Categories R&S

OSPF – Implement and troubleshoot filtering – Administrative distance

Let’s now have a look at using administrative distance to filter routes.

 

Theory:

With OPSF, administrative distance can be changed per-prefix or per-neighbor.

When setting an administrative distance of 255, the route cannot be installed in the routing table.

The IP address use with the distance command refer to the originator of the prefix into the area. The OSPF distance command uses the router ID as the route source.

 

Requirements:

Make sure that R3 doesn’t install the route to R6 loopback (6.6.6.6) into is routing table.

 

Diagram:

Not-so-totally-stubby area

 

Configuration and verification:

 

First, let’s see how the route is seen on R3:

R3#sh ip route 6.6.6.6
Routing entry for 6.6.6.6/32
  Known via "ospf 10", distance 110, metric 1003, type inter area
  Last update from 10.10.1.1 on Ethernet0/0, 00:04:57 ago
  Routing Descriptor Blocks:
  * 10.10.1.2, from 22.22.22.22, 00:04:57 ago, via Ethernet0/0
      Route metric is 1003, traffic share count is 1
    10.10.1.1, from 11.11.11.11, 00:04:57 ago, via Ethernet0/0
      Route metric is 1003, traffic share count is 1

R3#sh ip ospf data sum 6.6.6.6
            OSPF Router with ID (33.33.33.33) (Process ID 10)
                Summary Net Link States (Area 0)
 
 Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 178
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 6.6.6.6 (summary Network Number)
  Advertising Router: 22.22.22.22
  LS Seq Number: 80000002
  Checksum: 0x24B9
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 1002

Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 341
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 6.6.6.6 (summary Network Number)
  Advertising Router: 11.11.11.11
  LS Seq Number: 80000002
  Checksum: 0x6F9A
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 1002

 

We will use the distance command to remove this route. We must first create an access-list that match the prefix and then use the IP address of the originator of the prefix with the distance command.

R3(config)#access-list 2 permit 6.6.6.6 0.0.0.0

R3(config)#router ospf 10
R3(config-router)#distance 255 22.22.22.22 0.0.0.0 2

 

Let’s see how it looks now:

R3#sh ip route 6.6.6.6
% Network not in table

R3#sh ip ospf data sum 6.6.6.6
            OSPF Router with ID (33.33.33.33) (Process ID 10)
                Summary Net Link States (Area 0)
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1298
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 6.6.6.6 (summary Network Number)
  Advertising Router: 22.22.22.22
  LS Seq Number: 80000002
  Checksum: 0x24B9
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 1002

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 341
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 6.6.6.6 (summary Network Number)
  Advertising Router: 11.11.11.11
  LS Seq Number: 80000002
  Checksum: 0x6F9A
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 1002

 

So the prefix is still seen in the database but not installed in the routing table.

 

 

Now when working on this, I’m seeing a strange behavior.

As seen first, we have two routing entry for 6.6.6.6 with the same metric and both are in the OSPF database.

When we apply the distance command, we ask specifically for the prefix coming from R2 (22.22.22.22) so we should still see the route coming from R1.

 

 

After investigation and according to the documentation it should only filter the route from the router specified in the distance command. So it looks like my equipment are not behaving the correct way, probably a bug.

 

Anyway, the concept is here, I hope it work well in “real life”.

 

 

Thank you for reading.

 

OSPF – Implement and troubleshoot filtering – Administrative distance