Be smart when using the OSPF network statement

For whatever reason, a lot of people have the impression that the wildcard bits in the OSPF network statement have to be the inverse of the interface subnet mask. For example, if you have configured ip address 192.168.1.2 255.255.255.240 on an interface, they would enter network 192.168.1.2 0.0.0.15 in the OSPF configuration ... and obviously use one network statement per interface.

In reality, the network statements work like simple IP access-list: whenever an interface IP address matches the network statement, the interface is put into the selected area. The IOS is also pretty helpful recently: the network statements are automatically sorted from most-specific to least-specific and (like with the access lists) the first match stops the search.

In my network implementations, I use the network statements in three different ways:

  • If I have to assign a specific interface into an area, I would always use network x.y.z.w 0.0.0.0 area n;
  • If the area address ranges are nicely assigned (which also helps immensely when you have to start summarizing), you can use a single network statement to cover the whole area. If, for example, area 3 has address range 10.1.16.0/20, use network 10.1.16.0 0.0.15.255 area 3;
  • If the router has all interfaces in a single area, I would almost always use network 0.0.0.0 255.255.255.255 area area-id (unless there is an extremely good reason that some interfaces should not be seen by the OSPF process).

4 comments:

  1. Nice articule but with one mistake. When you configure ospf , the network statement work, as you said, as an ACL but... from the most-specific to the less specific. To use Cisco terms "the longest,the better".

    Thanks anyway for this post
    Alex

    ReplyDelete
  2. Ivan Pepelnjak22 July, 2010 09:16

    Thank you! Fixed.

    ReplyDelete
  3. You say "unless there is an extremely good reason that some interfaces should not be seen by the OSPF process ", can you give some examples of when this might be the case?

    ReplyDelete
  4. Ivan Pepelnjak03 April, 2012 08:26

    No ... 8-)

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.