In this section I want to examine different filtering mechanisms in OSPF. I have a simple topology here and all areas have direct access to are 0.

Note that I perform most (but not all) of the filterings on ABRs.

Using Distribute-Lists



I want to filter some routes inbound area 34. For this I apply a distribute-list to router 3. We can find this command in almost all routing protocols and the usage is pretty much the same.

R3(config)#access-list 6 deny 6.6.6.6 0.0.0.0 R3(config)#access-list 6 permit any R3(config-router)#distribute-list 6 in

Now I check the routing table to make sure this route is not installed:

R3#do sh ip route 6.6.6.6 % Network not in table

But this command does not remove the LSA from the database:

R3#sh ip ospf database summary 6.6.6.6 OSPF Router with ID (3.3.3.3) (Process ID 1) Summary Net Link States (Area 34) Routing Bit Set on this LSA LS age: 1131 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 6.6.6.6 (summary Network Number) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0xBFC Length: 28 Network Mask: /32 TOS: 0 Metric: 21

And I expect to see the route on R4:

R4#sh ip route 6.6.6.6 Routing entry for 6.6.6.6/32 Known via "ospf 1", distance 110, metric 41, type inter area Last update from 10.10.34.3 on FastEthernet0/0, 00:20:24 ago Routing Descriptor Blocks: * 10.10.34.3, from 2.2.2.2, 00:20:24 ago, via FastEthernet0/0 Route metric is 41, traffic share count is 1

So, this is not an LSA filtering mechanism; It stops the route from being installed in routing table.

Filtering all LSAs outbound

Although not wise, there are commands under router configuration and interface configuration to stop all LSA from being sent to our neighbors.

You can use neighbor neighbor-id database-filter all out under router ospf or ip ospf database-filter all out under interface configuration to achive this goal.

Filtering LSAs Using area range Command

This is a special command in that it introduces a summary address to the area of your choice and in the meantime it removes all component routes (i.e. the routes, a summary spans). You perform this on ABRs

Also, you have the option of not advertising the summary, so while you have withdrawn all component routes, you do not introduce any summary too, hence the filtering. Here is an example:

R3(config-router)#no distribute-list 6 in f0/1 R3(config-router)#no distribute-list 6 in R1#sh ip route 4.4.4.4 Routing entry for 4.0.0.0/8 Known via "ospf 1", distance 110, metric 31, type inter area Last update from 10.10.12.2 on FastEthernet0/0, 00:01:06 ago Routing Descriptor Blocks: * 10.10.12.2, from 2.2.2.2, 00:01:06 ago, via FastEthernet0/0 Route metric is 31, traffic share count is 1

If I use not-advertise option, this summary and all of ts components will be removed:

R2(config-router)#area 34 range 4.0.0.0 255.0.0.0 not-advertise R1#sh ip route 4.4.4.4 % Network not in table

Filtering LSAs Using area filter-list Command

This is a special command in which I can define direction of filtering. area filter-list command is configured on ABRs and has an option to stop an LSA from being advertised to outside or inside the area.

In this example I filter R6’s loopback0 route in are 34. I can stop it from entering are 34 (from area 34’s perspective) or stop it from going into are 34 (from are 0’s perspective). I choose the first approach (although both achieve this goal):

R2(config)# ip prefix-list R6_LOOPBACK seq 5 deny 6.6.6.6/32 R2(config)# ip prefix-list R6_LOOPBACK seq 100 permit 0.0.0.0/0 le 32 R2(config)#router ospf 1 R2(config-router)#area 34 filter-list prefix R6_LOOPBACK in

Now if I check are 34’s routers I can see that the LSA is removed:

R3#sh ip route 6.6.6.6 % Network not in table

Of all these methods, area filter-list command has the best control, However, you can achieve the goal using all of them and it would be your choice to prefer one over the others.