OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements

This document describes the Open Shortest Path First (OSPF) mechanism to exclude IP prefixes of connected networks from link-state advertisements (LSAs). When OSPF is deployed in large networks, limiting the number of IP prefixes that are carried in the OSPF LSAs can speed up OSPF convergence.

This feature can also be utilized to enhance the security of an OSPF network by allowing the network administrator to prevent IP routing toward internal nodes.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Excluding Connected IP Prefixes from LSAs

Before you can use the mechanism to exclude IP prefixes from LSAs, the OSPF routing protocol must be configured.

Information About Excluding Connected IP Prefixes from LSAs

One way to improve OSPF network convergence is to limit the number of IP prefixes carried in LSAs.

Previous Methods to Limit the Number of IP Prefixes Carried in LSAs

Configuring interfaces as unnumbered limits IP prefixes. However, for network management and the ease of identifying and troubleshooting numbered interfaces, you might want to have numbered interfaces and also want to limit the number of IP advertisements.

Feature Overview

The OSPF mechanism to exclude connected IP prefixes from LSAs allows network administrators to control what IP prefixes are installed into LSAs. This functionality is implemented for router and network LSAs in the following manner:

  • For the router LSA, to exclude prefixes, the feature excludes link type 3 (stub link).
  • For the network LSA, the OSPF Designated Router (DR) generates LSAs with a special /32 network mask (0xFFFFFFFF).

Note

Previous versions of Cisco IOS software that do not have this feature will install the /32 prefix into the routing table.

Globally Suppressing IP Prefix Advertisements per OSPF Process

You can reduce OSPF convergence time by configuring the OSPF process on a router to prevent the advertisement of all IP prefixes by using the prefix-suppression command in router configuration mode.


Note

Prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces are excluded because typical network designs require those to remain reachable.

Suppressing IP Prefix Advertisements on a Per-Interface Basis

You can explicitly configure an OSPF interface not to advertise its IP network to its neighbors by using the ip ospf prefix-suppression command in interface configuration mode.


Note

If you have globally suppressed IP prefixes from connected IP networks by configuring the prefix-suppression router configuration command, the interface configuration command takes precedence over the router configuration mode command.

How to Exclude Connected IP Prefixes from OSPF LSAs

This section describes how to configure two alternative methods to suppress IP prefix advertisements. You can suppress IP prefix advertisements per OSPF process or per interface. This section also explains how you can troubleshoot IP prefix suppression.

Excluding IP Prefixes per OSPF Process

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    router ospf process-id [vrf vpn-name]

    4.    prefix-suppression

    5.    end

    6.    show ip ospf


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 router ospf process-id [vrf vpn-name]


    Example:
    Router(config)# router ospf 23
     

    Configures an OSPFv2 routing process and enters router configuration mode.

     
    Step 4 prefix-suppression


    Example:
    Router(config-router)# prefix-suppression
     

    Prevents OSPF from advertising all IP prefixes except prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces.

     
    Step 5 end


    Example:
    Router(config-router)# end
     

    Returns to privileged EXEC mode.

     
    Step 6 show ip ospf


    Example:
    Router# show ip ospf
     

    Displays general information about OSPF routing processes.

    Note   

    Use this command to verify that IP prefix suppression has been enabled.

     

    Examples

    In the following example, output from the show ip ospf command shows that IP prefix advertisement has been suppressed for OSPF process 1. 

    Router# show ip ospf
 
Routing Process "ospf 1" with ID 10.0.0.6
Start time: 00:00:04.912, Time elapsed: 00:02:35.184
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 2. Checksum Sum 0x0132C8
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
Number of areas transit capable is 1
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Prefix-suppression is enabled
.
.
.

    Excluding IP Prefixes on a Per-Interface Basis

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface type number

      4.    ip ospf prefix-suppression [disable]

      5.    end

      6.    show ip ospf interface


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface type number


      Example:
      Router(config)# interface serial 0/0
       

      Configures an interface type and enters interface configuration mode.

       
      Step 4 ip ospf prefix-suppression [disable]


      Example:
      Router(config-if)# ip ospf prefix-suppression
       

      Prevents OSPF from advertising IP prefixes that belong to a specific interface, except those that are associated with secondary IP addresses.

      Note   

      When you enter the ip ospf prefix suppressioncommand in interface configuration mode, it takes precedence over the prefix-suppression command that is entered in router configuration mode.

       
      Step 5 end


      Example:
      Router(config-if)# end
       

      Returns to privileged EXEC mode.

       
      Step 6 show ip ospf interface


      Example:
      Router# show ip ospf interface
       

      Displays OSPF-related interface information.

      Note   

      Use this command to verify that IP prefix suppression has been enabled for a specific interface.

       

      Examples

      In the following example, the output from the show ip ospf interface command verifies that prefix suppression has been enabled for Ethernet interface 0/0. 

      Router# show ip ospf interface
 
Ethernet0/0 is up, line protocol is up 
  Internet Address 192.168.130.2/24, Area 2 
  Process ID 1, Router ID 10.0.0.6, Network Type BROADCAST, Cost: 10
  Prefix-suppression is enabled
.
.
.

      Troubleshooting IP Prefix Suppression

      SUMMARY STEPS

        1.    enable

        2.    debug ip ospf lsa-generation

        3.    debug condition interface interface-type interface-number [dlci dlci] [vc {vci | vpi | vci}]

        4.    show debugging

        5.    show logging [slot slot-number | summary]


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 debug ip ospf lsa-generation


        Example:
        Router# debug ip ospf lsa-generation
         

        Displays informations about each OSPF LSA generated.

         
        Step 3 debug condition interface interface-type interface-number [dlci dlci] [vc {vci | vpi | vci}]


        Example:
        Router# debug interface serial 0/0
         

        Limits output for some debug commands on the basis of the interface or virtual circuit.

         
        Step 4 show debugging


        Example:
        Router# show debugging
         

        Displays information about the types of debugging that are enabled for your router.

         
        Step 5 show logging [slot slot-number | summary]


        Example:
        Router# show logging
         

        Displays the state of syslog and the contents of the standard system logging buffer.

         

        Examples

        The following sample output from the debug ip ospf lsa-generation command verifies that for the Ethernet interface 0/0, IP prefixes from the connected network 192.168.131.0 are excluded. 

        Router# debug ip ospf lsa-generation
 
OSPF summary lsa generation debugging is on
Router# debug condition interface e0/0
Condition 1 set
Router# show debugging
 
IP routing:
   OSPF summary lsa generation debugging is on
Condition 1: interface Et0/0 (1 flags triggered)
        Flags: Et0/0
Router# show logging
*Jun  5 21:54:47.295: OSPF: Suppressing 192.168.131.0/24 on Ethernet1/0 from router LSA
*Jun  5 21:54:52.355: OSPF: Suppressing 192.168.131.0/24 on Ethernet1/0 from router LSA
.
.
.

        Configuration Examples for Excluding Connected IP Prefixes from LSAs

        Excluding IP Prefixes from LSAs for an OSPF Process Example

        The following example configures IP prefix suppression for OSPF routing process 23.

        router ospf 23
 prefix-suppression
 end

        When the show ip ospf command is entered, the displayed output verifies that IP prefix suppression has been enabled for OSPF process 23.

        Router# show ip ospf
outing Process "ospf 23" with ID 10.0.0.6
Start time: 00:00:04.912, Time elapsed: 00:02:35.184
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 2. Checksum Sum 0x0132C8
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
Number of areas transit capable is 1
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Prefix-suppression is enabled
.
.
.

        Excluding IP Prefixes from LSAs for a Specified Interface Example

        The following example configures the suppression of all IP prefixes that are associated with Ethernet interface 0/0:

        interface Ethernet 0/0
 ip ospf prefix-suppression
 end

        When the show ip ospf interface command is entered, the displayed output verifies that IP prefix suppression is enabled for Ethernet interface 0/0.

        Router# show ip ospf interface
 
Ethernet0/0 is up, line protocol is up 
  Internet Address 192.168.130.2/24, Area 2 
  Process ID 1, Router ID 10.0.0.6, Network Type BROADCAST, Cost: 10
  Prefix-suppression is enabled
.
.
.

        Additional References

        The following sections provide references related to the OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements feature.

        Related Documents

        Related Topic

        Document Title

        OSPF commands: complete command syntax, command mode, command history, command defaults, usage guidelines, and examples

        Cisco IOS IP Routing: OSPF Command Reference

        Standards

        Standard

        Title

        None

        --

        MIBs

        MIB

        MIBs Link

        There are no new MIBs that are associated with this feature.

        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFC

        Title

        None

        --

        Technical Assistance

        Description

        Link

        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements

        Feature Name

        Releases

        Feature Information

        OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements

        15.2(1)E

        The OSPF mechanism to exclude connected IP prefixes from LSA advertisements is deployed in large networks, limiting the number of IP prefixes that are carried in the OSPF LSAs can speed up OSPF convergence.

        In Cisco IOS 15.2(1)E, support was added for the Cisco Catalyst 4000 Series Switches.

        No new commands were introduced or modified.

        Glossary

        network LSA --The link-state advertisement created by the designated router (DR) or pseudonode that represents a group of routers on the same interface. The network LSA advertises summary information to represent the group of routers on the network.

        router LSA --The link-state advertisement that is generated by a router. The router LSA advertises routing information (connected routes) for the router.