Performing OSPF Type 5 LSA Filtering is an easy task. In this guide, you will learn how to suppress this type of OSPF LSAs on Cisco IOS. The commands used here apply to all Cisco routers and switches running Cisco IOS and IOS XE.
Distance vector protocols like RIP and EIGRP allow route-based filtering. However, OSPF does not since OSPF nodes exchange links state data instead of network routes. Additionally, when a router receives a Type 5 LSA, Type 7 LSA, or any other LSA, it cannot add or remove entries from it.
To filter a route, you simply need to delete the LSA or the LSA entry that is describing the route in question. For example, to suppress a Type 5 LSA-based route from the OSPF routing domain, you have to delete its corresponding LSA Type 5 on each ASBR that is redistributing that route.
Filtering LSAs Type 5 can be done through one of these three Cisco IOS commands: redistribute route-map, distribute-list out, and summary-address.
In the rest of this tutorial, we use the network topology in Figure 1.
Figure 1 – The network diagram of the routing domain used in this guide
The network consists of four routers. Two routers are in EIGRP 12 autonomous system, and three routers are included in the OSPF routing domain. Here are the initial configurations of the routers.
| Router R1 | Router R2 | Router R3 | Router R4 |
Keep in mind that router R2 is redistributing EIGRP 12 routes into OSPF, as shown in the show ip route ospf command output below.
R3# show ip route ospf
omitted output
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
O E2 10.0.0.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2 10.0.1.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2 10.0.2.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2 10.0.3.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2 10.0.12.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O 10.0.24.0/24 [110/2] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
[110/2] via 10.0.34.4, 00:00:21, GigabitEthernet0/4
OSPF type 5 LSAs describe external redistributed routes, and get created by Autonomous System Boundary Routers (ASBRs) and then flooded within all areas of the OSPF routing domain, except stubby areas. The ASBR originates one Type 5 LSA for each redistributed route into OSPF either from another dynamic routing protocol or via redistributing a connected or static route.
For example, router R2 generates five LSAs Type 5 for EIGRP 12’s routes redistributed into OSPF, as illustrated in the show ip ospf database external command output.
R2# show ip ospf database external
OSPF Router with ID (2.2.2.2) (Process ID 1)
Type-5 AS External Link States
LS age: 1300
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x2965
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1300
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.0.1.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x1E6F
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1300
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.0.2.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x1379
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1300
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.0.3.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x883
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1305
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.0.12.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xA4DD
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
OSPF LSA Type 5 Filtering with Distribute Lists
Cisco IOS supports deleting Type 5 LSAs from the OSPF database. The distribute-list acl out command permits filtering one or many redistributed routes into OSPF from the OSPF database, where acl is the ID of a standard access control list (ACL) between 1 and 99 or between 1300 and 2699.
In addition, you can specify a named standard ACL instead of a numbered standard ACL. As an example, we instruct R2, the single ASBR in the network topology, to discard routing data about external subnet 10.0.1.0/24 from the OSPF database.
R2(config)# access-list 2 deny 10.0.1.0 0.0.0.255 R2(config)# access-list 2 permit any R2(config)# R2(config)# router ospf 1 R2(config-router)# distribute-list 2 out
The ACL tells the distribute-list command what routes to remove and what routes to keep. The show ip ospf database command output indicates the Type 5 LSA describing subnet 10.0.1.0/24 no longer exists in R2’s OSPF database, which now includes four Type 5 LSAs instead of five.
R2# show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 413 0x80000005 0x0007AD 2
3.3.3.3 3.3.3.3 389 0x80000005 0x00CDC8 2
4.4.4.4 4.4.4.4 364 0x80000005 0x00B79C 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.24.2 2.2.2.2 413 0x80000002 0x00CE26
10.0.34.4 4.4.4.4 364 0x80000002 0x0022BA
10.0.123.3 3.3.3.3 389 0x80000002 0x001F71
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.0.0.0 2.2.2.2 413 0x80000002 0x002766 0
10.0.2.0 2.2.2.2 413 0x80000002 0x00117A 0
10.0.3.0 2.2.2.2 413 0x80000002 0x000684 0
10.0.12.0 2.2.2.2 413 0x80000002 0x00A2DE 0
Finally, note that the distribute-list out command works on ASBRs only.
OSPF LSA Type 5 Filtering using Route-Maps
When redistributing external routes into OSPF, a route map can be used to choose what IP prefixes to redistribute or not, and thus specify what routes to not generate Type 5 LSAs for.
In this example, we set up R2 to redistribute EIGRP 12 routes 10.0.0.0/24, 10.0.1.0/24, and 10.0.2.0/24 into OSPF, and ignore subnets 10.0.3.0/24 and 10.0.12.0/24.
To accomplish this:
Step 1. Create a standard list that allows subnets 10.0.0.0/24, 10.0.1.0/24, and 10.0.2.0/24.
Step 2. Create a route map entry that matches the ACL.
Step 3. Apply the route to the redistributed EIGRP routes.
R2(config)# access-list 2 permit 10.0.0.0 0.0.0.255 R2(config)# access-list 2 permit 10.0.1.0 0.0.0.255 R2(config)# access-list 2 permit 10.0.2.0 0.0.0.255 R2(config)# R2(config)# route-map EIGRP_into_OSPF permit 10 R2(config-route-map)# match ip address 2 R2(config-route-map)# exit R2(config)# R2(config)# router ospf 1 R2(config-router)# redistribute eigrp 12 subnets route-map EIGRP_into_OSPF
The show ip ospf database command output states that Type 5 LSAs for subnets 10.0.3.0/24 and 10.0.12.0/24 have been removed from R2’s OSPF database.
R2# show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 209 0x80000007 0x001799 2
3.3.3.3 3.3.3.3 210 0x80000008 0x00C7CB 2
4.4.4.4 4.4.4.4 210 0x80000008 0x00DD71 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.24.4 4.4.4.4 210 0x80000001 0x00608B
10.0.34.4 4.4.4.4 880 0x80000001 0x0024B9
10.0.123.3 3.3.3.3 210 0x80000001 0x002170
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.0.0.0 2.2.2.2 203 0x80000003 0x002567 0
10.0.1.0 2.2.2.2 203 0x80000002 0x001C70 0
10.0.2.0 2.2.2.2 203 0x80000003 0x000F7B 0
OSPF LSA Type 5 Filtering Using the summary-address Command
OSPF supports condensing external routes regardless of their source: connected routes, static routes, or a dynamic routing protocol. The ASBR redistributing those routes can be configured to advertise a summary of them or suppress some external routes using the summary-address command.
the summary-address ip_address mask not-advertise command filters Type 5 LSAs matched by the ip_address/mask pair, where ip_address and mask are two 32-bit values.
This example configures router R2 to prevent IP prefixes 10.0.2.0/24 and 10.0.3.0/24 from getting injected into the OSPF routing domain. To learn how to calculate the IP address and mask for a summary route, read this post: OSPF route summarization.
R2(config)# router ospf 1 R2(config-router)# summary-address 10.0.2.0 255.255.254.0 not-advertise
To verify our configuration, we issue the show ip ospf database command on R2. Type 5 LSAs for routes 10.0.2.0 and 10.0.3.0 are no longer installed in R2’s OSPF LS database.
R2# show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 1315 0x80000009 0x00139B 2
3.3.3.3 3.3.3.3 1552 0x80000009 0x00C5CC 2
4.4.4.4 4.4.4.4 1476 0x80000009 0x00DB72 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.24.4 4.4.4.4 1476 0x80000002 0x005E8C
10.0.34.4 4.4.4.4 240 0x80000003 0x0020BB
10.0.123.3 3.3.3.3 1552 0x80000002 0x001F71
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.0.0.0 2.2.2.2 1315 0x80000002 0x002766 0
10.0.1.0 2.2.2.2 1315 0x80000002 0x001C70 0
10.0.12.0 2.2.2.2 1315 0x80000002 0x00A2DE 0
What about OSPF Type 7 LSA Filtering?
Both Type 5 and Type 7 LSAs describe external routes redistributed into OSPF. LSAs Type 7 are supported with NSSA areas whereas LSAs Type 5 are supported across the whole routing domain except stubby areas (OSPF stub, totally stubby, NSSA, and totally NSSA). Moreover, ABRs convert Type 7 LSAs into Type 5 in order to advertise external routes that are redistributed within NSSA areas to OSPF nodes in normal OSPF areas.
Similar to Type 5 LSAs, you can use the techniques discussed above to filter Type 7 LSAs.
What about OSPF Type 3 LSA Filtering?
Cisco IOS supports OSPF Type 3 LSA Filtering, which is done at the ABR level. It allows removing Type 3 LSA by instructing the ABR to not originate type 3 summary LSAs for particular links using either the area range no-advertise or area filter-list IOS command.
Additionally, you can still use the distribute-list in command on any OSPF node to deny the SPF process from adding internal OSPF routes to the routing table, without impacting the content of the LS database.
Related Lessons to OSPF Type 5 LSA Filtering
- OSPF
- OSPF Router ID
- OSPF Null Authentication
- OSPF Plain Text Authentication
- OSPF Default Route
- Basic OSPF Configuration Lab for CCNA
- OSPF Configuration
- OSPF Passive Interface
- OSPF Virtual Link
- OSPF Stub Area
- OSPF LSA Types
- OSPF Graceful Restart
- OSPF Totally Stubby Area
- OSPF Reference Bandwidth
- OSPF Cost
- OSPF DR/BDR Election
- OSPF Hello and Dead Interval
- OSPF Metric
- OSPF MD5 Authentication
- OSPF HMAC-SHA Cryptographic Authentication
- OSPF Multi-Area
- OSPF TTL Security Check
- OSPF Graceful Shutdown
- Route Redistribution between OSPF and RIP
- OSPF Network Types
- OSPF Totally NSSA Area
- OSPF NSSA Area
- OSPF Summarization
- OSPF Route Filtering
- OSPF Type 5 LSA Filtering
- OSPF ABR Type 3 LSA Filtering
- OSPF Prefix Suppression
- OSPF Path Selection
- OSPF LSA Throttling
- OSPF SPF Throttling
- OSPF Incremental SPF
- OSPF Non-Broadcast Network Type
- OSPF Point-to-Point Network Type
- OSPF Broadcast Network Type
- OSPF Point-to-Multipoint Network Type
- OSPF vs RIP
- OSPF LSA Group Pacing
- OSPF LSA Flood Pacing
- OSPF LSA Retransmission Pacing
- Troubleshooting OSPF Neighbor Adjacency
- Troubleshooting OSPF Route Installation
- Troubleshooting OSPF Route Advertisement
- OSPF Stub Router
Conclusion
I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.
