You can think of applying a filter so that
OSPF populates only certain routes into the
routing table. You can do this to control your routing information flow or to control your traffic flow. You can filter inbound routes to prevent the router from
putting them in its routing table:
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#access-list 1 deny 172.20.10.0
Router5(config)#access-list 1 permit any
Router5(config)#router ospf 87
Router5(config-router)#distribute-list 1 in Ethernet0
Router5(config-router)#end
Router5#
The OSPF algorithm requires that every router in an area
receive all of the LSAs for that area, so you cannot filter outbound routing
information:
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#router ospf 87
Router5(config-router)#distribute-list 1 out Ethernet0
% Interface not allowed with OUT for OSPF
Router5(config-router)#end
Router5#
It's important to remember that, unlike EIGRP and RIP, OSPF
uses a link state rather than a distance vector algorithm. One place where this
difference becomes clear is in route filtering. At a minimum, every router in an
area must see the LSAs for every other router in the same area. Depending on the
type of area, it may also see summary LSAs representing routing information from
other areas or ASes. These LSA packets are flooded throughout the area, with
each router forwarding LSA information on to any downstream devices. Every
router then separately computes the best routing table based on this link state
information.
If you prevented a router from forwarding some of the LSA
information, its downstream routers would not have a full link-state database,
and consequently wouldn't be able to generate an accurate routing table.
The only filtering we
can do is to prevent a router from installing a route learned via OSPF into its
routing table. This way, the link state database remains intact on every router
in the area. If you really want to break up the forwarding of LSA information,
subdivide the area.
You can see the effect of the inbound filter by looking at the
routing table both before and after applying the filter. Before the inbound
filter is enabled, you can see that the route is there:
Router5#show ip route 172.20.10.0
Routing entry for 172.20.10.0/24
Known via "ospf 87", distance 110, metric 84, type inter area
Redistributing via ospf 87
Last update from 172.25.1.5 on Ethernet0, 00:00:07 ago
Routing Descriptor Blocks:
* 172.25.1.5, from 172.25.25.1, 00:00:07 ago, via Ethernet0
Route metric is 84, traffic share count is 1
Router5#
Then, after we apply the filter, the route is gone:
Router5#show ip route 172.20.10.0
% Subnet not in table
Router5#