Layer3 OSPF的路由过滤

session 1 OSPF的路由过滤（本地有效）

一、分发列表，只能过滤掉路由，不让路由进入RIB，但是不能阻止LSA的传递，在LSDB中还是要有Link信息。

1、distribute-list x in 接口：过滤从接口收到的路由。

R1(config-router)#distribute-list ?                          可选的路由过滤参数
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming updates based on gateway
  prefix       Filter prefixes in routing updates
  route-map    Filter prefixes based on the route-map

可以使用ACL和prefix等来过滤路由

例如：在R1上过滤R2宣告来的直连路由2.2.2.3/32，而不过滤2.2.2.2/32

 

R2#show run | s ospf                              R2上的直连路由
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 2.2.2.3 0.0.0.0 area 0
 network 12.1.1.2 0.0.0.0 area 0
R2#

 

R1#show ip route ospf                          没有过滤前的R1收到R2的ospf路由
     2.0.0.0/32 is subnetted, 2 subnets
O       2.2.2.2 [110/11] via 12.1.1.2, 00:00:16, FastEthernet0/0
O       2.2.2.3 [110/11] via 12.1.1.2, 00:00:16, FastEthernet0/0

R1#show ip prefix-list R2-2.3                 使用前缀列表匹配2.2.2.3/32路由
ip prefix-list R2-2.3: 1 entries
   seq 5 permit 2.2.2.3/32

R1#show run | s ospf
 ip ospf 1 area 0
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 12.1.1.1 0.0.0.0 area 0
 distribute-list prefix R2-2.3 in FastEthernet0/0           使用分发列表过滤前缀列表匹配的路由2.2.2.3/32

 

R1#show ip route ospf                                                 R1上查看RIB看到2.2.2.3/32的路由已经被过滤
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.3 [110/11] via 12.1.1.2, 00:00:03, FastEthernet0/0
R1#

但是注意：只能过滤掉路由，不让路由进入RIB，但是不能阻止LSA的传递，在LSDB中还是要有Link信息。
R1#show ip ospf database router 2.2.2.2                            在R1的LSDB中查看R2发来的LSA1类信息

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Router Link States (Area 0)

  LS age: 888
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 2.2.2.2
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000009
  Checksum: 0x2797
  Length: 60
  Number of Links: 3

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 2.2.2.2
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network                                    依然可以看到R2发来的2.2.2.3/32的LSA1
     (Link ID) Network/subnet number: 2.2.2.3
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 12.1.1.2
     (Link Data) Router Interface address: 12.1.1.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 10

 

2、redistribute-list x out 协议：仅对AS边界路由器ASBR重分布到OSPF中的路由起作用。不能应用于域内O路由及域间OIA路由的过滤。

R1#show ip interface brief               在R1（ASBR）过滤前配置rip和ospf，并将rip重分布进ospf中
Interface                  IP-Address      OK? Method Status          Protocol
FastEthernet0/0          12.1.1.1         YES manual up                    up     
Loopback0                  1.1.1.1           YES manual up                    up     
Loopback10               10.10.10.10    YES manual up                    up     
Loopback20               20.20.20.20    YES manual up                    up

R1(config-router)#do show run | s ospf       
 ip ospf 1 area 0
router ospf 1
 log-adjacency-changes
 redistribute rip subnets
 network 1.1.1.1 0.0.0.0 area 0
 network 12.1.1.1 0.0.0.0 area 0

R1(config-router)#do show run | s rip
 redistribute rip subnets
router rip
 network 10.0.0.0
 network 20.0.0.0
R1(config-router)#

R2#show ip route ospf                                       在R2上已经学到R1中重分布进ospf的rip路由
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 12.1.1.1, 00:07:48, FastEthernet0/0
     20.0.0.0/32 is subnetted, 1 subnets
O E2    20.20.20.20 [110/20] via 12.1.1.1, 00:07:16, FastEthernet0/0
     10.0.0.0/32 is subnetted, 1 subnets
O E2    10.10.10.10 [110/20] via 12.1.1.1, 00:07:48, FastEthernet0/0
R2#

下面在R1上开启重分布路由过滤：
R1(config)#ip prefix-list R1-10 permit 10.10.10.10/32          使用perfix匹配需要过滤的外部路由

R1(config-router)#distribute-list prefix R1-10 out rip           过滤掉prefix列表匹配外部重分布路由，不宣告

在R2上查看结果：

R2#show ip route ospf                                             R2上已经学不到R1上重分布的10.10.10.10/32的路由了
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 12.1.1.1, 00:10:26, FastEthernet0/0
     10.0.0.0/32 is subnetted, 1 subnets
O E2    10.10.10.10 [110/20] via 12.1.1.1, 00:10:26, FastEthernet0/0

二、汇总LSA的过滤

R1(config-router)#area 12 range 172.16.0.0 255.255.0.0 not-advertise      本区域的ABR上做，过滤LSA1/2

R1(config-router)#summary-address 172.16.0.0 255.255.0.0 not-advertise     外部路由产生的ASBR上做，或者LSA7转LSA5的ABR上做，过滤LSA5/7

三、针对LSA3的过滤，必须是前缀列表

R1(config-router)#area 12 filter-list prefix LSA3 in/out                在ABR上过滤LSA3，只有被prefix-list匹配的LSA3才能进来或出去

 

四、过滤所有的LSA

R1(config-if)#ip ospf database-filter all ou                                   过滤从该接口收到的所有LSA

R1(config-router)#neighbor 12.1.1.2 database-filter all out        过滤从邻居（接口ip：12.1.1.2）过来的所有LSA（注意：12.4IOS版本中此命令只=在p2p、NBMA网络类型中才能在show run中看到，在其他网络类型中也生效但是在show run中看不到，是个隐藏命令）

R1(config-router)#no discard-route internal     用来过滤LSA3的汇总路由

R1(config-router)#no discard-route external     用来过滤LSA5的汇总路由

ip ospf name-lookup 类似 ip domain lookup    ip ospf name-lookup默认是关闭的（应该关闭）