Useful Articles

25/recent/ticker-posts

FILTERING TYPE 5 LSA IN OSPF

FILTERING TYPE 5 LSA IN OSPF

 
There are various methods of Filtering Type 5 LSA in OSPF that we are going to discuss below in this article.
  • On ASBR, block the prefix using distribute-list.
  • On ASBR, block the prefix while redistribution into OSPF.
  • On ASBR, block the prefix while summarization.On any ABR block the Forward Address the if Type 5 LSA is having a non zero Forward Address. This methods will not block LSA 5 to flow but will block any traffic for External prefixes.
  • On NSSA ABR, block Forward Address from being advertised in OSPF internal network. LSA 5 will not be generated if Forward Address is blocked.

Consider the diagram below:
FILTERING TYPE 5 LSA IN OSPF

FILTERING TYPE 5 LSA IN OSPF - Method1

Below is the configuration on ASBR R4:

R4#show run | s access-list 1
ip access-list 1 deny 9.9.0.5
ip access-list 1 permit any

You can also use a prefix-list instead of access-list.

ip prefix-list BLOCK_Type_5 seq 5 deny 9.9.0.5/32
ip prefix-list BLOCK_Type_5 seq 10 permit 0.0.0.0/0 le 32


Router ospf 1
distribute-list 1 out rip

or

Router ospf 1
distribute-list prefix BLOCK_Type_5 out rip 

After applying the above config, LSA 5 will be blocked on the ASBR.

FILTERING TYPE 5 LSA IN OSPF - Method2

Below is the configuration on ASBR R4:

R4#
router ospf 1
redistribute rip subnets route-map RIP_to_OSPF
route-map RIP_to_OSPF permit 10
match ip address 1


R4#sh run | s access-list 1
ip access-list 1 deny 9.9.0.5
ip access-list 1 permit any

After applying above config, LSA 5 will be blocked on the ASBR.

FILTERING TYPE 5 LSA IN OSPF - Method3

We can block prefix 9.9.0.5/32 on ASBR R4 by no advertising it in OSPF domain using “summary-address” command with option “not-advertise”

R4#
Router ospf 1
summary-address 9.9.0.0 255.255.255.0 not-advertise

We will not see External prefix/LSA 5 for 9.9.0.5 on R1, R2 and R3 after applying above config. Below is output from R1:

R1#show ip route 9.9.0.5
% Subnet not in table

FILTERING TYPE 5 LSA IN OSPF - Method4

Below is the configuration on ABR R3:

R3#
Show run | s ip access-list 1
ip access-list 1 deny 9.9.45.0
ip access-list 1 permit any

router ospf 1
distribute-list 1 in

This method will not block LSA 5 to flow in Area 0, but any traffic from Area 0(example: from R1 and R2) for External prefix 9.9.0.5/32 will be blocked on the ABR R3.

R1#show ip route 9.9.0.5
  Routing entry for 9.9.0.5/32
  Known via “ospf 1”, distance 110, metric 20, type extern 2, forward metric 4
  Last update from 9.9.12.2 on FastEthernet0/0, 01:04:12 ago
  Routing Descriptor Blocks:
  * 9.9.12.2, from 9.9.0.4, 01:04:12 ago, via FastEthernet0/0
     Route metric is 20, traffic share count is 1


R1#ping 9.9.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.5, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

FILTERING TYPE 5 LSA IN OSPF - Method5

In NSSA, Forward Address is non zero by default (ASBR’s Internal Loopback). OSPF process will check for this address if accessible via Routing Table before installing the External prefix into the Routing Table. If the Forward Address is not accessible, the corresponding external prefix is not installed into the Routing Table.

As per above concept, the Forward address for External prefix 9.9.0.5/32 is ASBR’s OSPF internal Loopback address 9.9.0.4

R3#sh ip ospf database nssa-external 9.9.0.5 | i Forward Address

    Forward Address: 9.9.0.4

If we block Forward Address 9.9.0.4 on ABR R3, R3 will stop generating the LSA5 for 9.9.0.5/32.

R3#
access-list 1 deny 9.9.0.4
access-list 1 permit any

router ospf 1
area 1 nssa
distribute-list 1 in


R4#
Router ospf 1
area 1 nssa

R3#show ip ospf database nssa-external 9.9.0.5
            OSPF Router with ID (9.9.0.3) (Process ID 1)
                Type-7 AS External Link States (Area 1)
  LS age: 1223
  Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
  LS Type: AS External Link
  Link State ID: 9.9.0.5 (External Network Number )
  Advertising Router: 9.9.0.4
  LS Seq Number: 80000002
  Checksum: 0x93BE
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 9.9.0.4
        External Route Tag: 0


R3#show ip ospf database external 9.9.0.5
            OSPF Router with ID (9.9.0.3) (Process ID 1)

R2#show ip ospf database external 9.9.0.5
            OSPF Router with ID (9.9.0.2) (Process ID 1)