIB and Obviously the LSD.....(even though they wont be able to reach it bcz its not in RIB of R1)


But if R6 originates the route say 60.6.6.0/24 it will get to R1 as a LSA type 3 OK? 


Now..


if i block it using a distribute list then none of the down stream areas get it (which in this example are AREA 2 & 3)


So the moral of the story is WHY the behaviour of Distribute-List Changes when Type 3 LSA is being denied???

JohnTylerPearce Thu, 02/20/2014 - 08:31
User Badges:
  • Silver, 250 points or more

Admed,


You can also do the 'area filter-list' command


Command Reference

This section documents the area filter-list command that configures the OSPF ABR Type 3 LSA Filtering feature. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

area filter-list

To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an area border router (ABR), use the area filter-list command. To change or cancel the filter, use the no form of this command.

area {area-id} filter-list prefix {prefix-list-name in | out}

no area {area-id} filter-list prefix {prefix-list-name in | out}

Syntax Description

area-id

Identifier of the area for which filtering is configured. The identifier can be specified as either a decimal value or an IP address.

prefix

Indicates that a prefix list is used.

prefix-list-name

Name of a prefix list.

in

Prefix-list applied to prefixes advertised to the specified area from other areas

out

Prefix-list applied to prefixes advertised out of the specified area to other areas

Ahmed Mukhtar Thu, 02/20/2014 - 08:35
User Badges:

John i know How the filter-lists Work...I just dont understand the odd behaviour of Distribute list in terms of Lsa type 3 on ABR router

Correct Answer
JohnTylerPearce Thu, 02/20/2014 - 09:20
User Badges:
  • Silver, 250 points or more

This should help you out.



LSA type 3. Now this type is a bit tricky and brings in a lot of confusion. It is generated by an ABR to tell the routers in one area about the network in another area. Essentially, the router “pretends” like all the “foreign” networks are attached to it. From a topological perspective, this is true, because areas never know anything about another area’s topology – this information is lost when crossing the area boundaries. How are Type 3 LSAs generated? First of all, keep in mind that OSPF generates those by walking the main routing table, not the LSDB. This is per RFC 2328 clause 12.4.3 and in full accordance with distance-vector protocol behavior. Every route in the table has additional OSPF information associated with it, such as area number, route-type (intra-area, inter-area, external) next hop, and so on.


1) The ABR goes over the network reachability information in the RIB associated with intra-are routes for the particular area X and summarizes them honoring the area X range command settings. This results in Type-3 LSAs being generated and advertised into all other areas. Pay attention to the following important things:


1.1) Only intra-area routes are summarized. You cannot summarize inter-ara routes installed by processing type-3 LSAs learned from Area 0. Those will generate new type-3 LSAs in the ABR and will propagated them into non-backbone areas unmodified.


1.2) The intra-area routes are summarized PRIOR to applying the distribute-list filter and blocking the routes from entering the RIB. This is needed to allow for generation of a summary route, even if you don’t want the specific prefixes in the local RIB and calculate the correct metric if needed. Thus, even though OSPF walks over the RIB to gather the intra-area prefixes for summarization, it does so BEFORE applying the filter. The ultimate goal is making summarization the highest priority task, in order to increase network stability.


1.3) The OSPF metric for the summarized route is taken as the minimal among all intra-area routes. To ensure better routing stability, it is usually recommended setting the metric manually, to prevent LSA re-flooding in case some component route flaps and affects the summary metric.

2) Now, for dealing with the inter-area routes learned by the ARB, first of all, keep in mind that an ABR ONLY accepts and processes type-3 LSAs received from the backbone area. This is the well-know loop prevention mechanism built into OSPF, since OSPF behaves as a distance-vector protocol when dealing with inter-area routing information. This is a short description of how an ABR processes type-3 LSAs:


2.1) Ignore the type-3 LSA if it is NOT from the backbone area (prevents routing loops).


2.2) Walk over the inter-area routes learned via Area 0 in the RIB and generate respective type-3 LSAs which are flooded into the attached non-backbone areas. Thus, LSAs are effectively being re-generated based on the RIB contents.



You can see all of this through the following links.


http://blog.ine.com/2009/08/17/ospf-route-filtering-demystified/

Ahmed Mukhtar Fri, 02/21/2014 - 00:30
User Badges:

THANK YOU John Tyler!!


This blog did the trick! and to summerirze the discussion here are some key concepts!



1) In the case of intra-area routes, RIB filters are applied after the type-3 LSAs are generated (intra-area routes are summarizable).


2) In the case of inter-area routes, RIB filters are applied prior to type-3 LSA generation (inter-area routes are not summarizable).


Regards


Ahmed Mukhtar

Actions

This Discussion