Categories R&S

OSPF – Implement and troubleshoot filtering – Database filtering

That’s the last part of the implement and troubleshoot filtering series.

 

 

Theory:

Database filtering can be used to filter outgoing LSA on an OSPF interface.

Hello packets are still exchange, so neighbor relationship is maintain but LSA advertisement are stops.

 

Requirements:

Make sure that R4 doesn’t receive any advertisement from R1.

 

Diagram:

OSPF LSA filtering

Configuration and verification:

 

Let’s check the current state, R4 gets entry from R1 in his database.

Most of the routes are known via R1:

R4#sh ip ospf data adv 11.11.11.11
            OSPF Router with ID (4.4.4.4) (Process ID 10)
                Router Link States (Area 2)
Link ID         ADV Router      Age         Seq#       Checksum Link count
11.11.11.11     11.11.11.11     2104        0x80000016 0x00ED5A 2
                Summary Net Link States (Area 2)
Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         11.11.11.11     2104        0x80000004 0x00B949
2.2.2.2         11.11.11.11     2104        0x80000008 0x008D6C
3.3.3.3         11.11.11.11     2104        0x80000008 0x005F96
8.8.8.8         11.11.11.11     2104        0x80000008 0x007869
9.9.9.9         11.11.11.11     2104        0x80000008 0x005488
10.10.1.0       11.11.11.11     2104        0x80000008 0x00D914
10.10.3.8       11.11.11.11     2104        0x80000008 0x007370
10.10.3.9       11.11.11.11     2104        0x80000008 0x00736E
10.10.3.10      11.11.11.11     2104        0x80000008 0x006977
10.10.10.10     11.11.11.11     2104        0x80000008 0x0026B2
10.10.18.0      11.11.11.11     2104        0x80000008 0x000CD3
10.10.24.0      11.11.11.11     199         0x80000001 0x00E1FD
10.10.39.0      11.11.11.11     2104        0x80000008 0x00922D
11.11.11.0      11.11.11.11     2105        0x80000004 0x005A8B
22.22.22.0      11.11.11.11     2105        0x80000008 0x00CEF0
33.33.33.0      11.11.11.11     2105        0x80000008 0x00415D
88.88.88.0      11.11.11.11     2105        0x80000008 0x007D7B
99.99.99.0      11.11.11.11     2105        0x80000008 0x00F9DC
100.100.100.0   11.11.11.11     2105        0x80000008 0x00D5FD

R4#sh ip route | i 10.10.14.1
O IA     1.1.1.1 [110/2] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     2.2.2.2 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     3.3.3.3 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     8.8.8.8 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     9.9.9.9 [110/4] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.1.0/24 [110/2] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.3.8/32 [110/2] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.3.9/32 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.3.10/32 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.10.10/32 [110/4] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     10.10.18.0/30 [110/2] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     11.11.11.0 [110/2] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     22.22.22.0 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     33.33.33.0 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     88.88.88.0 [110/3] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     99.99.99.0 [110/4] via 10.10.14.1, 00:00:44, Ethernet0/0
O IA     100.100.100.0 [110/4] via 10.10.14.1, 00:00:44, Ethernet0/0

 

When using database filtering, we prevent R4 to get LSA advertisement from R1 but we keep the OSPF neighbor relationship UP.

The command can be apply at the OSPF process level or at the interface level.

R1(config-router)#neighbor 10.10.14.2 database-filter all out
% OSPF: Configured Nbr 10.10.14.2 is incompatible with OSPF network type on Ethernet1/0
*Feb 23 14:58:33.511: %OSPF-4-CFG_NBR_INVALID_NET_TYPE: Can not use configured neighbor 10.10.14.2 on Ethernet1/0. Neighbor command only allowed on NBMA and P2MP networks

As you can see the command used at the OSPF process level is not allowed for point-to-point network.

Let’s try the interface command:

R1(config)#int Ethernet1/0
R1(config-if)#ip ospf database-filter all out
%OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Ethernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
%OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Ethernet1/0 from LOADING to FULL, Loading Done

 

Now R4 only get one entry from R1 (locally originated) and the routing table for route via R1 is empty:

R4#sh ip ospf dat adv-router 11.11.11.11
            OSPF Router with ID (4.4.4.4) (Process ID 10)
                Router Link States (Area 2)
Link ID         ADV Router      Age         Seq#       Checksum Link count
11.11.11.11     11.11.11.11     16          0x80000007 0x00AEC2 2

R4# sh ip route | i 10.10.14.1

Neighbor relationship is still UP:

R4#sh ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
11.11.11.11       0   FULL/  -        00:00:38    10.10.14.1      Ethernet0/0

 

That was our last post for the Implement and troubleshoot filtering series.

I hope you enjoyed it.

 

 

Thank you for reading.

 

OSPF – Implement and troubleshoot filtering – Database filtering