Thursday, May 7, 2009

OSPF routing part XII - filter-list


Consider the above scenraio where router 2 is an ABR between areas 0,1 and 2. All adjacencies are up and full exchange of routes has taken place.

A new requirement is that area 2 is deemed confidential. Area 1 must not have access to any routes originating from Area 2.

This can be achieved by making using of the ospf filter-list functionality. First a prefix-list must be defined that indicates routes that must be filtered (and allowed!).


R2
ip prefix-list AREA2 deny 150.1.24.0/24
ip prefix-list AREA2 deny 150.1.40.40/32
ip prefix-list AREA2 permit 0.0.0.0/0 le 32



N.B. the last entry in the prefix list is essential to ensure all routes other than the previously denoted denied routes are allowed through.

On router 2 the filter-list can then be applied


R2
router ospf 1
area 1 filter-list prefix AREA2 in


When the routing table on R1 is subsequently examined the 150.1.24.0/24 and 150.1.40.40/32 routes are no longer present. Nice.

No comments: