Path selection for good old OSPF
Path selection is based on the Shortest Path Tree (SPT) found using Dijkstra’s Shortest Path First (SPF) algorithm. Generally OSPF prefers intra-area routes, inter-area routes and external routes, ordered from most to least preferred. If two paths exists for a given route, within the same area, then the one with the lost total metric is injected into the RIB. If two routes have equal total metrics, then both are generally injected into the RIB.
It bears mentioning, that the default behavior of Equal Cost Multiple Path (ECMP) differs heavily from vendor to vendor, sometimes also between different product lines and features. During Dreamhack Winter 2023 we were having issues with our ECMP between our two internet routers and Tele2’s internet routers. Turns out, Juniper does not just allow you to install multiple paths for the same prefix, even though the metric is identical, unless you explicitly allow them to coexist in the RIB. So we had to change the entire load balancing algorithm for the core at 03:30 AM, during event. Luckily, everything went well. 😮💨
Moral of the story: Be careful, read the documentation.
Inter-area summarization
A useful tool for minimizing the load on network devices (which is especially relevant for the more demanding link-state based dynamic routing protocols) is summarization. This allows a router to group a bunch of smaller networks into a larger summary network or aggregate. This, not only, reduces the amount of entries in the LSDB and the RIB, but it also allows for much less consumed hardware resources on unnecessary SPF calculations during reconvergence. This is usually done in the ABR coming from a nonbackbone area into the backbone area.
When a summary route is configured, all component routes are suppressed, in favor of the ABR advertising the summarized route as a type 3 LSA. Also, the metric of the type 3 summary LSA is determined by the component route with the lowest metric. Every time a component route is updated, added or removed OSPF will recheck the metrics of the component routes to ensure that the summary route has the lowest available metric.
Example configuration of summarization with default metric behavior:
router ospf 1
area 1.2.3.4 range 10.44.0.0 255.255.0.0
You can set the metric statically when configuring the summarization though, which allows you to customize the inter-area path selection. This can be good to ensure good balancing of load in the network.
Example configuration of summarization with static metric:
router ospf 1
area 1.2.3.4 range 10.44.0.0 255.255.0.0 cost 80
The area 1.2.3.4 in the configuration above would reference the source area of the component routes on the ABR.
It is worth mentioning as well, that the router performing the summarization will install a blackhole route for the summary prefix. This is to ensure that the summarization of non-existing component routes won’t cause a routing loop.
Filtering inter-area using summary
There is another attribute which can be used with the summarization command to prevent type 3 LSAs from being advertised for any component route in the ABR. This is using the not-advertise attribute. Here is an example:
router ospf 1
area 1.2.3.4 range 10.44.0.0 255.255.0.0 not-advertise
This setup however, only works on the router converting type 1/2 LSAs into type 3 LSAs. That means that the filtering needs to be done on the ABR which is a member of the OSPF area that the filtered routes originate from.
Filtering using a filtering list
To allow for filtering beyond on the originating ABR, OSPF allows the use of prefix-lists on area ingress and egress. This will filter prefixes regardless of if it is done on LSA type 1, 2 or 3 packets.
ip prefix-list OSPF_FILTER_AREA_1_2_3_4_IN seq 10 deny 10.44.0.0/16
ip prefix-list OSPF_FILTER_AREA_1_2_3_4_IN seq 999 premit 0.0.0.0/0 le 32
router ospf 1
area 1.2.3.4 filter-list prefix OSPF_FILTER_AREA_1_2_3_4_IN in
You should think of each OSPF area as a distinct zone/interface when determining the direction of filtering needed for each area.
Filtering using a distribute list
Now, all routers within an OSPF area will maintain the same LSDB data, such is the nature of a link-state based routing algorithm. This poses a problem if you want to do route filtering on specific routers inside of an area. To solve this, you can use a distribute list. This allows you to place a filter between the LSDB and the RIB, so to speak, preventing the routes from being used by that router.
The behavior of a distribute list on a ABR is to still allow LSA type 3 generation, however, to deny the receiving of LSA type 3 packets for the filtered prefix.
You can use an ACL, prefix-list or route-map for this filtering. My preferred method is to use prefix-lists, so here is an example of that:
ip prefix-list OSPF_FILTER_INTRA_AREA_1_2_3_4_IN seq 10 deny 10.44.18.0/24
ip prefix-list OSPF_FILTER_INTRA_AREA_1_2_3_4_IN seq 999 premit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix OSPF_FILTER_INTRA_AREA_1_2_3_4_IN in
There is also the option to filter in the outbound direction. That is only used for filtering redistributed routes and would only be possible on OSPF Autonomous System Border Routers (ASBRs).