Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1884
Views
15
Helpful
8
Replies

OSPF Route Filtering External Type5

Go to solution
nightshade2109
Level 1
Level 1

‎10-21-2014 12:11 PM - edited ‎03-05-2019 12:00 AM

Hi

I need some help i'm trying to figure out how to filter certain routes being advertised to neighbors, i'm banging my head against a wall here.

Below is an example of one of the routes i'm trying to stop advertising, I have tried ip prefix-lists and distribute-lists which only seem to remove the route from my routing table but i can still see the route in the ospf external database.

Any help would be greatly appreciated, i am no cisco expert but i am able to find my way around and do what i need to do.

 

Type-5 AS External Link States

Routing Bit Set on this LSA
  LS age: 1941
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 41.76.6.104 (External Network Number )
  Advertising Router: 10.87.95.54
  LS Seq Number: 8000000E
  Checksum: 0xF135
  Length: 36
  Network Mask: /29
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 1
        Forward Address: 0.0.0.0
        External Route Tag: 3741

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to nightshade2109

‎10-23-2014 03:11 AM

The only thing that I could see you be able to do would be to create another BGP peering with the ISP on your end. Then you could control what routes are being redistributed into bgp from ospf. The problem that you have now is that you have a single area, and with ospf the database has to match. The design that you have now won't allow you to restrict what you're sending to the ISP. If you really want to control it, you need to move the redistribution point to your side and then you should be able to....

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Akash Agrawal
Cisco Employee
Cisco Employee

‎10-21-2014 11:53 PM

Hi,

In OSPF or any link state protocol, all routers in an area must have identical LSA database. So LSA filtering in outbound is not possible. Maximum what we can do is dont install few OSPF routes in to routing table, that we do through distribute-list in inbound direction. That is local to the router, but that router will also have all LSAs in OSPF database.

 

https://supportforums.cisco.com/discussion/12218106/ospf-route-filtering

 

Regards,

Akash

Go to solution
nightshade2109
Level 1
Level 1
In response to Akash Agrawal

‎10-22-2014 01:20 PM

Hi Guys

Thanks for the help its appreciated.

Just one last question the routes that i'm trying to filter are coming from a service providers router and they are redistributing BGP into OSPF would it be possible to for them to filter them in BGP?

I'm basically trying to stop the WAN ranges from being advertised into our global WAN I only want the LAN ranges advertised which is also in area 0 unfortunately putting everything into area 0 wasn't my decision.

its basically connect like this (Sorry for the crude diagram)

Overseas Branch  <---- OSPF------> Global WAN Router <--- OSPF Area 0 ------> My Router <--OSPF Area 0 ---> Service Providers Router <---- BGP -----> Local Branch 

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to nightshade2109

‎10-22-2014 02:14 PM

Sorry if I'm about to ask obvious questions, but I want to get an understanding of where the routes are coming from. Do you have an ospf neighborship with the ISP and they're redistributing BGP into ospf? If so...that's a horrible design. How many routes are you receiving? You will have to have them filter as you won't be able to do anything once it gets past the asbr and into your backbone. 

Is this an mpls configuration by chance? Is the topology as simple as what you've typed out above?

 

HTH, John *** Please rate all useful posts ***

Go to solution
nightshade2109
Level 1
Level 1
In response to John Blakley

‎10-23-2014 01:24 AM

Hi John

Yes we have an OSPF neighborship with the ISP and they are redistributing BGP routes into OSPF from the ISP's side we are receiving around 50 routes but we are redistributing around 400 routes to them.

It is a MPLS and there are also a 2 other ISP's also redistributing their routes in OSPF although i'm only getting LAN subnets from the other providers.

I am just trying to eliminate the WAN routes being advertised to our Global WAN and the other 2 providers.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to nightshade2109

‎10-23-2014 03:11 AM

The only thing that I could see you be able to do would be to create another BGP peering with the ISP on your end. Then you could control what routes are being redistributed into bgp from ospf. The problem that you have now is that you have a single area, and with ospf the database has to match. The design that you have now won't allow you to restrict what you're sending to the ISP. If you really want to control it, you need to move the redistribution point to your side and then you should be able to....

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
nightshade2109
Level 1
Level 1
In response to John Blakley

‎10-23-2014 09:22 AM

Hi John

I took your suggestion and tested it in a test lab and it working.

Basically in the test lab I changed the peering with the ISP to BGP then redistributed my side into OSPF with a filter as you suggested all the 172.x.x.x routes are not being advertised to the other peers.


router ospf 1
 log-adjacency-changes
 redistribute bgp 65530 subnets route-map BGPFILTER
 network 10.60.95.56 0.0.0.7 area 0
!
router bgp 65530
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 redistribute ospf 1
 neighbor 172.20.21.2 remote-as 65520
 no auto-summary
!

!
access-list 1 permit 10.60.0.0 0.0.255.255
!
route-map BGPFILTER permit 10
 match ip address 1
!

 

Atleast I know what to do now, thanks again for everyones help.

 

 

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to nightshade2109

‎10-23-2014 09:25 AM

Perfect! Glad to hear it's working :) Thank you for the rating and good luck!

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎10-22-2014 11:24 AM

In ospf, the databases need to match within an area. Your type-5 lsa will be in every database in the same area, but would not be in the routing table. There is no way of keeping the lsa from entering the database without breaking ospf.

HTH,

John

HTH, John *** Please rate all useful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card