今回はOSPFのMulti Area構成で使用するFilter Listと呼ばれる機能を解説します。
この記事の目次
座学
Filter List
Multi Area構成において、Filter Listを使用することで、あるAreaから他のAreaにLSA Type 3として広報するプレフィックスをフィルタリング可能です。
Filter ListではIn方向とOut方向でのフィルタリングが可能です。
下図の様に、Area 0に対してIn方向にFilter Listを適用した場合、Area 2とArea 3からArea 1に投入されるLSA Type 3がフィルタリング対象になります。
下図の様に、Area 2に対してOut方向にFilter Listを適用した場合、Area 2からArea 1とArea 3に投入されるLSA Type 3がフィルタリング対象になります。
実機での動作確認
検証内容
R1のg2でOSPF Area 0を有効にします。
R2のg2でOSPF Area 0、g3とg4でOSPF Area 2を有効にします。
R1、R2のNetwork TypeにはPoint-to-Pointを使用します。
初期設定
interface GigabitEthernet2
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 1
router-id 1.1.1.1
network 10.1.1.0 0.0.0.255 area 0
interface GigabitEthernet2
ip address 10.1.1.2 255.255.255.0
ip ospf network point-to-point
!
interface GigabitEthernet3
ip address 20.1.1.2 255.255.255.0
!
interface GigabitEthernet4
ip address 20.2.2.2 255.255.255.0
!
router ospf 1
router-id 2.2.2.2
network 10.1.1.0 0.0.0.255 area 0
network 20.1.1.0 0.0.0.255 area 2
network 20.2.2.0 0.0.0.255 area 2
Filter List設定前
OSPFプロセスの状態確認
R2のOSPFでFilter Listが設定されていないことが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 1d07h, Time elapsed: 00:00:37.969
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:37.898 ago
SPF algorithm executed 1 times
Area ranges are
Number of LSA 4. Checksum Sum 0x019C77
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm last executed 00:00:14.945 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 2. Checksum Sum 0x010205
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
LSDBの状態確認
R2がArea 0に対して20.1.1.0/24と20.2.2.0/24を格納したLSA Type 3を投入していることが確認できます。
R2
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 46 0x80000013 0x00BB2C 2
2.2.2.2 2.2.2.2 45 0x80000002 0x008072 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
20.1.1.0 2.2.2.2 45 0x80000001 0x003BE2
20.2.2.0 2.2.2.2 22 0x80000001 0x0024F7
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 22 0x80000003 0x00449B 2
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
10.1.1.0 2.2.2.2 45 0x80000001 0x00BD6A
SPFの計算結果の確認
R1はOSPF経由で20.1.1.0/24と20.2.2.0/24を学習していることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
*> 20.1.1.0/24, Inter, cost 2, area 0
via 10.1.1.2, GigabitEthernet2
*> 20.2.2.0/24, Inter, cost 2, area 0
via 10.1.1.2, GigabitEthernet2
ルーティングテーブルの確認
R1のルーティングテーブルに20.1.1.0/24と20.2.2.0/24が投入されていることが確認できます。
R1
R1#show ip route ospf
20.0.0.0/24 is subnetted, 2 subnets
O IA 20.1.1.0 [110/2] via 10.1.1.2, 00:01:27, GigabitEthernet2
O IA 20.2.2.0 [110/2] via 10.1.1.2, 00:01:04, GigabitEthernet2
疎通確認
R1の10.1.1.1からR2の20.1.1.2と20.2.2.2へのPingが成功することが確認できます。
R1
R1#ping 20.1.1.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 20.2.2.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
In方向のFilter List設定後
R2において、OSPFのArea 0にIn方向でFilter Listを適用し、他のAreaからArea 0に対しては20.1.1.0/24を格納したLSA Type 3のみ投入します。
追加したOPSFの設定
In方向のFilter Listはarea <area-id> filter-list prefix <prefix-list-name> inコマンドで適用します。<area-id>で指定したArea に対して、<prefix-list-name>で指定したPrefix ListがIn方向で適用されます。
今回はR2において、Area 0に対して20.1.1.0/24のみを許可したFilter ListをIn方向で適用します。
R2
router ospf 1
area 0 filter-list prefix OSPF_PREFIX_LIST in
!
ip prefix-list OSPF_PREFIX_LIST seq 5 permit 20.1.1.0/24
OSPFプロセスの状態確認
R2において、Area 0に対してFilter ListがIn方向で適用されていることが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 1d07h, Time elapsed: 00:02:48.890
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:02:48.818 ago
SPF algorithm executed 1 times
Area ranges are
Area-filter OSPF_PREFIX_LIST in
Number of LSA 3. Checksum Sum 0x017780
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm last executed 00:00:26.829 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 2. Checksum Sum 0x010006
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 00
LSDBの状態確認
R2がArea 0に対して20.1.1.0/24を格納したLSA Type 3のみを投入していることが確認できます。
R2
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 181 0x80000013 0x00BB2C 2
2.2.2.2 2.2.2.2 180 0x80000002 0x008072 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
20.1.1.0 2.2.2.2 180 0x80000001 0x003BE2
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 117 0x80000004 0x00429C 2
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
10.1.1.0 2.2.2.2 180 0x80000001 0x00BD6A
SPFの計算結果の確認
R1はOSPF経由で20.1.1.0/24のみを学習していることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
*> 20.1.1.0/24, Inter, cost 2, area 0
via 10.1.1.2, GigabitEthernet2
ルーティングテーブル確認
R1のルーティングテーブルには20.1.1.0/24のみ投入されていることが確認できます。
R1
R1#show ip route ospf
20.0.0.0/24 is subnetted, 1 subnets
O IA 20.1.1.0 [110/2] via 10.1.1.2, 00:01:27, GigabitEthernet2
疎通確認
R1の10.1.1.1からR2の20.1.1.2へのPingは成功し、20.2.2.2へのPingが失敗することが確認できます。
R1
R1#ping 20.1.1.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 20.2.2.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
In方向のFilter List設定後
R2において、OSPFのArea 2にOut方向でFilter Listを適用し、Area 2から他のAreaに対しては20.2.2.0/24を格納したLSA Type 3のみ投入します。
追加したOPSFの設定
Out方向のFilter Listはarea <area-id> filter-list prefix <prefix-list-name> outコマンドで適用します。<area-id>で指定したArea に対して、<prefix-list-name>で指定したPrefix ListがOut方向で適用されます。
今回はR2において、Area 2に対して20.2.2.0/24のみを許可したFilter ListをOut方向で適用します。
R2
router ospf 1
area 2 filter-list prefix OSPF_PREFIX_LIST out
!
ip prefix-list OSPF_PREFIX_LIST seq 5 permit 20.2.2.0/24
OSPFプロセスの状態確認
R2において、Area 2に対してFilter ListがOut方向で適用されていることが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 1d07h, Time elapsed: 00:04:31.075
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:04:31.003 ago
SPF algorithm executed 1 times
Area ranges are
Number of LSA 3. Checksum Sum 0x016095
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm last executed 00:00:02.914 ago
SPF algorithm executed 9 times
Area ranges are
Area-filter OSPF_PREFIX_LIST out
Number of LSA 2. Checksum Sum 0x010006
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 00
LSDBの状態確認
R2がArea 0に対して20.2.2.0/24を格納したLSA Type 3のみを投入していることが確認できます。
R2
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 284 0x80000013 0x00BB2C 2
2.2.2.2 2.2.2.2 283 0x80000002 0x008072 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
20.2.2.0 2.2.2.2 26 0x80000001 0x0024F7
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 220 0x80000004 0x00429C 2
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
10.1.1.0 2.2.2.2 283 0x80000001 0x00BD6A0001 0x00BD6A
SPFの計算結果の確認
R1はOSPF経由で20.2.2.0/24のみを学習していることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
*> 20.2.2.0/24, Inter, cost 2, area 0
via 10.1.1.2, GigabitEthernet2
ルーティングテーブルの確認
R1のルーティングテーブルには20.2.2.0/24のみ投入されていることが確認できます。
R1
R1#show ip route ospf
20.0.0.0/24 is subnetted, 1 subnets
O IA 20.2.2.0 [110/2] via 10.1.1.2, 00:01:27, GigabitEthernet2
疎通確認
R1の10.1.1.1からR2の20.1.1.2へのPingは失敗し、20.2.2.2へのPingが成功することが確認できます。
R1
R1#ping 20.1.1.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
R1#ping 20.2.2.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
コメント