Wednesday, 13 February 2013

Difference between filtering routing updates and filtering networks between areas in OSPF



R7 is advertising 7.7.7.1/32 and 7.7.7.2/32
R6 is advertising 6.6.6.1/32 and 6.6.6.2/32

Tasks

1.Filter the 7.7.7.2/32 prefix not to exist in area146 ospf database
2.Filter the 6.6.6.2/32 prefix not to install only on R5

*Crucial configuration are put on R2 and R4.

Configuration

R1

 interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.12.1 0.0.0.0 area 0
 network 192.168.14.1 0.0.0.0 area 146

R2

interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 area 257 filter-list prefix DENY_NET6.2 in
 network 192.168.12.2 0.0.0.0 area 0
 network 192.168.25.2 0.0.0.0 area 257
!
ip prefix-list DENY_NET6.2 seq 5 deny 6.6.6.2/32
ip prefix-list DENY_NET6.2 seq 10 permit 0.0.0.0/0 le 32

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 146
 network 192.168.14.4 0.0.0.0 area 146
 network 192.168.46.4 0.0.0.0 area 146
 distribute-list prefix DENY_NET7.2 in FastEthernet0/0
!
ip prefix-list DENY_NET7.2 seq 5 deny 7.7.7.2/32
ip prefix-list DENY_NET7.2 seq 10 permit 0.0.0.0/0 le 32

R5

interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.57.5 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.25.5 0.0.0.0 area 257
 network 192.168.57.5 0.0.0.0 area 257

R6

interface Loopback1
 ip address 6.6.6.1 255.255.255.255
!
interface Loopback2
 ip address 6.6.6.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.46.6 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 6.6.6.1 0.0.0.0 area 146
 network 6.6.6.2 0.0.0.0 area 146
 network 192.168.46.6 0.0.0.0 area 146

R7

interface Loopback1
 ip address 7.7.7.1 255.255.255.255
!
interface Loopback2
 ip address 7.7.7.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.7 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 7.7.7.1 0.0.0.0 area 257
 network 7.7.7.2 0.0.0.0 area 257
 network 192.168.57.7 0.0.0.0 area 257

Verification

Since 6.6.6.2/32 is filter-out from area 257 database, both R5 and R7 doesn't have 6.6.6.2/32 prefix.

R5#show ip route ospf
O IA 192.168.46.0/24 [110/22] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.12.0/24 [110/11] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.14.0/24 [110/12] via 192.168.25.2, 00:10:57, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/13] via 192.168.25.2, 00:10:57, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/23] via 192.168.25.2, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O       7.7.7.2 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1
O       7.7.7.1 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1

R7#show ip route ospf
O IA 192.168.46.0/24 [110/32] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.12.0/24 [110/21] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.14.0/24 [110/22] via 192.168.57.5, 00:11:27, FastEthernet0/0
O    192.168.25.0/24 [110/11] via 192.168.57.5, 00:11:27, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/23] via 192.168.57.5, 00:11:27, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/33] via 192.168.57.5, 00:11:27, FastEthernet0/0

Prefix 7.7.7.2/32 is filtered on R4 only not to go inside R4 routing table, so the 7.7.7.2/32 still appeared on R6 routing table. So the traffic can be blackhole at R4 if traffic destined to networks behind R4 and source from 7.7.7.2. 

R4#show ip route ospf
O IA 192.168.12.0/24 [110/11] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.25.0/24 [110/12] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.57.0/24 [110/22] via 192.168.14.1, 00:12:58, FastEthernet0/0
     6.0.0.0/32 is subnetted, 2 subnets
O       6.6.6.2 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
O       6.6.6.1 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
     7.0.0.0/32 is subnetted, 1 subnets
O IA    7.7.7.1 [110/23] via 192.168.14.1, 00:12:47, FastEthernet0/0
R6#show ip route ospf
O IA 192.168.12.0/24 [110/21] via 192.168.46.4, 00:36:34, FastEthernet0/0
O    192.168.14.0/24 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.25.0/24 [110/22] via 192.168.46.4, 00:14:36, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.57.0/24 [110/32] via 192.168.46.4, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O IA    7.7.7.2 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0
O IA    7.7.7.1 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4RSDZ4WA/Difference_between_OSPF_filter.html
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)