You want to apply a filter so that OSPF populates only certain routes into the routing table.
You can filter inbound routes to prevent the router from putting them in its routing table:
Router5#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router5(config)#access-list 1 deny 172.20.10.0 Router5(config)#access-list 1 permit any Router5(config)#router ospf 87 Router5(config-router)#distribute-list 1 in Ethernet0 Router5(config-router)#end Router5#
The OSPF algorithm requires that every router in an area receive all of the LSAs for that area, so you cannot filter outbound routing information:
Router5#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router5(config)#router ospf 87 Router5(config-router)#distribute-list 1 out Ethernet0 % Interface not allowed with OUT for OSPF Router5(config-router)#end Router5#
It's important to remember that, unlike EIGRP and RIP, OSPF uses a link state rather than a distance vector algorithm. One place where this difference becomes clear is in route filtering. At a minimum, every router in an area must see the LSAs for every other router in the same area. Depending on the type of area, it may also see summary LSAs representing routing information from other areas or ASes. These LSA packets are flooded throughout the area, with each router forwarding LSA information on to any downstream devices. Every router then separately computes the best routing table based on this link state information.
If you prevented a router from forwarding some of the LSA information, its downstream routers would not have a full link-state database, and consequently wouldn't be able to generate an accurate routing table.
Therefore, it is not possible to do the kind of route filtering that we discussed for RIP and EIGRP in Chapter 6 and Chapter 7. The only filtering we can do is to prevent a router from installing a route learned via OSPF into its routing table. This way, the link state database remains intact on every router in the area. If you really want to break up the forwarding of LSA information, subdivide the area.
You can see the effect of the inbound filter by looking at the routing table both before and after applying the filter. Before the inbound filter is enabled, you can see that the route is there:
Router5#show ip route 172.20.10.0
Routing entry for 172.20.10.0/24
Known via "ospf 87", distance 110, metric 84, type inter area
Redistributing via ospf 87
Last update from 172.25.1.5 on Ethernet0, 00:00:07 ago
Routing Descriptor Blocks:
* 172.25.1.5, from 172.25.25.1, 00:00:07 ago, via Ethernet0
Route metric is 84, traffic share count is 1
Router5#
Then, after we apply the filter, the route is gone:
Router5#show ip route 172.20.10.0
% Subnet not in table
Router5#
|
|
|
| Top |