Introduction
This document describes the various methods of filtering OSPF Type 5 LSAs on routers and switches that run Cisco IOS® and IOS-XE®.
Contributed by Rohit Nair, Cisco TAC Engineer.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions. This document applies to all Cisco routers and switches that run Cisco IOS.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Background Information
An OSPF type 5 LSA is originated by an Autonomous System Boundary Router (ASBR) and flooded within the OSPF area. These routes are generated by means of redistribution into OSPF from other protocols or by the redistribution of connected or static routes.
Configure
The following example shows the various methods to filter Type 5 LSAs within an OSPF domain.
Network Diagram
Initial Configurations
NewYork
interface FastEthernet0/0
ip address 10.12.1.1 255.255.255.0
end
router ospf 1
network 10.12.1.1 0.0.0.0 area 0
[an error occurred while processing this directive]
London
interface FastEthernet0/0
ip address 10.12.1.2 255.255.255.0
end
interface FastEthernet1/0
ip address 10.23.1.1 255.255.255.0
end
router ospf 1
network 10.12.1.2 0.0.0.0 area 0
network 10.23.1.1 0.0.0.0 area 0
[an error occurred while processing this directive]
Dubai
interface FastEthernet0/0
ip address 10.23.1.2 255.255.255.0
end
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
end
router ospf 1
network 10.23.1.2 0.0.0.0 area 0
router eigrp 1
network 192.168.1.1 0.0.0.0
no auto-summary
[an error occurred while processing this directive]
Tokyo
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
end
interface Loopback100
ip address 172.16.1.1 255.255.255.255
end
router eigrp 1
network 172.16.1.1 0.0.0.0
network 192.168.1.2 0.0.0.0
no auto-summary
[an error occurred while processing this directive]
Filter Options
Distribute List
The distribute list out function, associated with an access-list or prefix-list can be used on the ASBR generating the Type 5 LSAs.
Note: The distribute-list out <interface> command is not a supported command in OSPF. The distribute-list out <protocol> command must be used.
Below is an example from the ASBR, Dubai. The distribute list is used to define what networks, from EIGRP are to be advertised within the OSPF domain:
Standard IP access list 1
10 deny 192.168.1.0, wildcard bits 0.0.0.255
20 permit any
router ospf 1
redistribute eigrp 1 subnets
network 10.23.1.2 0.0.0.0 area 0
distribute-list 1 out eigrp 1
[an error occurred while processing this directive]
After applying the above distribute list, the 192.168.1.0 LSA is not seen on NewYork and London:
NewYork:
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
172.16.1.1 192.168.1.1 23 0x80000001 0x003442 0
NewYork#sh ip route 192.168.1.0
% Network not in table
[an error occurred while processing this directive]
London:
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
172.16.1.1 192.168.1.1 152 0x80000001 0x003442 0
London#sh ip route 192.168.1.0
% Network not in table
[an error occurred while processing this directive]
Note: A distribute-list in linked to the interface can be used on any router within the area. This however, only restricts the route from being installed in the routing table and will not block a type 5 LSAs from being forwarded.
Summary-address
The summary-address command along with the not-advertise keyword can be used on the ASBR under the Router OSPF process to stop the propagation of a Type 5 LSA.
On Dubai, the summary-address command has been used to stop the advertisement of the 172.16.1.0 Type 5LSA.
Dubai:
router ospf 1
log-adjacency-changes
summary-address 172.16.1.0 255.255.255.0 not-advertise
redistribute eigrp 1 subnets
network 10.23.1.2 0.0.0.0 area 0
[an error occurred while processing this directive]
The 172.16.1.0 LSA is no longer present on NewYork and London:
NewYork:
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
192.168.1.0 192.168.1.1 112 0x80000001 0x0012B8 0
NewYork#sh ip route 172.16.1.0
% Network not in table
[an error occurred while processing this directive]
London:
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
192.168.1.0 192.168.1.1 172 0x80000001 0x0012B8 0
London#sh ip route 172.16.1.0
% Network not in table
[an error occurred while processing this directive]
Route-map
While redistributing an IGP into OSPF, a route-map can also be used to stop the TYPE 5 LSA from being generated on the ASBR.
On Dubai, while redistributing from EIGRP, a route-map is used to deny the 192.168.1.0 subnet from being advertised into OSPF:
Dubai:
Standard IP access list 1
10 deny 192.168.1.0, wildcard bits 0.0.0.255
20 permit any
route-map REDIS, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
Policy routing matches: 0 packets, 0 bytes
router ospf 1
log-adjacency-changes
redistribute eigrp 1 subnets route-map REDIS
network 10.23.1.2 0.0.0.0 area 0
[an error occurred while processing this directive]
The Type 5 LSA for 192.168.1.0 is not created:
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
172.16.1.0 192.168.1.1 47 0x80000001 0x003E39 0
[an error occurred while processing this directive]
Verify
Verification can be done by checking the show ip ospf database external command to confirm whether the LSAs that were filtered have indeed been blocked.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.