Recently i have read an article on "OSPF Distribution List". There it is mentioned the details about Distribution List that "Since OSPF is Link state nature and want to know the link state status of all the router, even when the distribution list are applied, it will take the data into the LSDB. But it will not put it in Routing Table"
Also it is mentioned that Distribution List cannot be applied in "OUT" direction in OSPF.
I am surprised why the Distribution List cannot be applied in OUT direction
Can you please explain
Hello R.B. Kumar,
the link state nature implies flooding of OSPF data structures unconditionally inside each OSPF area.
So it can be seen as not available outbound filtering already in theory.
Be aware that if there are other routers behind the ones that had the inbound distribution list these routers will receive the filtered IP subnets and will install them in their IP routing table.
The right tool in OSPF is:
area filter-list command on ABR
Hope to help
Thanks for your response.
But how to block the outbound Route advertisement from OSPF Router.? Because you are saying outbound filtering is not available in OSPF
Hi R.B. Kumar,
Just to make a small addition to Giuseppe's post:
The shortest path tree (SPT) algorithm requires that OSPF routers be aware of the whole topology within an area, and the OSPF databases must be identical on all routers within the area.
This is why this restriction exists: distribute-lists cannot be used in the outbound direction. So the routers are required to flood all known LSAs within the area.
However, you can use distribute-lists in the inbound direction.
Be aware that this will not change the contents of the local OSPF database. All the LSAs will still be there.
But: the filtered routes will not be put into the local routing table.
Thanks for your reply too.
You are saying "restriction exists: distribute-lists cannot be used in the outbound direction. So the routers are required to flood all known LSAs within the area."
So, For example let us assume Router A and Router B are peer. My intention is to block certain routes from Router A and B viceversa. For Router A i have not configured Distribution list in Inbound direction. For Router B I have configured distribution list in Inbound Direction.
Wouldn't this Inbound distribution list block LSA as you said.
What will happen if i apply the distribution list in both the Routers in Outbound Direction
The use of distribute-list in/out is to block network routes not LSAs.
When you invoke a distribute-list out on a router toward another OSPF router, the route is blocked but the LSA information remains intact. When the receiving router checks its own OSPF database, and the LSA passes the validity test, that LSA is brought to the routing table.
If you want to filter LSAs, there are ways - but not in the same area. You can implement Type3 LSA Filtering, please refer to the documentation:
My intention is to block the Routing and not the LSA.
If distribute-list out on a router toward another OSPF router, you are saying route is blocked and LSA is advertised.
I think the same logic applies to distribute-list in too. Am i correct?
So shall we presume that distribute list with in an area is useless
With the distribute-list in the LSA isn't brought into the router's routing table as if fails the validity test.
Here are some of the scenarios when a route exists in the OSPF database but not in the routing table:
The distribute-list in/out in the case of OSPF is in the OSPF FAQs:
1. "distribute-list in command only filters routes from entering the routing table; it does not prevent link-state packets from being propagated"
2. "distribute-list out works only on the routes being redistributed by the Autonomous System Boundary Routers (ASBRs) into OSPF. It can be applied to external type 2 and external type 1 routes, but not to intra-area and interarea routes."
Behavior for "distribute-list in" has been described I think. As for the "out" direction, if you have a router that is redistributing some other "routing protocol" (lets say static, though not strictly a protocol) into OSPF, you can filter some of the resulting externals using "distribute-list out" ONLY on the originating ASBR (that is the router who is redistributing the routes). The case of externals is special, since they are considered residing outside the OSPF domain, but after they are flooded in, they are inside :-)
p.s. I have not used "distribute-list in" since we had no reason to do something like that, but "distribute-list out" I have seen in action and is not considered dangerous I think (is highly controlled at the originating ASBR and helps avoid redistributing connected, statics and others you do not intend to into the OSPF domain).
Hello R.B Kumar,
>> My intention is to block the Routing and not the LSA.
you can apply the same distribute-list in on all routers in the area but this is something that isn't easy to manage:
any future change has to be implemented on all routers failing to do so will cause routing issues.
OSPF requires a careful design to be able to get fine routing control.
So an OSPF multi-area domain is recommended for being able to achieve the desired route filtering control as explained in several previous posts with useful links.
Hope to help
Instead of using the distribute-list to filter routes being redistributed, why not just do the work in a route-map in the redistributin command? What benefit does the distribute-list out bring to redistribution into OSPF that you cannot already do with the redistribution route map?