FILTERING TYPE 3 LSA IN OSPF
This blog explains various ways of FILTERING TYPE 3 LSA IN OSPF along with config examples. Three of the methods to Filter LSA3 in OSPF are listed below.
- Block LSA 3 for 9.9.0.4 using a filter-list on ABR R3 at area 1 to reach area 0 in out direction.
- Block LSA 3 for 9.9.0.4 using a filter-list on ABR R3 at area 0 in the in direction.
- Block LSA 3 for 9.9.0.4 in inward direction using a distribute-list on ABR R3. But in this scenario we won’t be able to block the LSA3 flow completely.
FILTERING TYPE 3 LSA IN OSPF - Method 1
R3#
ip prefix-list BLOCK_INTER_AREA_PREFIX deny 9.9.0.4/32
ip prefix-list BLOCK_INTER_AREA_PREFIX permit 0.0.0.0/0 le 32
router OSPF 1
area 1 filter-list prefix BLOCK_INTER_AREA_PREFIX out
We see now that R3 will have route to 9.9.0.4/32 as LSA1 (under area 1) but has no LSA3 for 9.9.0.4/32. Additionally, We will also not see the 9.9.0.4/32 route on R1 and R2 in Area 0 and also not the summary LSA for 9.9.0.4.
R3#show ip ospf database summary 9.9.0.4
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip route 9.9.0.4
% Subnet not in table
R3#
ip prefix-list BLOCK_INTER_AREA_PREFIX deny 9.9.0.4/32
ip prefix-list BLOCK_INTER_AREA_PREFIX permit 0.0.0.0/0 le 32
router OSPF 1
area 0 filter-list prefix BLOCK_INTER_AREA_PREFIX in
We see now that R3 will have route to 9.9.0.4/32 as LSA1 (under area 1) but has no LSA3 for 9.9.0.4. We’ll also not see the 9.9.0.4/32 route on R1 and R2 in Area 0 and also not the summary LSA for 9.9.0.4.
R3#show ip ospf database summary 9.9.0.4
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip route 9.9.0.4
% Subnet not in table
R3#
ip prefix-list BLOCK_INTER_AREA_PREFIX deny 9.9.0.4/32
ip prefix-list BLOCK_INTER_AREA_PREFIX permit 0.0.0.0/0 le 32
router OSPF 1
distribute-list prefix BLOCK_INTER_AREA_PREFIX in
Clear the OSPF process after this configuration.
You will not be seeing 9.9.0.4/32 route learned on ABR R3 but you will see the LSA3 for 9.9.0.4 present in R3. R3 will also not be able to ping 9.9.0.4/32.
area 1 filter-list prefix BLOCK_INTER_AREA_PREFIX out
We see now that R3 will have route to 9.9.0.4/32 as LSA1 (under area 1) but has no LSA3 for 9.9.0.4/32. Additionally, We will also not see the 9.9.0.4/32 route on R1 and R2 in Area 0 and also not the summary LSA for 9.9.0.4.
R3#show ip ospf database summary 9.9.0.4
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip route 9.9.0.4
% Subnet not in table
FILTERING TYPE 3 LSA IN OSPF - Method 2
R3#
ip prefix-list BLOCK_INTER_AREA_PREFIX deny 9.9.0.4/32
ip prefix-list BLOCK_INTER_AREA_PREFIX permit 0.0.0.0/0 le 32
router OSPF 1
area 0 filter-list prefix BLOCK_INTER_AREA_PREFIX in
We see now that R3 will have route to 9.9.0.4/32 as LSA1 (under area 1) but has no LSA3 for 9.9.0.4. We’ll also not see the 9.9.0.4/32 route on R1 and R2 in Area 0 and also not the summary LSA for 9.9.0.4.
R3#show ip ospf database summary 9.9.0.4
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip route 9.9.0.4
% Subnet not in table
FILTERING TYPE 3 LSA IN OSPF - Method 3
R3#
ip prefix-list BLOCK_INTER_AREA_PREFIX deny 9.9.0.4/32
ip prefix-list BLOCK_INTER_AREA_PREFIX permit 0.0.0.0/0 le 32
router OSPF 1
distribute-list prefix BLOCK_INTER_AREA_PREFIX in
Clear the OSPF process after this configuration.
You will not be seeing 9.9.0.4/32 route learned on ABR R3 but you will see the LSA3 for 9.9.0.4 present in R3. R3 will also not be able to ping 9.9.0.4/32.
R3# show ip ospf database summary 9.9.0.4
OSPF Router with ID (9.9.0.3) (Process ID 1)
Summary Net Link States (Area 0)
LS age: 11
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 9.9.0.4 (summary Network Number)
Advertising Router: 9.9.0.3
LS Seq Number: 80000001
Checksum: 0xE728
Length: 28
Network Mask: /32
MTID: 0 Metric: 2
R3#show ip route 9.9.0.4
% Subnet not in table
On R1 and R2 you will see the LSA 3 (9.9.0.4) and route in the routing table but you will not able to ping the prefix 9.9.0.4/32 from R1 and R2.
R2#show ip route 9.9.0.4
Routing entry for 9.9.0.4/32
Known via “ospf 1”, distance 110, metric 3, type inter area
Last update from 9.9.23.3 on FastEthernet0/1, 00:05:05 ago
Routing Descriptor Blocks:
* 9.9.23.3, from 9.9.0.3, 00:05:05 ago, via FastEthernet0/1
Route metric is 3, traffic share count is 1
R2#ping 9.9.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Imp Note: Distribute-lists do not work for outbound OSPF filtering (Command may be accepted) because OSPF is a link-state protocol and all routers within an area must flood all LSAs.
OSPF Router with ID (9.9.0.3) (Process ID 1)
Summary Net Link States (Area 0)
LS age: 11
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 9.9.0.4 (summary Network Number)
Advertising Router: 9.9.0.3
LS Seq Number: 80000001
Checksum: 0xE728
Length: 28
Network Mask: /32
MTID: 0 Metric: 2
R3#show ip route 9.9.0.4
% Subnet not in table
On R1 and R2 you will see the LSA 3 (9.9.0.4) and route in the routing table but you will not able to ping the prefix 9.9.0.4/32 from R1 and R2.
R2#show ip route 9.9.0.4
Routing entry for 9.9.0.4/32
Known via “ospf 1”, distance 110, metric 3, type inter area
Last update from 9.9.23.3 on FastEthernet0/1, 00:05:05 ago
Routing Descriptor Blocks:
* 9.9.23.3, from 9.9.0.3, 00:05:05 ago, via FastEthernet0/1
Route metric is 3, traffic share count is 1
R2#ping 9.9.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Imp Note: Distribute-lists do not work for outbound OSPF filtering (Command may be accepted) because OSPF is a link-state protocol and all routers within an area must flood all LSAs.
