Entries Tagged as ''

OSPF Filtering and Range Summary sequence

OSPF Type-3 LSA Filtering can be used to permit or deny any arbitrary inter-area routes based on a prefix-list. The filtering process is in ABR under router ospf process.

  • area <#> filter-list <name> [in | out]

Also, for reducing routing table in other area, sometimes we will summarize network.

  • area <#> range <IP> <MASK>

However, here is a question, under ospf process, filter before range summary or range summary before filter? We do a test by the following scenario.

The topology may like this:

<–AREA 1–> ABR <—-AREA 0–>

Aare 1 has three networks. We can see them by “show ip route”.

  • 172.18.12.0/24
  • 172.18.13.0/24
  • 172.18.15.0/24

We also can summarize those three network to one network and advertise to Area 0.

  • area 1 range 172.18.12.0 255.255.252.0

First, we need to generate a filtering list by prefix list. If we only create a prefix list as following, the summary route (discards route in local) will not generated and the summary route is not advertised out.

  • ip prefix-list A1->A0 seq 5 permit 172.18.12.0/22

Why?

Because prefixe list will check both bits and subnet mask. Both would have to match for the network to be either permitted or denied. In the above case, there is only a “/” after the network (no le or ge), then the number after the “/” is both bits checked and subnet mask. So it will check the 22 bits from left to right (won’t care about the last 10 bits) AND it will make sure that it has a 22 bit mask. BOTH the 22 bits checked and the 22 bit subnet mask must match for the network to be permitted or denied. However, the scenario doesn’t have 22 bit submask network in routing table. Therefore, there will be nothing to generated and advertise out. If we revise the ip prefix list like the following, then the summary route is advertised out.

  • ip prefix-list A1->A0 seq 5 permit 172.18.12.0/22 ge 24 le 24

Why?

Because if we use either the le or ge (or both le and ge) after the “/”, then the number directly after the “/” becomes only bits checked and the number after the ge or le (or both) is the subnet mask. So in this case we are still going to check the first 22 bits of the network from left to right. If those match we are then going to check the subnet mask, which in this case can be GREATER THAN OR EQUAL TO 24 bits – meaning that as long as the first 22 bits of the network match the subnet mask could be 25,26,27,28,29,30,31,or 32 bits. They would all match.

So, we can safely say that, OSPF do filtering before range summary.

Tags: How-to by hengdu
No Comments »