ルートフィルター
特定の経路だけ広報したり、広報を止めたりする機能。
・172.16.2.0/24を他のエリアに広報しない場合
設定前
R6#sh ip route ospf
ateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 00:34:42, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 00:34:42, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 00:34:42, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:34:42, GigabitEthernet0/1
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:00:16, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 00:34:42, GigabitEthernet0/1
コンフィグ
R4(config-router)#area 1234 range 172.16.2.0 255.255.255.0 ?
advertise Advertise this range (default)
cost User specified metric for this range
not-advertise DoNotAdvertise this range
<cr> <cr>
設定後
172.16.2.0/24がなくなってます。
R6#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 00:35:49, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 00:35:49, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 00:35:49, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 2 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:35:49, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 00:35:49, GigabitEthernet0/1
当たり前ですが、フィルターの設定を入れたR4より手前のR2は、172.16.2.0/24の経路を受信してます。
R2#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.45.1.0/24 [110/65] via 10.24.1.2, 00:37:50, GigabitEthernet0/1
O IA 10.56.1.0/24 [110/66] via 10.24.1.2, 00:37:12, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.1.0 [110/2] via 10.123.1.1, 00:38:00, GigabitEthernet0/2
O 172.16.2.0 [110/2] via 10.123.1.1, 00:38:00, GigabitEthernet0/2
O 172.16.3.0 [110/2] via 10.123.1.1, 00:38:00, GigabitEthernet0/2
ちなみに、フィルターの設定入れた後に、さらに同じレンジを指定して
フィルター入れると、下記の通りハジかれます
R4(config-router)#area 0 range 172.16.2.0 255.255.255.0 not-advertise
% OSPF: This range exists in different area 1234
また、rangeで指定したセグメントとエリアIDが一致していないと、設定しても
フィルターが機能しない
R4(config-router)#area 1 range 172.16.2.0 255.255.255.0 not-advertise
R6#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 00:39:16, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 00:39:16, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 00:39:16, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:39:16, GigabitEthernet0/1
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:00:51, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 00:39:16, GigabitEthernet0/1
エリアフィルター
エリアIDとセグメントを指定して、通過の許可・拒否を行います。
下記2パターンでフィルター設定します。
172.16.1.0/24の経路情報をArea0に流さない。
192.168.100.0/24の経路情報をArea0に流さない
設定前
R4#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.56.1.0/24 [110/2] via 10.45.1.2, 00:20:40, GigabitEthernet0/0
O 10.123.1.0/24 [110/2] via 10.24.1.1, 00:20:40, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.1.0 [110/3] via 10.24.1.1, 00:20:40, GigabitEthernet0/1
O 172.16.2.0 [110/3] via 10.24.1.1, 00:20:40, GigabitEthernet0/1
O 172.16.3.0 [110/3] via 10.24.1.1, 00:20:40, GigabitEthernet0/1
O IA 192.168.100.0/24 [110/3] via 10.45.1.2, 00:00:01, GigabitEthernet0/0
R5#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.24.1.0/29 [110/2] via 10.45.1.1, 00:08:29, GigabitEthernet0/0
O IA 10.123.1.0/24 [110/3] via 10.45.1.1, 00:08:29, GigabitEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/4] via 10.45.1.1, 00:03:34, GigabitEthernet0/0
O IA 172.16.2.0 [110/4] via 10.45.1.1, 00:08:29, GigabitEthernet0/0
O IA 172.16.3.0 [110/4] via 10.45.1.1, 00:08:29, GigabitEthernet0/0
O 192.168.100.0/24 [110/2] via 10.56.1.2, 00:08:29, GigabitEthernet0/1
R6#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 00:24:32, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 03:55:05, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 00:24:32, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:06:17, GigabitEthernet0/1
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:01:26, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 00:24:32, GigabitEthernet0/1
コンフィグ
area <対象エリア> filter-list prefix <対象prefix> in|out
inの場合は、指定したPrefixを対象エリアに入れない。
outの場合は、指定したPrefixを対象エリアから出さない
R4(config)#ip prefix-list 172.16.1.0 seq 5 deny 172.16.1.0/24
R4(config)#ip prefix-list 172.16.1.0 seq 10 permit 0.0.0.0/0 le 32 →暗黙のdeny回避
R4(config)#router ospf 1
R4(config-router)#area 0 filter-list prefix 172.16.1.0 in
R5(config)#ip prefix-list 192.168.100.0 seq 5 deny 192.168.100.0/24
R5(config)#ip prefix-list 192.168.100.0 seq 10 permit 0.0.0.0/0 le 32 →暗黙のdeny回避
R5(config)#router ospf 1
R5(config-router)#area 56 filter-list prefix 192.168.100.0 out
設定後
172.16.1.0/24は、エリア0で受信拒否されるため、R5・6は、経路削除
192.168.100.0/24は、エリア56から出れないため、R4は、経路削除
R4#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.56.1.0/24 [110/2] via 10.45.1.2, 00:27:47, GigabitEthernet0/0
O 10.123.1.0/24 [110/2] via 10.24.1.1, 00:27:47, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.1.0 [110/3] via 10.24.1.1, 00:27:47, GigabitEthernet0/1
O 172.16.2.0 [110/3] via 10.24.1.1, 00:27:47, GigabitEthernet0/1
O 172.16.3.0 [110/3] via 10.24.1.1, 00:27:47, GigabitEthernet0/1
R5#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.24.1.0/29 [110/2] via 10.45.1.1, 00:17:09, GigabitEthernet0/0
O IA 10.123.1.0/24 [110/3] via 10.45.1.1, 00:17:09, GigabitEthernet0/0
172.16.0.0/24 is subnetted, 2 subnets
O IA 172.16.2.0 [110/4] via 10.45.1.1, 00:17:09, GigabitEthernet0/0
O IA 172.16.3.0 [110/4] via 10.45.1.1, 00:17:09, GigabitEthernet0/0
O 192.168.100.0/24 [110/2] via 10.56.1.2, 00:17:09, GigabitEthernet0/1
R6#show ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 00:30:54, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 04:01:27, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 00:30:54, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 2 subnets
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:07:48, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 00:30:54, GigabitEthernet0/1
ディストリビュートリストによるフィルタリング
ディストリビュートリストを使って、特定のルーター上から経路情報を削除します。
172.16.3.0/24の経路をR2のRIBから削除
設定前
R4#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.56.1.0/24 [110/2] via 10.45.1.2, 00:00:04, GigabitEthernet0/0
O 10.123.1.0/24 [110/2] via 10.24.1.1, 00:00:04, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.1.0 [110/3] via 10.24.1.1, 00:00:04, GigabitEthernet0/1
O 172.16.2.0 [110/3] via 10.24.1.1, 00:00:04, GigabitEthernet0/1
O 172.16.3.0 [110/3] via 10.24.1.1, 00:00:04, GigabitEthernet0/1
O IA 192.168.100.0/24 [110/3] via 10.45.1.2, 00:00:04, GigabitEthernet0/0
R5#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.24.1.0/29 [110/2] via 10.45.1.1, 00:08:45, GigabitEthernet0/0
O IA 10.123.1.0/24 [110/3] via 10.45.1.1, 00:08:45, GigabitEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/4] via 10.45.1.1, 00:07:38, GigabitEthernet0/0
O IA 172.16.2.0 [110/4] via 10.45.1.1, 00:08:45, GigabitEthernet0/0
O IA 172.16.3.0 [110/4] via 10.45.1.1, 00:08:45, GigabitEthernet0/0
O 192.168.100.0/24 [110/2] via 10.56.1.2, 00:08:45, GigabitEthernet0/1
R6#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 01:29:05, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 01:29:05, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 01:29:05, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:07:53, GigabitEthernet0/1
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:16:14, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 01:29:05, GigabitEthernet0/1
コンフィグ
R4(config)#ip access-list standard OSPF-FILTER
R4(config-std-nacl)# deny 172.16.3.0 0.0.0.255
R4(config-std-nacl)# permit any
R4(config-std-nacl)# exit
R4(config)# router ospf 1
R4(config-router)#distribute-list OSPF-FILTER in
設定後
設定したR4だけ、172.16.3.0/24の経路が消え、他のルーターは、登録されたままです。
R4#sh ip route ospf
ateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.56.1.0/24 [110/2] via 10.45.1.2, 00:00:33, GigabitEthernet0/0
O 10.123.1.0/24 [110/2] via 10.24.1.1, 00:00:33, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.1.0 [110/3] via 10.24.1.1, 00:00:33, GigabitEthernet0/1
O 172.16.2.0 [110/3] via 10.24.1.1, 00:00:33, GigabitEthernet0/1
O IA 192.168.100.0/24 [110/3] via 10.45.1.2, 00:00:33, GigabitEthernet0/0
R5#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O IA 10.24.1.0/29 [110/2] via 10.45.1.1, 00:10:41, GigabitEthernet0/0
O IA 10.123.1.0/24 [110/3] via 10.45.1.1, 00:10:41, GigabitEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/4] via 10.45.1.1, 00:09:34, GigabitEthernet0/0
O IA 172.16.2.0 [110/4] via 10.45.1.1, 00:10:41, GigabitEthernet0/0
O IA 172.16.3.0 [110/4] via 10.45.1.1, 00:10:41, GigabitEthernet0/0
O 192.168.100.0/24 [110/2] via 10.56.1.2, 00:10:41, GigabitEthernet0/1
R6#sh ip route ospf
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.24.1.0/29 [110/3] via 10.56.1.1, 01:31:03, GigabitEthernet0/1
O IA 10.45.1.0/24 [110/2] via 10.56.1.1, 01:31:03, GigabitEthernet0/1
O IA 10.123.1.0/24 [110/4] via 10.56.1.1, 01:31:03, GigabitEthernet0/1
172.16.0.0/24 is subnetted, 3 subnets
O IA 172.16.1.0 [110/5] via 10.56.1.1, 00:09:51, GigabitEthernet0/1
O IA 172.16.2.0 [110/5] via 10.56.1.1, 00:18:12, GigabitEthernet0/1
O IA 172.16.3.0 [110/5] via 10.56.1.1, 01:31:03, GigabitEthernet0/1
