FILTERING TYPE 1 LSA1 in OSPF
This blog explains various ways of FILTERING TYPE 1 LSA1 in OSPF along with config examples. Generally you cannot filter LSA1 from flowing b/w the routers in an area. But you can block the ping/traffic for Intra Area prefixes. But we have a trick command to completely filter Type 1 LSAs in an Area. Please see the details at the end of this post under Scenario 3. The command will not only filter Type 1 LSA but all of the LSA Types.
Consider the below diagram:
FILTERING LSA1 in OSPF - Scenario 1
Without any blocking/filtering on R2, R1 and R2 can ping each other and we can see route of 9.9.0.1/32 on R2’s routing table.
R2#ping 9.9.0.1 source 9.9.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.1, timeout is 2 seconds:
Packet sent with a source address of 9.9.0.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/27/72 ms
R2#ping 9.9.0.1 source 9.9.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.1, timeout is 2 seconds:
Packet sent with a source address of 9.9.0.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/27/72 ms
R2#show ip route | i 9.9.0.1
O 9.9.0.1/32 [110/2] via 9.9.12.1, 00:08:26, FastEthernet0/0
FILTERING LSA1 in OSPF - Scenario 2
Let’s block 9.9.0.1/32 on R2 with below config on R2:
R2#show run | section prefix-list
ip prefix-list BLOCK_INTRA_AREA_PREFIX seq 5 deny 9.9.0.1/32
ip prefix-list BLOCK_INTRA_AREA_PREFIX seq 10 permit 0.0.0.0/0 le 32
R2#show run | section router ospf
router ospf 1
distribute-list prefix BLOCK_INTRA_AREA_PREFIX in
After applying above config on R2, R2 will not longer see R1’s route 9.9.0.1/32 in R2’s routing table and R2 will not be able to ping 9.9.0.1/32. But we see Type 1 LSA for 9.9.0.1 on R2 and on R3 under Area 0.
R2#show ip route 9.9.0.1
% Subnet not in table
R2#ping 9.9.0.1 source 9.9.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.1, timeout is 2 seconds:
Packet sent with a source address of 9.9.0.2
…..
Success rate is 0 percent (0/5)
R2#show ip ospf database
OSPF Router with ID (9.9.0.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
9.9.0.1 9.9.0.1 320 0x80000004 0x00E6BF 2
9.9.0.2 9.9.0.2 1842 0x80000005 0x002219 3
9.9.0.3 9.9.0.3 1838 0x80000004 0x000E79 2
Interesting point to know is that R3 will receive LSA 1 for 9.9.0.1 and will also have its route in routing table but R3 will not be able to ping 9.9.0.1/32 because traffic is blocked on R2.
R3# show ip route 9.9.0.1
Routing entry for 9.9.0.1/32
Known via “ospf 1”, distance 110, metric 3, type intra area
Last update from 9.9.23.2 on FastEthernet0/0, 00:37:33 ago
Routing Descriptor Blocks:
* 9.9.23.2, from 9.9.0.1, 00:37:33 ago, via FastEthernet0/0
Route metric is 3, traffic share count is 1
R3#ping 9.9.0.1 source 9.9.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.1, timeout is 2 seconds:
Packet sent with a source address of 9.9.0.3
UUUUU
Success rate is 0 percent (0/5)
FILTERING LSA1 in OSPF - Scenario 3
This is the Tricky method to filter Type 1 and Type 2 LSAs and in fact all LSAs at once.
Considering the same topology diagram given in the beginning of this post, let’s try filtering TYPE 1 and 2 LSA completely on R1 and R2.
Considering the same topology diagram given in the beginning of this post, let’s try filtering TYPE 1 and 2 LSA completely on R1 and R2.
Configure the below command on interfaces for link b/w R1 and R2. Below is the reference config on R1 side:
R1(config)#int f0/0
R1(config-if)# ip ospf database-filter all out
OR, you can filter routes under OSPF process as below:
R1(config)#router ospf 1
R1(config-router)#neighbor 9.9.12.2 database-filter all
Configure same command on interface on R2’s side interface for R1-R2 link.
After configuring above command, the OSPF neighborship will reset but still do clear the OSPF process for this command to take affect.
After configuring this command on both R1 and R2 for R1-R2 link, we now see that Type 1, 2, 3, 4, 5 LSAs on R1.
R1#show ip ospf database router 9.9.0.2
OSPF Router with ID (9.9.0.1) (Process ID 1)
R1#show ip ospf database
OSPF Router with ID (9.9.0.1) (Process ID 1)
Router Link States (Area 0)
R1(config)#int f0/0
R1(config-if)# ip ospf database-filter all out
OR, you can filter routes under OSPF process as below:
R1(config)#router ospf 1
R1(config-router)#neighbor 9.9.12.2 database-filter all
Configure same command on interface on R2’s side interface for R1-R2 link.
After configuring above command, the OSPF neighborship will reset but still do clear the OSPF process for this command to take affect.
After configuring this command on both R1 and R2 for R1-R2 link, we now see that Type 1, 2, 3, 4, 5 LSAs on R1.
R1#show ip ospf database router 9.9.0.2
OSPF Router with ID (9.9.0.1) (Process ID 1)
R1#show ip ospf database
OSPF Router with ID (9.9.0.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
9.9.0.1 9.9.0.1 5 0x80000001 0x00ECBC 2
Note: The LSA Type 2 will still show on the DR but not on the BDR.
9.9.0.1 9.9.0.1 5 0x80000001 0x00ECBC 2
Note: The LSA Type 2 will still show on the DR but not on the BDR.
