jump to navigation

OSPF : Filter LSA Inter-Area dengan prefix-list July 13, 2009

Posted by ZoeL in Cisco, Routing.
Tags: , , ,
trackback

Beberapa post ke depan, saya coba post mengenai filtering routing update di OSPF. Ada beberap metode, kali ini dengan Prefix-list.

Objektif : Filter OSPF LSA Type-3 dari area 0 ke area 1, begitu juga sebaliknya.

scenario prefix-list filtering LSA type 3 network for OSPF

jadi ceritanya, buat sebuah prefix-list yang membatasi broadcast LSA paket dari R5 sampai ke R6, begitu juga sebaliknya. Prefix-list dipasang di R1 dan R4. Sehingga LSA type3 tidak menyebrang melalui R1 dan R4.
Syarat lainnya :

  1. Dari area 1, deny R6 ketika keluar dari R1 dan R4 (out), tetapi persilahkan network lainnya untuk lewat R1 da R4
  2. Dari area 1, deny R5 ketika masuk ke R1 da R4, tetapi persilahkan network lainnya untuk lewat R1 da R4
  3. Proses filter dilakukan dari dalam area 1

Config R1, R4, R5 dan R6 sebelum di buatkan prefix-list.

R1

!
interface Loopback0
ip address 150.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 155.1.146.1 255.255.255.0
!
interface Serial0/0
ip address 155.1.0.1 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
ip ospf priority 0
frame-relay map ip 155.1.0.4 105
frame-relay map ip 155.1.0.5 105
no frame-relay inverse-arp
!
router ospf 1
router-id 150.1.1.1
network 150.1.1.1 0.0.0.0 area 1
network 155.1.0.1 0.0.0.0 area 0
network 155.1.146.1 0.0.0.0 area 1
!

R4

!
interface Loopback0
ip address 150.1.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 155.1.146.4 255.255.255.0
!
interface Serial0/0
ip address 155.1.0.4 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
ip ospf priority 0
frame-relay map ip 155.1.0.1 405
frame-relay map ip 155.1.0.5 405
no frame-relay inverse-arp
!
router ospf 1
router-id 155.1.4.4
network 150.1.4.4 0.0.0.0 area 1
network 155.1.0.4 0.0.0.0 area 0
network 155.1.146.4 0.0.0.0 area 1
!

R5

!
interface Loopback0
ip address 150.1.5.5 255.255.255.255
!
interface Serial1/0
ip address 155.1.0.5 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
frame-relay map ip 155.1.0.1 501
frame-relay map ip 155.1.0.4 504
no frame-relay inverse-arp
!
router ospf 1
router-id 155.1.5.5
network 150.1.5.5 0.0.0.0 area 0
network 155.1.0.5 0.0.0.0 area 0
neighbor 155.1.0.1
neighbor 155.1.0.4
!

R6

!
interface Loopback0
ip address 150.1.6.6 255.255.255.255
!
interface FastEthernet0/0
ip address 155.1.146.6 255.255.255.0
!
router ospf 1
router-id 150.1.6.6
network 150.1.6.6 0.0.0.0 area 1
network 155.1.146.6 0.0.0.0 area 1
!

Verifikasi dengan show ip route menunjukkan konfig awal, R6 menerima informasi LSA-3 dari R5 begutu juga sebaliknya.

R5#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
O IA    155.1.146.0 [110/65] via 155.1.0.4, 00:44:46, Serial1/0
[110/65] via 155.1.0.1, 00:44:46, Serial1/0
C       155.1.0.0 is directly connected, Serial1/0
150.1.0.0/32 is subnetted, 4 subnets
O IA    150.1.6.6 [110/66] via 155.1.0.4, 00:00:02, Serial1/0
[110/66] via 155.1.0.1, 00:00:02, Serial1/0
C       150.1.5.5 is directly connected, Loopback0
O IA    150.1.4.4 [110/65] via 155.1.0.4, 00:44:46, Serial1/0
O IA    150.1.1.1 [110/65] via 155.1.0.1, 00:44:47, Serial1/0

R6#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
C       155.1.146.0 is directly connected, FastEthernet0/0
O IA    155.1.0.0 [110/65] via 155.1.146.4, 00:45:13, FastEthernet0/0
[110/65] via 155.1.146.1, 00:45:13, FastEthernet0/0
150.1.0.0/32 is subnetted, 4 subnets
C       150.1.6.6 is directly connected, Loopback0
O IA    150.1.5.5 [110/66] via 155.1.146.4, 00:00:34, FastEthernet0/0
[110/66] via 155.1.146.1, 00:00:34, FastEthernet0/0
O       150.1.4.4 [110/2] via 155.1.146.4, 00:46:11, FastEthernet0/0
O       150.1.1.1 [110/2] via 155.1.146.1, 00:46:11, FastEthernet0/0

Selanjutnya coba lakukan filtering network 150.1.5.5 dan 150.1.6.6 di R1 dan R4, sehingga R5 tidak mendapat LSA update untuk 150.1.6.6 dari R6, dan R6 tidak mendapat LSA update untuk 150.1.5.5 dari R5.

R1 dan R4

!
router ospf 1
area 1 filter-list prefix AREA1_FILTER_IN in
area 1 filter-list prefix AREA1_FILTER_OUT out
!
ip prefix-list AREA1_FILTER_IN seq 5 deny 150.1.5.5/32
ip prefix-list AREA1_FILTER_IN seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list AREA1_FILTER_OUT seq 5 deny 150.1.6.6/32
ip prefix-list AREA1_FILTER_OUT seq 10 permit 0.0.0.0/0 le 32
!

Penjelasan :

  1. Pasang command area 1 filter-list prefix [word] in di dalam router ospf untuk melakukan filter terhadap network 150.1.5.5/32.
  2. Kemudian pasang ip prefix-list AREA1_FILTER_IN seq 5 deny 150.1.5.5/32 untuk melakukan filter terhadap LSA dengan ip 150.1.5.5.
  3. Setelah melakukan filter terhadap 150.1.5.5, buat satu ip prefix-list baru yang berfungsi untuk melewatkan LSA update selain 150.1.5.5 : ip prefix-list AREA1_FILTER_IN seq 10 permit 0.0.0.0/0 le 32
  4. Setelah selesai melakukan filter terhadap 150.1.5.5, lanjutkan dengan network 150.1.6.6.
    Pasang command area 1 filter-list prefix AREA1_FILTER_OUT out di dalam router ospf untuk melakukan filter terhadap network 150.1.6.6/32.
  5. Kemudian pasang ip prefix-list AREA1_FILTER_OUT seq 5 deny 150.1.6.6/32 untuk melakukan filter terhadap LSA dengan ip 150.1.6.6.
  6. Setelah melakukan filter terhadap 150.1.6.6, buat satu ip prefix-list baru yang berfungsi untuk melewatkan LSA update selain 150.1.6.6: ip prefix-list AREA1_FILTER_OUT seq 10 permit 0.0.0.0/0 le 32
  7. parameter LE 32 (least than equal 32) berarti : bahwa semua network yang di bawah/ lebih kecil dari 32bit.
    Termasuk mungkin /29, /28, /27 etc. parameter ini mutlak di tambahkan agar tidak ada network yang tidak ter-advertise (ikut terfilter deny).

verifikasi :

R5#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
O IA    155.1.146.0 [110/65] via 155.1.0.4, 00:58:43, Serial1/0
[110/65] via 155.1.0.1, 00:58:43, Serial1/0
C       155.1.0.0 is directly connected, Serial1/0
150.1.0.0/32 is subnetted, 3 subnets
C       150.1.5.5 is directly connected, Loopback0
O IA    150.1.4.4 [110/65] via 155.1.0.4, 00:58:43, Serial1/0
O IA    150.1.1.1 [110/65] via 155.1.0.1, 00:58:43, Serial1/0

R6#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
C       155.1.146.0 is directly connected, FastEthernet0/0
O IA    155.1.0.0 [110/65] via 155.1.146.4, 00:59:05, FastEthernet0/0
[110/65] via 155.1.146.1, 00:59:05, FastEthernet0/0
150.1.0.0/32 is subnetted, 3 subnets
C       150.1.6.6 is directly connected, Loopback0
O       150.1.4.4 [110/2] via 155.1.146.4, 01:00:01, FastEthernet0/0
O       150.1.1.1 [110/2] via 155.1.146.1, 01:00:01, FastEthernet0/0

dari show ip route (R5 dan R6) diatas, bisa di lihat kalau 150.1.5.5 di blok dari R6 dan 150.1.6.6 di blok dari R5.

note : untuk mempermudah pembuatan prefix-list, mnurut gw lebih baik create dulu filter yang diinginkan di dalam router ospf, baru kemudian buat ip prefix-list diluar router mode untuk spesifik deny atau permit IP.

.end.

Comments»

1. OSPF : Ingress filtering dengan distribute list dan route-map « Notes and Journals - July 13, 2009

[…] mengambil contoh diagram yang sama dengan OSPF : Filter LSA Inter-Area dengan prefix-list, buat routing ke arah nullo (null 0 adalah interface virtual yang dijadikan tempat pembuangan data, […]

2. OSPF : Filter LSA Inter-Area dengan ‘network ranges’ « Notes and Journals - July 13, 2009

[…] post saya kali ini menggunakan topologi dasar yang sama dengan sebelumnya (OSPF : Filter LSA Inter-Area dengan prefix-list) […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: