From CCIE Study Wiki

OSPF filtering does not prevent routes from being considered by the OSPF process. It either prevents SPF from adding routes into the routing table or prevents certain LSAs from ever being created.

Theory

Filtering in OSPF is a bit different then with EIGRP/RIP. OSPF (and other link-state protocols) do not advertise routes, they advertise topology information and then compute routes. Filtering LSA's could make for different LSDBs on different routers, which could cause routing issues.

There are three main ways to control route filtering in OSPF

1. Using distribute-list commands, filter the routes SPF is attempting to add into the routing table. Doesn't affect the LSDB this way!
2. ABR type 3 LSA filtering - Preventing an ABR from creating a particular type 3 LSA
3. Using the area range no-advertise option - Also prevents a ABR from creating a specific type 3 summary LSA

When using the distribute-list command in OSPF, only inbound routes are filtered, and the command only effects the router the distribute list is configured on. No LSA's are effected, only routes that SPF chooses to add to the router's routing table.

• If the distribute list includes the incoming int parameter, the incoming interface is checked as if it were the outgoing interface of the route.
• Distribute-list commands can refer to ACLs, Prefix Lists, or Route Maps for filtering

ABR type 3 filters allow the ABR to filter type 3 LSAs at the point they would normally be created. The command to use on the ABR would be area number filter-list prefix-name in | out. The prefix list is used to match the subnets and masks, whilte the in option filters prefixes going INTO the configured area, and the out option is used to filter prefixes coming OUT of the configured area.

The area range command on an ABR performs route summarization at the ABR, telling a router to cease advertising smaller subnets in a particular address range, instead creating a single type 3 LSA that summarizes all of the subnets.

When the command includes the not-advertise option, the summary route is not advertised either. This has the same effect as the area filter-list command using the out option.

Commands

• distribute-list [ACL | route-map map-tag] in int type | int number (OSPF Config)
• area area-id filter-list prefix {prefix-list-name in | out}
• area area-id range ip-address/mask [advertise | not-advertise] [cost cost

Default Settings

• Nothing listed yet

Verification

• Nothing listed yet

Troubleshooting, Tips, and Tricks

• Ivan of Cisco IOS Hints and Tricks has a few tips for using OSPF filters.

Online Resources

• Cisco whitepaper on filter inbound OSPF routes using route maps in a distribute-list.

• Arden Packeer shows how to filter between OSPF areas using area filter-list and how to filter OSPF routes within an area.

• How to filter OSPF routes that have the same source IP from Tassos of CCIE in 3 Months.

• CCIE to Be filters intra-area LSAs and type 3 LSAs.

• Networkers Online uses the gateway option when filter OSPF with a distribute-list.

• Explaining OSPF inbound route filtering from Ivan of Cisco IOS Hints and Tricks.

• Demystifying OSPF route filtering and OSPF prefix filtering using forwarding address from Petr of Internetwork Expert.

• Examining OSPF flooding filters in hub-and-spoke environments from Cisco IOS Hints and Tricks.

Have something to contribute? See a mistake on this page? Have a hint or a link to share?
The CCIE Study Wiki is open to everyone to edit! All you need to do is to create an account to start contributing.
Please be sure to follow our posting guidelines when editing the wiki.

Maybe you have just have some thoughts or suggestions for this entry?
Use the Discussion link on the top or bottom menu to create or join the CCIE forum post on this topic.
You can also go straight to the CCIE Forums and start a new discussion in the forum of your choice.

If you'd rather just contact us with your thoughts, we'd love to hear what you have to say.