In our previous blog post, we examined how OSPF can automatically filter routes through the use of special areas and LSA Types. But what about your options for manually filtering routes in OSPF? In this post, we will examine techniques that you can use at various points in the topology.
One simple and effective method of filtering at the ASBR is the use of a distribute list. Here, we define the rules for route identification with an access list, and then reference this access list in the distribute list.
Figure 1 - OSPF Topology
In this example, our Area 1 is configured as a normal, non-backbone area. You can clearly see this when you examine the routing table on ORL.
Note the two prefixes (E2) of 192.168.10.0 and 192.168.20.0. Let’s filter 192.168.10.0 at the ASBR of ATL.
Note how simple this configuration is. Let’s see if it worked by examining the route table of ORL once again:
The configuration worked perfectly and 192.168.10.0 is no longer available at ORL.
Another simple method is to use the summary-address command on the ASBR and use the not-advertise keyword.
Here is an example in our topology. Note that I have removed the previous distribute list from the configuration of ATL prior to this configuration here:
Verification on ORL proves another successful filter of the 192.168.10.0 network.
It is no real surprise that you can use a route map approach to filtering at the ASBR. After all, route maps are so incredibly useful and flexible.
Here, we will define the rules with access list (once again), and use this in the route map logic:
As you might guess, the verification at ORL works perfectly.
You can also filter at the ABR. The most common method is to use a prefix list as shown here:
Once again, we filter the prefix of 192.168.10.0, but we do it at the ABR and we are filtering on the Type 3 here. This contrasts with the filtering of Type 5 (for the same prefix!) we did earlier at the ASBR.
Keep in mind that you can easily filter on any OSPF speaker within your router itself. For example, you can configure a distribute list approach and filter inbound using it.
In this example, we will once again pick on 192.168.10.0. We will block it in an ACL and use this ACL in the distribute list.
Notice we are on ORL performing this.
Once again, we reach our desired verification:
That wraps up our look at manual filtering within OSPF. Next time, in the final part of our OSPF series, we'll examine default routes, and we'll compare OSPFv2 with OSPFv3. Until then, take good care.