Date created: Tuesday, August 28, 2018 9:28:26 PM. Last modified: Wednesday, June 29, 2022 11:28:01 AM

OSPFv2 Inter-Area Filtering

In the topology below, the routes from each access area are not advertised into the backbone area 0 (area 1 see's no area 2 routes and vice verse). Equally from the backbone area only the loopback0 IP of the aggregation node within an access area is advertised (ACC1x nodes have AGG1-Lo0 and AGG2-Lo0 but not COR1-Lo0).

This is implemented so that each area can operate as a separate LDP domain, scaling independently of the others. This is in line with the Seamless MPLS architecture. The LSDB within OSPF is made from LSAs being flooded within an area, which causes each router to built a graph tree of the topology. After the graph tree is built then the prefixes that were attached to the LSAs are processed. This distinction is important, LSAs are processed first to build the graph then IP prefixes are processed to build the SPT afterwards, prefixes are extra information attached to LSAs.

Junos supports the commands "network-summary-export" and "network-summary-import". When using "set protocols ospf area <area> network-summary-export <policy>", prefixes are not exported out to that specific area but may be exported out to other areas. When using "network-summary-import" on the area where the prefix originates from stops it from being advertised to any area. The same policy can be used inbound to stop and non-area 0 prefixes from being imported into any other area. A policy for area 0 can match the local loopback0 IP to allow only that IP to be exported into the non-area 0 areas (so that LDP may build LSPs).

ACC11 Config:

set version 14.1R1.10
set system host-name ACC11
set interfaces ge-0/0/1 description ACC12-Fa0/1
set interfaces ge-0/0/1 unit 0 family inet address 10.1.12.1/30
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/2 description AGG1-ge-0/0/2
set interfaces ge-0/0/2 unit 0 family inet address 10.1.11.2/30
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.1.1/32
set routing-options router-id 10.0.1.1
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set protocols ospf area 0.0.0.1 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.1 interface ge-0/0/2.0 interface-type p2p
set protocols ldp interface ge-0/0/1.0
set protocols ldp interface ge-0/0/2.0
set protocols ldp interface lo0.0

AGG1 Config:

set version 14.1R1.10
set system host-name AGG1
set interfaces ge-0/0/2 description ACC11-ge-0/0/2
set interfaces ge-0/0/2 unit 0 family inet address 10.1.11.1/30
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/3 description AGG2-Fa0/1
set interfaces ge-0/0/3 unit 0 family inet address 10.0.12.1/30
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/4 description COR1-Fa0/0
set interfaces ge-0/0/4 unit 0 family inet address 10.0.11.2/30
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces ge-0/0/5 description ACC21-Fa1/0
set interfaces ge-0/0/5 unit 0 family inet address 10.2.11.1/30
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.0.1/32
set routing-options router-id 10.0.0.1
set protocols ospf area 0.0.0.0 network-summary-import ImportFromArea0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0 interface-type p2p
set protocols ospf area 0.0.0.1 network-summary-import ImportFromAreaN
set protocols ospf area 0.0.0.1 interface ge-0/0/2.0 interface-type p2p
set protocols ospf area 0.0.0.2 network-summary-import ImportFromAreaN
set protocols ospf area 0.0.0.2 interface ge-0/0/5.0 interface-type p2p
set protocols ldp interface ge-0/0/2.0
set protocols ldp interface ge-0/0/3.0
set protocols ldp interface ge-0/0/4.0
set protocols ldp interface ge-0/0/5.0
set protocols ldp interface lo0.0
set policy-options policy-statement ImportFromArea0 term 10 from route-filter 10.0.0.1/32 exact
set policy-options policy-statement ImportFromArea0 term 10 then accept
set policy-options policy-statement ImportFromArea0 term 20 then reject
set policy-options policy-statement ImportFromAreaN term 10 then reject

COR1 Config:

interface Loopback0
ip address 10.0.0.3 255.255.255.255
ip ospf 1 area 0
!
mpls ldp router-id lo0 force
!
interface FastEthernet0/0
description AGG1-E3
ip address 10.0.11.1 255.255.255.252
ip ospf network point-to-point
ip ospf prefix-suppression
ip ospf 1 area 0
duplex auto
speed auto
mpls ip
no shutdown
!
interface FastEthernet0/1
description AGG2-Fa1/1
ip address 10.0.22.1 255.255.255.252
ip ospf network point-to-point
ip ospf prefix-suppression
ip ospf 1 area 0
duplex auto
speed auto
mpls ip
no shutdown
!
router ospf 1
router-id 10.0.0.3
prefix-suppression
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface FastEthernet0/1
no passive-interface Loopback0
exit

Below the output shows that the AGG1 router has only loopback IPs from area 0 as summary routes (Type 3 LSAs) in the other areas (1 & 2):

lab@AGG1> show ospf database           

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *10.0.0.1         10.0.0.1         0x80000004   189  0x22 0xe27e  84
Router   10.0.0.2         10.0.0.2         0x80000005   102  0x22 0x2177  60
Router   10.0.0.3         10.0.0.3         0x80000005   185  0x22 0x9cfd  60

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *10.0.0.1         10.0.0.1         0x80000002  1060  0x22 0x5c78  48
Router   10.0.0.2         10.0.0.2         0x80000003   114  0x22 0xe9ff  36
Router   10.0.1.1         10.0.1.1         0x80000006   541  0x22 0x3822  84
Router   10.0.1.2         10.0.1.2         0x80000005   391  0x22 0xd4bf  60
Summary *10.0.0.1         10.0.0.1         0x80000002   437  0x22 0x9a8b  28
Summary  10.0.0.2         10.0.0.2         0x80000001   396  0x22 0x968d  28

    OSPF database, Area 0.0.0.2
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *10.0.0.1         10.0.0.1         0x80000002    51  0x22 0x854c  48
Router   10.0.0.2         10.0.0.2         0x80000003    50  0x22 0xfee8  36
Router   10.0.2.1         10.0.2.1         0x80000005    25  0x22 0x8815  60
Router   10.0.2.2         10.0.2.2         0x80000005    12  0x22 0xb0dd  60
Summary *10.0.0.1         10.0.0.1         0x80000002    11  0x22 0x9a8b  28
Summary  10.0.0.2         10.0.0.2         0x80000001   275  0x22 0x968d  28

The output below shows that the ACC11 router has only loopback routes for OSPF area 1 and the redistributed area 0 loopback routes from the two AGG1 and AGG2 ABR routers:

lab@ACC11> show ospf database 

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router   10.0.0.1         10.0.0.1         0x80000003   327  0x22 0x5a79  48
Router   10.0.0.2         10.0.0.2         0x80000003   881  0x22 0xcbee  48
Router  *10.0.1.1         10.0.1.1         0x80000005    82  0x22 0x3a21  84
Router   10.0.1.2         10.0.1.2         0x80000004  1114  0x22 0xeb7a  72
Summary  10.0.0.1         10.0.0.1         0x80000003  1703  0x22 0x988c  28
Summary  10.0.0.2         10.0.0.2         0x80000001   515  0x22 0x968d  28

In the output above, the loopback IP from each ABR is redistributed from area 0 into area 1. Any router must originate a Type 1 LSA into any area in which they send LSAs. A Type 1 LSA is sent by each ABR which will contain all it's directly connected interfaces. For example, AGG1 will send 10.0.0.1/32 and 10.1.11.0/30. Now that the device has advertised a Type 1 LSA within the area, it can send a Type 3 Summary LSA to advertise it's loopback 0 IP address. This is not needed as the loopback 0 IP was in the Type 1 LSA. The point of Type 3 LSAs is to advertise inter-area prefixes which are not directly attached to the ABR.

This can be seen in the output below from ACC11 which shows the Type 1 LSA and Type 3 LSA received from AGG1:

lab@ACC11> show ospf database detail lsa-id 10.0.0.1    

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router   10.0.0.1         10.0.0.1         0x80000002  1338  0x22 0x5c78  48
  bits 0x1, link count 2
  id 10.0.1.1, data 10.1.11.1, Type PointToPoint (1)
    Topology count: 0, Default metric: 1
  id 10.1.11.0, data 255.255.255.252, Type Stub (3)
    Topology count: 0, Default metric: 1
  Topology default (ID 0)
    Type: PointToPoint, Node ID: 10.0.1.1
      Metric: 1, Bidirectional
Summary  10.0.0.1         10.0.0.1         0x80000002   715  0x22 0x9a8b  28
  mask 255.255.255.255
  Topology default (ID 0) -> Metric: 0

The only way to make AGG1 (or AGG2) advertise it's loopback0 IP which is in area 0 into another area is to use a Type 3 LSA, and the only way to make AGG1 originate a Type 1 LSA containing its loopback0 IP into area 1 is by originating a Type 3 LSA 3. Both LSAs are required as the loopback0 IP on AGG1 is in area 0. If the inter-area policy on AGG1 is changed to block everything from area 0 then the Type 1 LSA is originated but no Type 3 LSA is originated. Because the prefix is in another area a Type 3 LSA is required to make it reachable within OSPF.

The output below shows that COR1 only has routes for OSPF area 0 and only has LDP labels for prefixes within this area so inter-area filtering is working as expected within area 0:

COR1#show ip ospf database 

            OSPF Router with ID (10.0.0.3) (Process ID 1)

        Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.1        10.0.0.1        2851        0x80000004 0x00E27E 5
10.0.0.2        10.0.0.2        859         0x80000004 0x0076D0 5
10.0.0.3        10.0.0.3        818         0x80000004 0x00A0A9 5

COR1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 Pop Label 10.0.0.2/32 0 Fa0/1 10.0.22.2
18 Pop Label 10.0.0.1/32 0 Fa0/0 10.0.11.2
19 No Label 10.0.12.0/30 0 Fa0/0 10.0.11.2

The results from an access layer PE such as ACC22 show the same results, that inter-area filtering is working as desired:

ACC22#show ip route
...
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O IA     10.0.0.1/32 [110/2] via 10.2.12.1, 00:15:05, FastEthernet0/0
O IA     10.0.0.2/32 [110/2] via 10.2.22.1, 00:30:27, FastEthernet1/0
O        10.0.2.1/32 [110/2] via 10.2.12.1, 00:30:22, FastEthernet0/0
C        10.0.2.2/32 is directly connected, Loopback0
O        10.2.11.0/30 [110/3] via 10.2.12.1, 00:30:07, FastEthernet0/0
C        10.2.12.0/30 is directly connected, FastEthernet0/0
L        10.2.12.2/32 is directly connected, FastEthernet0/0
C        10.2.22.0/30 is directly connected, FastEthernet1/0
L        10.2.22.2/32 is directly connected, FastEthernet1/0

ACC22#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
18         Pop Label  10.0.0.2/32      0             Fa1/0      10.2.22.1   
19         Pop Label  10.0.2.1/32      0             Fa0/0      10.2.12.1   
20         Pop Label  10.2.11.0/30     0             Fa0/0      10.2.12.1   
21         21         10.0.0.1/32      0             Fa0/0      10.2.12.1

The output below shows the AGG2 view of the IGP domain. We can see that it has all routes from all areas. It is worth noting that it has multiple copies of the AGG1 and AGG2 loopback0 within each area, as a Type 1 LSA and Type 3 LSA:

AGG2#show ip ospf  database 

            OSPF Router with ID (10.0.0.2) (Process ID 1)

        Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.1        10.0.0.1        2987        0x80000004 0x00E27E 5
10.0.0.2        10.0.0.2        1004        0x80000004 0x0076D0 5
10.0.0.3        10.0.0.3        965         0x80000004 0x00A0A9 5

        Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.1        10.0.0.1        454         0x80000003 0x005A79 2
10.0.0.2        10.0.0.2        1004        0x80000003 0x00CBEE 2
10.0.1.1        10.0.1.1        209         0x80000005 0x003A21 5
10.0.1.2        10.0.1.2        1239        0x80000004 0x00EB7A 4

        Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.1        10.0.0.1        1830        0x80000003 0x00988C
10.0.0.2        10.0.0.2        638         0x80000001 0x00968D
          
        Router Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.1        10.0.0.1        152         0x80000003 0x00834D 2
10.0.0.2        10.0.0.2        1004        0x80000003 0x00F4C2 2
10.0.2.1        10.0.2.1        1118        0x80000004 0x005201 5
10.0.2.2        10.0.2.2        1128        0x80000004 0x00E652 5

        Summary Net Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.1        10.0.0.1        1830        0x80000003 0x00988C
10.0.0.2        10.0.0.2        638         0x80000001 0x00968D

Juniper doesn't support prefix suppression for OSPF like Cisco does. In the output below it can be seen that ACC11 is receiving from ACC12 a Type 1 LSA which has a type 3 link to it's own loopback0 IP (10.0.1.2), a type 1 link to AGG2's loopback0 IP (10.0.0.2) and a type 3 link to ACC11's loopback0 IP (10.0.1.1).

lab@ACC11> show ospf database detail lsa-id 10.0.1.2 

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router   10.0.1.2         10.0.1.2         0x80000005  1562  0x22 0xd4bf  60
  bits 0x0, link count 3
  id 10.0.1.2, data 255.255.255.255, Type Stub (3)
    Topology count: 0, Default metric: 1
  id 10.0.1.1, data 10.1.12.2, Type PointToPoint (1)
    Topology count: 0, Default metric: 1
  id 10.0.0.2, data 10.1.22.2, Type PointToPoint (1)
    Topology count: 0, Default metric: 1
  Topology default (ID 0)
    Type: PointToPoint, Node ID: 10.0.0.2
      Metric: 1, Bidirectional
    Type: PointToPoint, Node ID: 10.0.1.1
      Metric: 1, Bidirectional

ACC12 sends ACC11's own loopback0 IP back to him because OSPF reflects all routes it receives to all neighbours however, the cost in the output above is 1, it is 0 from ACC11 to reach it's own loopback interface so no received LSA will ever offer a lower cost path. 10.0.1.1 and 10.0.0.2 in the above output show as LSA Type 1 link type 1 networks, which is the Cisco prefix-suppression feature lying about the topology of the network to remove the need for the transit link prefix ranges.


Previous page: ISIS Basics
Next page: Layer 2 Edge Port Protection