Configuring OSPF to filter received routes

0

As a link state-based routing protocol, OSPF is different from a distance-vector (D-V) algorithm routing protocol and ensures consistent topological relationship. This is an important condition for loop-free OSPF routing. You can run the filter-policy import command to filter routes in OSPF configuration. The link-state advertisement (LSA) of a route filtered out exists in the OSPF database. OSPF simply does not add the route to the routing table of the route manager. In addition, the LSA of the route is still advertised. That is, the neighbors still have this route. Note that the filter-policy export command can be used to filter routes when external routes are redistributed for advertisement.

Perform as follows to configure OSPF to filter received routes:
1. Run the system-view command to access the system view.
2. Run the ospf [ process-id ] command to access the OSPF process view.
3. Run the filter-policy { acl-number | ip-prefix ip-prefix-name } import command to configure the filtering of received routes.

Perform as follows to configure OSPF to filter imported routes:
1. Run the system-view command to access the system view.
2. Run the ospf [ process-id ] command to access the OSPF process view.
3. Run the import-route { limit limit-number | { bgp [ permit-ibgp ] | direct | unr | rip [ process-id-rip ] | static | isis [ process-id-isis ] | ospf [ process-id-ospf ] } [ cost cost | type type | tag tag | route-policy route-policy-name ] * } command to import routing information of other protocols.
(Optional) Run the filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ direct | static | unr | bgp | { rip | isis | ospf } [ process-id ] ] command to configure the filtering of routes imported in step 3. Only filtered routes can be advertised.
You can specify direct, static, unr, bgp, rip [ process-id ], isis [ process-id ], and ospf [ process-id ] to filter routing information of a specific protocol or process. If you do not specify direct, static, unr, bgp, rip [ process-id ], isis [ process-id ], or ospf [ process-id ], OSPF filters all imported routing information.

Other related questions:
How does OSPF filter received routes
As a link state-based routing protocol, OSPF is different from a distance-vector (D-V) algorithm routing protocol and ensures consistent topological relationship. This is an important condition for loop-free OSPF routing. You can run the filter-policy import command to filter routes in OSPF configuration. The link-state advertisement (LSA) of a route filtered out exists in the OSPF database. OSPF simply does not add the route to the routing table of the route manager. In addition, the LSA of the route is still advertised. That is, the neighbors still have this route. Note that the filter-policy export command can be used to filter routes when external routes are redistributed for advertisement. OSPF provides another feature: OSPF Area Border Router (ABR) Type 3 LSA filtering. This feature extends the ability of an ABR that is running the OSPF protocol to filter type 3 LSAs that are sent between different OSPF areas. This feature allows only packets with specified prefixes to be sent from one area to another area and restricts all packets with other prefixes. This type of area filtering can be applied out of a specific OSPF area, into a specific OSPF area, or into and out of the same OSPF areas at the same time.

Configure OSPF to filter received routes on S series switches
The Open Shortest Path First (OSPF) is a routing protocol based on the link status. Unlike the routing protocols using the distance-vector (D-V) algorithm, OSPF ensures topology consistency and provides loop-free routes. To configure OSPF to filter routes, run the filter-policy import command. The record about the LSA of a route filtered out exists in the OSPF database. The OSPF process does not add the route to the routing table but the LSA of the route is advertised. That is, the peer end can receive the route. The filter-policy export command can only be used to configure OSPF to filter imported external routes to be advertised. OSPF also supports the filtering of routes carried in Type 3 LSAs on ABRs. This feature enables ABRs to filter routes when advertising Type 3 LSAs between OSPF areas. Only the packets with prefixes meeting requirements can be transmitted from one area to another. In this way, the incoming and outgoing packets of an area are controlled.

How to configure OSPF to filter routes based on a routing policy
OSPF can use routing policies to filter routes. By default, OSPF does not filter routes. To configure OSPF to filter the routes to be received, run the filter-policy import command. To configure OSPF to filter the routes to be sent, run the filter-policy export command. You can use one of the following routing policies: 1. Basic ACL 2. Advanced ACL 3. IP prefix list 4. Route-policy

Problem and solution when an OSPF route filtering policy does not take effect
The reason that an OSPF route filtering policy does not take effect is as follows: For example: User ---------- MA5200F ---------- Firewall---------- NE80 ---------- Internet Open Shortest Path First (OSPF) is run on three devices, and the firewall acts as the NAT device. The NE80E cannot learn routes to private network segments. Firewall configurations are as follows: acl number 2999 rule 5 deny source 10.0.0.0 0.255.255.255 /*Filtered private network segments*/ rule 10 deny source 192.168.0.0 0.0.255.255 /*Filtered private network segments*/ rule 15 permit ospf 1 filter-policy export 2999 area 0.0.0.0 network 218.206.107.220 0.0.0.3 The routing table of the NE80 still has routes to private network segments. [JSNJ-MB-CMNET-RT01-HJL_NE80]display ip routing-table 10.33.16.192 Destination/Mask Protocol Pre Cost Nexthop Interface 10.33.16.192/26 O_ASE 50 1 218.206.97.234 Ethernet5/0/13 0.0.0.0/0 STATIC 40 0 218.206.97.109 GigabitEthernet1/0/ The route policy in the OSPF view of the firewall that uses the VRP3.30 platform takes effect only for local routes, not the LSA transmitted by the firewall to the NE80. In conclusion, because OSPF is a dynamic routing protocol based on link status and routing information is expressed through link status, OSPF cannot filter advertised or received LSAs. The filter-policy import command filters the routes calculated by OSPF. Only routes that match the filtering conditions are added to the routing table. The filter-policy export command enables a device to filter routes advertised by the device. Only routes that match the filtering conditions can be advertised.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top