OSPF LSAs could be filtered from the originating router to a specified neighbor. We have the following options
- Using prefix suppression
- Using database filter
Router 1 has secondary IP address assigned
R1#sh run | begin interface
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip address 1.1.1.2 255.255.255.255 secondary
!
interface FastEthernet0/1
ip address 10.0.1.1 255.255.255.0
ip address 10.0.2.1 255.255.255.0 secondary
Prefix suppression: This could be enabled globally under the OSPF process or under an interface. This is turned off by default, which means all prefixes are advertised. When this feature is turned on under the OSPF process, the following types of networks are not suppressed.
- Loopbacks
- Secondary address
- Passive interfaces
R1#sh ip ospf database self-originate
OSPF Router with ID (11.11.11.11) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
11.11.11.11 11.11.11.11 7 0x80000010 0x009F9D 5
Now let us turn on prefix-suppression on R1 under OSPF.
R1#deb ip ospf lsa
R1#deb ip ospf lsa-generation
OSPF summary lsa generation debugging is on
R1(config)#router ospf 1
R1(config-router)#prefix-suppression
OSPF: Suppressing 10.0.1.0/24 on FastEthernet0/1 from router LSA
If the interface is in passive mode the prefix associated with it will not be suppressed.
R1(config-router)#passive-interface f0/1
R1(config-router)#do sh ip ospf database self-originate
OSPF Router with ID (11.11.11.11) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
11.11.11.11 11.11.11.11 13 0x80000012 0x009B9F 5
The packet capture show that the network 10.0.1.0/24 associated with f0/1 interface is also sent.
We can configure prefix suppression also directly on an interface, which then only suppresses the specific network. First let us remove the suppression globally and then apply it to the loopback interface.
R1(config)#router ospf 1
R1(config-router)#no prefix-suppression
R1(config-router)#int loop 0
R1(config-if)#ip ospf prefix-suppression
OSPF: Suppressing 1.1.1.1/32 on Loopback0 from router LSA
Note that only the primary prefix associated with the interface gets suppressed.
Database filter: This filters all LSAs from being sent to a particular neighbor or out of a specific interface. With this we cannot control which prefixes must be sent. Neighbor command is allowed only on NBMA and point-to-multipoint networks.
As the default network type for OSPF is broadcast, we can only apply database filter to the interface.
R2#sh ip ospf database
OSPF Router with ID (22.22.22.22) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
11.11.11.11 11.11.11.11 29 0x80000002 0x00BB8F 5
22.22.22.22 22.22.22.22 33 0x80000002 0x0089DE 1
33.33.33.33 33.33.33.33 34 0x80000002 0x0050BE 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.123.3 33.33.33.33 24 0x80000002 0x00150A
R1(config)#int f0/0
R1(config-if)#ip ospf database-filter all out
R2#sh ip ospf database
OSPF Router with ID (22.22.22.22) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
22.22.22.22 22.22.22.22 12 0x80000002 0x0089DE 1
33.33.33.33 33.33.33.33 13 0x80000002 0x0050BE 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.123.3 33.33.33.33 13 0x80000001 0x001709
As router R1 does not send out any router LSAs out of Fast Ethernet 0/0 interface, R2 does not receive any LSAs from R1. But on the other hand R1 will have all LSAs from other routers. Make sure that the router with database filter applied if never the DR.
To conclude, Prefix suppression would be a preferable method to filter specific LSAs. Database filter could be used when no LSAs are to be sent to a specific router.