OSPF route filtering is a technique for identifying routes that can be advertised or received from neighbor routers. It can be used for traffic engineering, memory optimization, and security enhancement. Each router in an area shares a complete copy of the OSPF database. As a result, routes are filtered as they enter the area via the ABR.
We will discuss three methods for filtering routes in OSPF, and we are going to use the network diagram below:
Filtering with Summarization
One way that we can filter OSPF routes is by using the not-advertise keyword when summarizing routes. OSPF route summarization is only possible in ASBR or ABR. It sets the address range status to DoNotAdvertise. Type 3 summary LSA is then suppressed for any networks in that range and routes are visible only within the area where it originates.
Let’s look at the local routing table of R3. We can see that it’s receiving the 3 subnets 192.168.x.x/24 from area 1.
R3# sh ip route ospf | b Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/4] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O IA 192.168.1.0/24 [110/4] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O IA 192.168.2.0/24 [110/4] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O IA 192.168.3.0/24 [110/4] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O 172.16.12.0/24 [110/2] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O IA 172.16.24.0/24 [110/3] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
O IA 172.16.25.0/24 [110/3] via 192.168.13.1, 00:00:39, GigabitEthernet0/3
Now, let’s add the OSPF configuration below in our ABR R2:
conf t router ospf 1 area 1 range 192.168.1.0 255.255.255.0 not-advertise
After the change, let’s look at the routing table again and see what happens. 192.168.1.0/24 is no longer advertised from Area 1 to Area 3.
R3# sh ip route ospf | b Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/4] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
O IA 192.168.2.0/24 [110/4] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
O IA 192.168.3.0/24 [110/4] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
O 172.16.12.0/24 [110/2] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
O IA 172.16.24.0/24 [110/3] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
O IA 172.16.25.0/24 [110/3] via 192.168.13.1, 00:01:33, GigabitEthernet0/3
Filtering OSPF Areas
OSPF route filtering using summarization is easy but there’s a limitation. What if we want to receive a route in Area 0 but not in Area 2? That’s not possible using our first method. The next method is through OSPF area filtering.
Let’s configure prefix-list for the route that we are going to filter. In our example, we are going to filter 192.168.2.0/24.
In ABR R3, we configure the prefix-list of the route that we’re going to filter:
R3(config)#ip prefix-list OSPF-FILTER seq 10 deny 192.168.2.0/24 R3(config)#ip prefix-list OSPF-FILTER seq 20 permit 0.0.0.0/0 le 32
Then, let’s apply the same prefix-list to OSPF:
R3(config)# router ospf 1 R3(config-router)#area 0 filter-list prefix OSPF-FILTER out
Now, let’s verify if we are receiving 192.168.2.0/24 in Area 0. Yes, we are.
R1#sh ip route ospf | b Gateway
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.12.2, 01:30:24, GigabitEthernet0/2
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.13.3, 01:26:49, GigabitEthernet0/3
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/3] via 192.168.12.2, 01:34:26, GigabitEthernet0/2
O IA 192.168.2.0/24 [110/3] via 192.168.12.2, 01:34:26, GigabitEthernet0/2
O IA 192.168.3.0/24 [110/3] via 192.168.12.2, 01:34:26, GigabitEthernet0/2
O IA 172.16.24.0/24 [110/2] via 192.168.12.2, 01:34:36, GigabitEthernet0/2
O IA 172.16.25.0/24 [110/2] via 192.168.12.2, 01:34:16, GigabitEthernet0/2
O IA 172.16.36.0/24 [110/2] via 192.168.13.3, 00:13:17, GigabitEthernet0/3
O IA 172.16.37.0/24 [110/2] via 192.168.13.3, 00:13:13, GigabitEthernet0/3
Then, let’s check Area 2 R7. We can no longer see 192.168.2.0/24 here.
R7#sh ip route ospf | b Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/4] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/5] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O IA 192.168.3.0/24 [110/5] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O IA 172.16.12.0/24 [110/3] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O IA 172.16.13.0/24 [110/2] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O IA 172.16.24.0/24 [110/4] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O IA 172.16.25.0/24 [110/4] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
O 172.16.36.0/24 [110/2] via 192.168.37.3, 00:05:13, GigabitEthernet0/1
We can also define if we want to filter networks inbound or outbound.
R3(config-router)# area 0 filter-list prefix OSPF-FILTER ? in Filter networks sent to this area out Filter networks sent from this area
Local OSPF Filtering
In some cases, routes need to be removed only on specific routers in an area. OSPF is a link-state protocol that requires all routers in a given area to keep an identical copy of the LSDB. While a route may exist in the OSPF LSDB, it’s possible not to install it in the local RIB by using a distribute-list.
In our example, let’s filter 192.168.3.0/24 in R6 and allow it in R7.
R6#conf t Enter configuration commands, one per line. End with CNTL/Z. R6(config)#ip access-list standard OSPF-FILTER R6(config-std-nacl)#deny 192.168.3.0 R6(config-std-nacl)#permit any R6(config-std-nacl)#router ospf 1 R6(config-router)#distribute-list OSPF-FILTER in R6(config-router)#end
Let’s verify if it’s really removed in R6 and present in R7:
R6#sh ip route ospf | b Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/4] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/5] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
O IA 172.16.12.0/24 [110/3] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
O IA 172.16.13.0/24 [110/2] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
O IA 172.16.24.0/24 [110/4] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
O IA 172.16.25.0/24 [110/4] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
O 172.16.37.0/24 [110/2] via 192.168.36.3, 00:00:08, GigabitEthernet0/0
R7#sh ip route ospf | b Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/4] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/5] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O IA 192.168.3.0/24 [110/5] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O IA 172.16.12.0/24 [110/3] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O IA 172.16.13.0/24 [110/2] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O IA 172.16.24.0/24 [110/4] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O IA 172.16.25.0/24 [110/4] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
O 172.16.36.0/24 [110/2] via 192.168.37.3, 00:27:40, GigabitEthernet0/1
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
