Thursday, May 7, 2009

OSPF routing part XII - filter-list

Consider the above scenraio where router 2 is an ABR between areas 0,1 and 2. All adjacencies are up and full exchange of routes has taken place.

A new requirement is that area 2 is deemed confidential. Area 1 must not have access to any routes originating from Area 2.

This can be achieved by making using of the ospf filter-list functionality. First a prefix-list must be defined that indicates routes that must be filtered (and allowed!).

ip prefix-list AREA2 deny
ip prefix-list AREA2 deny
ip prefix-list AREA2 permit le 32

N.B. the last entry in the prefix list is essential to ensure all routes other than the previously denoted denied routes are allowed through.

On router 2 the filter-list can then be applied

router ospf 1
area 1 filter-list prefix AREA2 in

When the routing table on R1 is subsequently examined the and routes are no longer present. Nice.

No comments: