+(65) 8344 4290 Ciscodumps.net@gmail.com Room 907, Block B, Baoneng Entrepreneurship Center, Guangrong Road, Hongqiao District, Tianjin

ThinkMo EDU Share – network 6.OSPF route filtering

蒂娜 No Comments 10/17/2022

ThinkMo EDU Share – network 6.OSPF route filtering

Distribution list

Distribution list is an operation. The routing table shows that the routing entries are not recommended and have limitations (the routes filtered by this router will not affect the downstream routers).

E-list distribute-list is a tool used to control routing updates. It can only filter routing information, but not LSA. Therefore, it is suitable for distance vector routing protocols, such as RIP and EIGRP. Like OSPF lINk-state rOUTing protocol, in direction (which affects the local routing table but exists in LSDB), out direction does not work; However, local originating routes can be filtered because they are redistributed by routes, not delivered by LSA.

The filtering method is not for which interface’s In, but for whether to write into the core routing table. Moreover, this command will only kill the core routing table, but the LSA will still be stored in the ram of the router.

What is the core routing table, that is, the routing table displayed by your own show ip route? This method is a rough one in OSPF, and you can only do it yourself. It doesn’t work for others.

Case (single routing environment -ospf)

① R2(config)# access-list 1 deny 192.168.3.0。

② R2(config)# access-list 1 permit any。

③ R2(config)# router ospf 1。

④ R2(config-router)# distribute-list 1 in fa0/0。

Note that at this time, first of all, in R2′ s routing table, the 3.0 route is killed. Note that at this time, in fact, the LSA generated by the OSPF router in the area has been loaded into the OSPF database of R2, but before R2 calculates the route from the OSPF database and prepares to load the route entries into the routing table, the distribution list in the IN direction takes effect, filtering out the route of 3.0, so there is no OSPF route of 3.0 in the routing table of R2.

However, although R2 does not have route 3.0 in its own routing table, this does not prevent R2 from flooding the relevant LSA to R3, so R3 still has OSPF routes of 1.0, 2.0, 3.0 and 12.0.

Case (single routing environment -OSPF out direction distribution list)

Distribution list, which is deployed in a link-state routing protocol such as OSPF, can only be used on such occasions if out direction is to be used. As shown in the figure above, when deployed on R1, R1 introduces these three external routes by means of redistribution and direct connection, then the distribution list in the out direction can only be deployed on R1, and it will have an effect on these three routes.

  • R1(config)# access-list 1 deny 192.168.3.0.

② R1(config)# access-list 1 permit any.

  • R1(config)# router ospf 1.
  • R1(config-router)# redistribute connected subnets.
  • R1(config-router)# network 192.168.12.1 0.0.0.0 area 0.

⑥ R1(config-router)# distribute-list 1 out.

After the above configuration is implemented, R1 will filter out 3.0 routes.

prefix-list

Prefix-list: it is specially used to grab control level traffic–it can only serve publishing list and route-map; The controllability of prefix is much higher than that of access list, which supports incremental modification and is more flexible.

Determine whether the routing prefix matches the prefix in the prefix list.

The prefix list contains serial numbers, which are matched from the smallest. The default sequence is 8, which can be inserted by using serial numbers when increasing by 5.

If the prefix does not match any entry in the prefix list, it will be rejected.

  • Class a: 0 000000 at the beginning of 0
  • Class B: 10 000000 at the beginning of 10
  • Class C: 110 00000 beginning with 110

/24 24 is the length, that is, the front 24 bits are fixed.

Define the mask with Le ge. If there are no ge and le, the network mask is the number after/.

Rule: len < ge-value <= le-value.

Matching rules: match one by one from top to bottom, and the previous matching is executed according to the previous one, without looking at the small ones; Implicit rejection of all at the end;

R3 (config) # IP prefix-list xx permit1.1.0/23R3 (config) # IP prefix-list xx permit2.2.0/24le30 mask range 24-30r3(config)# Ip prefix-list xx permit 3.3.0/24ge30 mask range 30-32r3 (config) # IP prefix-list xx permit 4.4.0/24ge25le30 25-30

The default route is the default route, and the host route mask is 32 bits.

R3 (config) # IP prefix-list xx permit 0.0.0/0 ge32 matches all host routes

R3 (config) # IP prefix-list xx permit 0.0.0/1 ge8le8 matches all Class A addresses.

R3 (config) # IP prefix-list XX Permit128.0.0/2Ge16Le16 matches all class B addresses

R3 (config) # IP prefix-list XX Permit192.0.0/3Ge24Le32 matches all Class C and Class C subnets.

r3(config)#ip prefix-list xx seq 12 deny 9.9.9.0/24

You can also delete entries at will;

R3 (config) # IP prefix-list xx permit 0.0.0/0 le32 Allow all

For ospf:

  • Router(config-router)# area area-id filter-list prefix prefix-list-name in.
  • It is used to filter the summary lsa on ABR. If it is a backbone area (non-backbone area), it will prevent the conversion from this area to other non-backbone areas (backbone areas) to generate the summary lsa that meets specific conditions, and the filtering is thorough.
  • Router(config-router)# area area-id filter-list prefix prefix-list-name out.

area x range xx not-advertise

  1. The summary and details are not announced to filter the detailed routes (details are not announced).
  2. It is used to filter the summary lsa on ABR. If it is a backbone area (non-backbone area), it will prevent the conversion from this area to other non-backbone areas (backbone areas) from generating the summary lsa that meets specific conditions. It is similar to the function of the filter-policy export(area) command, but it is somewhat different. This command only filters the intra-area routes of this area, not the inter-area routes. (The reason is: this command is an aggregation command. At present, our aggregation command of VRP and IOS only aggregates the routes in this area, but not the routes between areas. Therefore, this command abr-summary not-advertise actually only filters the routes in this area. )

  1. The corresponding IOS command is: router (config-router) # area 10 range 1.1.1.0 255.255.255.0 no-advertise.

On R2, configure abr-summary to filter 1.1.1.1/32’s summary lsa.

[R2-ospf-1-area-0.0.0.100]abr-summary1.1.1.1255.255.255.255 not-advertise.

After configuration, check lsa on R3, and find that there is no lsa information of 1.1.1.1.

route-map

  • Make route-map on R2, and reject the 192.168.10.0/24 and 192.168.11.0/24 of R1.
  • access-list 101 permit ip 192.168.10.0 0.0.0.255 any.
  • Access-list 101 permit IP 192.168.11.0 0.0.255 any//catch traffic.
  • Route-map ccie deny 10 little tricks refuse.
  • Match address 101 matches acl101.
  • Route-map ccie permit 20 big action empty table allows all traffic.
  • Rediribe Ripmetric-type 1 subnet route-mapccie//Call route-map when republishing.

Complementary Track

1track IP sla1//Define a track monitor, and the monitored object is lsa probe.

  • Ip 1/defines an sla probe.
  • Ip sla auto discovery.
  • Icmp-echo10.1.13.3 defines a ping probe.
  • Ip schedule 1 life forever start-time now sets the probe effective time and start time.
  • IP Route 10.10.1.1 255.255.255 10.3.1.3 track1//If Track1 is successfully monitored, then the route takes effect, otherwise it fails.

ThinkMo CCNA Dump exam information exchange group:

CCNA/CCNP/CCIE telegram study group:https://t.me/ccie_ei_lab
CCNA/CCNP/CCIE dump:
WAHTAPP:+65 83444290
WAHTAPP:+63 9750724648

ThinkMo CCNA 200-301 Tutorial VIP Exclusive:
https://www.youtube.com/playlist?list=PLIq0cWorv-oyWHaoH79460mAa3-4AWpvw

The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!

Post Tags :

Leave a Reply

X