FILTERING TYPE 5 LSA IN OSPF
There are various methods of Filtering Type 5 LSA in OSPF that we are going to discuss below in this article.
- On ASBR, block the prefix using distribute-list.
- On ASBR, block the prefix while redistribution into OSPF.
- On ASBR, block the prefix while summarization.On any ABR block the Forward Address the if Type 5 LSA is having a non zero Forward Address. This methods will not block LSA 5 to flow but will block any traffic for External prefixes.
- On NSSA ABR, block Forward Address from being advertised in OSPF internal network. LSA 5 will not be generated if Forward Address is blocked.
Consider the diagram below:
FILTERING TYPE 5 LSA IN OSPF - Method1
Below is the configuration on ASBR R4:R4#show run | s access-list 1
ip access-list 1 deny 9.9.0.5
ip access-list 1 permit any
You can also use a prefix-list instead of access-list.
ip prefix-list BLOCK_Type_5 seq 5 deny 9.9.0.5/32
ip prefix-list BLOCK_Type_5 seq 10 permit 0.0.0.0/0 le 32
Router ospf 1
distribute-list 1 out rip
or
Router ospf 1
distribute-list prefix BLOCK_Type_5 out rip
After applying the above config, LSA 5 will be blocked on the ASBR.
R4#
router ospf 1
redistribute rip subnets route-map RIP_to_OSPF
route-map RIP_to_OSPF permit 10
match ip address 1
R4#sh run | s access-list 1
ip access-list 1 deny 9.9.0.5
ip access-list 1 permit any
After applying above config, LSA 5 will be blocked on the ASBR.
R4#
Router ospf 1
summary-address 9.9.0.0 255.255.255.0 not-advertise
We will not see External prefix/LSA 5 for 9.9.0.5 on R1, R2 and R3 after applying above config. Below is output from R1:
R1#show ip route 9.9.0.5
% Subnet not in table
R3#
Show run | s ip access-list 1
ip access-list 1 deny 9.9.45.0
ip access-list 1 permit any
router ospf 1
distribute-list 1 in
This method will not block LSA 5 to flow in Area 0, but any traffic from Area 0(example: from R1 and R2) for External prefix 9.9.0.5/32 will be blocked on the ABR R3.
R1#show ip route 9.9.0.5
Routing entry for 9.9.0.5/32
Known via “ospf 1”, distance 110, metric 20, type extern 2, forward metric 4
Last update from 9.9.12.2 on FastEthernet0/0, 01:04:12 ago
Routing Descriptor Blocks:
* 9.9.12.2, from 9.9.0.4, 01:04:12 ago, via FastEthernet0/0
Route metric is 20, traffic share count is 1
R1#ping 9.9.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.5, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
As per above concept, the Forward address for External prefix 9.9.0.5/32 is ASBR’s OSPF internal Loopback address 9.9.0.4
R3#sh ip ospf database nssa-external 9.9.0.5 | i Forward Address
After applying the above config, LSA 5 will be blocked on the ASBR.
FILTERING TYPE 5 LSA IN OSPF - Method2
Below is the configuration on ASBR R4:R4#
router ospf 1
redistribute rip subnets route-map RIP_to_OSPF
route-map RIP_to_OSPF permit 10
match ip address 1
R4#sh run | s access-list 1
ip access-list 1 deny 9.9.0.5
ip access-list 1 permit any
After applying above config, LSA 5 will be blocked on the ASBR.
FILTERING TYPE 5 LSA IN OSPF - Method3
We can block prefix 9.9.0.5/32 on ASBR R4 by no advertising it in OSPF domain using “summary-address” command with option “not-advertise”R4#
Router ospf 1
summary-address 9.9.0.0 255.255.255.0 not-advertise
We will not see External prefix/LSA 5 for 9.9.0.5 on R1, R2 and R3 after applying above config. Below is output from R1:
R1#show ip route 9.9.0.5
% Subnet not in table
FILTERING TYPE 5 LSA IN OSPF - Method4
Below is the configuration on ABR R3:R3#
Show run | s ip access-list 1
ip access-list 1 deny 9.9.45.0
ip access-list 1 permit any
router ospf 1
distribute-list 1 in
This method will not block LSA 5 to flow in Area 0, but any traffic from Area 0(example: from R1 and R2) for External prefix 9.9.0.5/32 will be blocked on the ABR R3.
R1#show ip route 9.9.0.5
Routing entry for 9.9.0.5/32
Known via “ospf 1”, distance 110, metric 20, type extern 2, forward metric 4
Last update from 9.9.12.2 on FastEthernet0/0, 01:04:12 ago
Routing Descriptor Blocks:
* 9.9.12.2, from 9.9.0.4, 01:04:12 ago, via FastEthernet0/0
Route metric is 20, traffic share count is 1
R1#ping 9.9.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.5, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
FILTERING TYPE 5 LSA IN OSPF - Method5
In NSSA, Forward Address is non zero by default (ASBR’s Internal Loopback). OSPF process will check for this address if accessible via Routing Table before installing the External prefix into the Routing Table. If the Forward Address is not accessible, the corresponding external prefix is not installed into the Routing Table.As per above concept, the Forward address for External prefix 9.9.0.5/32 is ASBR’s OSPF internal Loopback address 9.9.0.4
R3#sh ip ospf database nssa-external 9.9.0.5 | i Forward Address
Forward Address: 9.9.0.4
If we block Forward Address 9.9.0.4 on ABR R3, R3 will stop generating the LSA5 for 9.9.0.5/32.
R3#
access-list 1 deny 9.9.0.4
access-list 1 permit any
router ospf 1
area 1 nssa
distribute-list 1 in
R4#
Router ospf 1
area 1 nssa
R3#show ip ospf database nssa-external 9.9.0.5
OSPF Router with ID (9.9.0.3) (Process ID 1)
Type-7 AS External Link States (Area 1)
LS age: 1223
Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
LS Type: AS External Link
Link State ID: 9.9.0.5 (External Network Number )
Advertising Router: 9.9.0.4
LS Seq Number: 80000002
Checksum: 0x93BE
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 9.9.0.4
External Route Tag: 0
R3#show ip ospf database external 9.9.0.5
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip ospf database external 9.9.0.5
OSPF Router with ID (9.9.0.2) (Process ID 1)
R3#
access-list 1 deny 9.9.0.4
access-list 1 permit any
router ospf 1
area 1 nssa
distribute-list 1 in
R4#
Router ospf 1
area 1 nssa
R3#show ip ospf database nssa-external 9.9.0.5
OSPF Router with ID (9.9.0.3) (Process ID 1)
Type-7 AS External Link States (Area 1)
LS age: 1223
Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
LS Type: AS External Link
Link State ID: 9.9.0.5 (External Network Number )
Advertising Router: 9.9.0.4
LS Seq Number: 80000002
Checksum: 0x93BE
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 9.9.0.4
External Route Tag: 0
R3#show ip ospf database external 9.9.0.5
OSPF Router with ID (9.9.0.3) (Process ID 1)
R2#show ip ospf database external 9.9.0.5
OSPF Router with ID (9.9.0.2) (Process ID 1)