Hi all,
This post provides an example to describe how to use the ospf filter-lsa-out comand to filter OSPF routes.
Requirement Description
There are three devices A, B, C, B establishes OSPF peer with A and C respectively, which belongs to the same process. OSPF of A imports direct routes. Now it is required to make a routing policy on B so that C cannot receive a loopback address of A.
Process
1. The device A establishes OSPF VPN peer with device B through the vlanif211, it has three loopback addresses and the direct routes are imported to the OSPF process.
2. These three routes can be seen in the VPN routing table on device B.
3. The device B and device establish OSPF VPN peer through vlanif1211. The three routes can also be seen on device C.
4. Configure ospf filter-lsa-out on vlanif1211 of the device B to filter LSAs.
5. After the configuration, you can see that there are only two routes on the C.
Precautions
1. After the deny rule is configured for the ACL, a permit rule must be added.
2. The filter-policy export command cannot be used here. The application scenario of this command is as follows: After OSPF imports external routes using the import-route command, you can use the filter-policy export command to filter the imported routes to be advertised. Only the external routes that pass the filtering can be converted into AS-external LSAs and advertised.
3. You can use the filter-policy import command in the OSPF process of the C device so that the routing table of the C device does not generate the route, however, if this is done, LSA will still be transmitted.
4. The OSPF filter-lsa-out command is used to filter the outgoing LSAs on an OSPF interface. The command can be configured only in the Layer 3 interface view.
