OSPF ABR Type 3 LSA filtering is a feature OSPF ABRs use to control type 3 link-state advertisements (LSAs) sent or received between OSPF areas. In this post, you learn how to filter Type 3 LSAs sent/received from one OSPF area to another area on Cisco IOS. Many networking vendors like Juniper and Mikrotik support this feature.

I will use this network topology in the rest of this guide.

The OSPF routing domain consists of five routers and is divided into four areas: 0, 12, 34, and 35. Here are the links to download the initial router configurations.

Router R1 Router R2 Router R3
Router R4 Router R5

OSPF requires routers within the same area to have the same set of LSAs for that area in order to calculate the best path to each link in the area and prevent routing loops. This means each OSPF node in the routing domain knows exactly the network topology of each area it is attached to, but it cannot know the detailed network topologies of the other areas in the network.

Therefore, we cannot filter router and network LSAs, but we can filter received/sent Type 3 LSAs (summary LSAs) at the ABR level since that won’t create routing loops.

Filtering OSPF ABR Type 3 LSAs Going into an Area on Cisco IOS With The Area Filter-List Command

The area area_id filter-list prefix prefix_list_name in command allows controlling prefixes advertised to an OSPF area from other areas in the routing domain, where area_id is the identifier of an area and prefix_list_name is the name of an IP prefix list.

The area filter-list prefix in command works on ABRs only; it does not affect internal and non-ABR routers. Basically, it filters all type 3 LSAs originated by the ABR to the specified area according to a prefix list.

This example instructs router R2 to not produce Type 3 LSAs for subnets 10.0.20.0/24 and 10.0.21.0/24 in OSPF area 12.

R2(config)# ip prefix-list filter-subnets-10.0.20-21.0 seq 5 deny 10.0.20.0/24
R2(config)# ip prefix-list filter-subnets-10.0.20-21.0 seq 10 deny 10.0.21.0/24
R2(config)# ip prefix-list filter-subnets-10.0.20-21.0 seq 15 permit 0.0.0.0/0 le 32
R2(config)# 
R2(config)# router ospf 1
R2(config-router)# area 12 filter-list prefix filter-subnets-10.0.20-21.0 in

The first and second ip prefix-list entries restrict IP prefixes 10.0.20.0/24 and 10.0.21.0/24, while the third one permits all IP prefixes.

The show ip ospf database command output indicates that R2 no longer originates LSAs Type 3 for IP prefixes 10.0.20.0/24 and 10.0.21.0/24 in area 12. As a result, router R1 won’t learn routes to those subnets.

Router R1

R1# show ip route 10.0.20.0
% Subnet not in table
R1#
R1# show ip route 10.0.21.0
% Subnet not in table
R1#

Router R2

R2# show ip ospf database



omitted output

                Summary Net Link States (Area 12)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.22.0       2.2.2.2         484         0x80000001 0x00F51C
10.0.23.0       2.2.2.2         484         0x80000001 0x00EA26
10.0.34.0       2.2.2.2         484         0x80000001 0x00679F
10.0.35.0       2.2.2.2         484         0x80000001 0x005CA9
10.0.123.0      2.2.2.2         484         0x80000001 0x008628

Filtering OSPF ABR Type 3 LSAs Coming out of an Area on Cisco IOS With The Area Filter-List Command

The area area_id filter-list prefix prefix_list_name out command allows controlling prefixes advertised out of an OSPF area from other areas in the routing domain, where area_id is the identifier of an area and prefix_list_name is the name of an IP prefix list.

The area filter-list prefix out command works on ABRs only; it does not affect internal and non-ABR routers. Primarily, it filters all type 3 LSAs originated by the ABR sent out of the specified area according to a prefix list.

This example instructs router R3 to stop originating Type 3 LSAs for subnet 10.0.20.0/24 in OSPF areas 34 and 35.

R3(config)# ip prefix-list filter-subnet-10.0.20.0 seq 5 deny 10.0.20.0/24
R3(config)# ip prefix-list filter-subnet-10.0.20.0 seq 10 permit 0.0.0.0/0 le 32
R3(config)# 
R3(config)# router ospf 1
R3(config-router)# area 34 filter-list prefix filter-subnet-10.0.20.0 out

The first ip prefix-list statement denies IP prefix 10.0.20.0/24, while the second one allows all IP prefixes.

The show ip ospf database command output states that R3 no longer originates LSAs Type 3 for IP prefix 10.0.20.0/24 in areas 34 and 35.

R3# show ip ospf database summary 10.0.20.0

            OSPF Router with ID (3.3.3.3) (Process ID 1)
R3#

Besides, the routes to subnet 10.0.20.0/24 have been removed from the routing tables of routers R1, R2, and R5 since R3 stopped originating a Type 3 LSA for that subnet in area 0.

Router R1

R1# show ip route 10.0.20.0
% Subnet not in table
R1#

Router R2

R2# show ip route 10.0.20.0
% Subnet not in table
R2#

Router R5

R5# show ip route 10.0.20.0
% Subnet not in table
R5#

Filtering Type 3 LSAs Using Cisco IOS Area Range Command

The area area_id range ip_prefix subnet_mask not-advertise command instructs the router to filter out the specified area’s prefixes matched by ip_prefix and subnet_mask from getting flooded into other OSPF areas, where area_id is the identifier of the area containing the routes to filter.

This example prohibits area 34’s subnets 10.0.20.0/24, 10.0.21.0/24, 10.0.22.0/24, and 10.0.23.0/24 from getting injected into other OSFP areas.

R3(config)# router ospf 1
R3(config-router)# area 34 range 10.0.20.0 255.255.252.0 not-advertise

The show ip ospf database command output state that Type 3 LSAs of the IP prefixes in question no longer exist in the LSDBs of areas 0 and 35.

Router R2

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         104         0x8000000D 0x00BF47 1
3.3.3.3         3.3.3.3         418         0x8000000C 0x00837B 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.123.2      2.2.2.2         582         0x80000001 0x00593D

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.0        2.2.2.2         104         0x80000002 0x00DC4B
10.0.1.0        2.2.2.2         104         0x80000002 0x00D155
10.0.2.0        2.2.2.2         104         0x80000002 0x00C65F
10.0.3.0        2.2.2.2         104         0x80000002 0x00BB69
10.0.12.0       2.2.2.2         104         0x80000002 0x004ECE
10.0.34.0       3.3.3.3         409         0x80000001 0x003FC4
10.0.35.0       3.3.3.3         409         0x80000001 0x0034CE




omitted output

Router R5

R5# show ip ospf database



omitted output

                Summary Net Link States (Area 35)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.0        3.3.3.3         327         0x80000001 0x00CA59
10.0.1.0        3.3.3.3         327         0x80000001 0x00BF63
10.0.2.0        3.3.3.3         327         0x80000001 0x00B46D
10.0.3.0        3.3.3.3         327         0x80000001 0x00A977
10.0.12.0       3.3.3.3         327         0x80000001 0x003CDC
10.0.34.0       3.3.3.3         327         0x80000001 0x003FC4
10.0.123.0      3.3.3.3         327         0x80000001 0x006842

Finally, the following show ip route command outputs the routes to subnets 10.0.20.0/24, 10.0.21.0/24, 10.0.22.0/24, and 10.0.23.0/24 have been removed from the routing tables of routers R1, R2, and R5.

Router R1

R1# show ip route 10.0.20.0
% Subnet not in table
R1# show ip route 10.0.21.0
% Subnet not in table
R1# show ip route 10.0.22.0
% Subnet not in table
R1# show ip route 10.0.23.0
% Subnet not in table

Router R2

R2# show ip route 10.0.20.0
% Subnet not in table
R2# show ip route 10.0.21.0
% Subnet not in table
R2# show ip route 10.0.22.0
% Subnet not in table
R2# show ip route 10.0.23.0
% Subnet not in table

Router R5

R5# show ip route 10.0.20.0
% Subnet not in table
R5# show ip route 10.0.21.0
% Subnet not in table
R5# show ip route 10.0.22.0
% Subnet not in table
R5# show ip route 10.0.23.0
% Subnet not in table

OSPF area filter-list vs distribute-list Command

Here are some differences between the area filter-list and distribute-list commands:

  • The distribute-list command uses both ACLs and prefix lists.
  • The area filter-list command use prefix lists only.
  • The distribute-list command does not filter Type 3 LSA from the OSPF database.
  • The area filter-list command filter Type 3 LSA from the OSPF database.
  • The distribute-list command prevents OSPF routes from entering the routing table.

Related Lessons to OSPF ABR Type 3 LSA Filtering

Conclusion

I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.

Mohamed Ouamer
Mohamed Ouamer is a computer science teacher and a self-published author. He taught networking technologies and programming for more than fifteen years. While he loves to share knowledge and write, Mohamed's best passions include spending time with his family, visiting his parents, and learning new things.