Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

Be smart when using the OSPF network statement

For whatever reason, a lot of people have the impression that the wildcard bits in the OSPF network statement have to be the inverse of the interface subnet mask. For example, if you have configured ip address 192.168.1.2 255.255.255.240 on an interface, they would enter network 192.168.1.2 0.0.0.15 in the OSPF configuration ... and obviously use one network statement per interface.

In reality, the network statements work like simple IP access-list: whenever an interface IP address matches the network statement, the interface is put into the selected area. The IOS is also pretty helpful recently: the network statements are automatically sorted from most-specific to least-specific and (like with the access lists) the first match stops the search.

In my network implementations, I use the network statements in three different ways:

  • If I have to assign a specific interface into an area, I would always use network x.y.z.w 0.0.0.0 area n;
  • If the area address ranges are nicely assigned (which also helps immensely when you have to start summarizing), you can use a single network statement to cover the whole area. If, for example, area 3 has address range 10.1.16.0/20, use network 10.1.16.0 0.0.15.255 area 3;
  • If the router has all interfaces in a single area, I would almost always use network 0.0.0.0 255.255.255.255 area area-id (unless there is an extremely good reason that some interfaces should not be seen by the OSPF process).

Please read our Blog Commenting Policy before writing a comment.

11 comments:

  1. Nice articule but with one mistake. When you configure ospf , the network statement work, as you said, as an ACL but... from the most-specific to the less specific. To use Cisco terms "the longest,the better".

    Thanks anyway for this post
    Alex

    ReplyDelete
  2. Ivan Pepelnjak22 July, 2010 09:16

    Thank you! Fixed.

    ReplyDelete
  3. You say "unless there is an extremely good reason that some interfaces should not be seen by the OSPF process ", can you give some examples of when this might be the case?

    ReplyDelete
  4. Ivan Pepelnjak03 April, 2012 08:26

    No ... 8-)

    ReplyDelete
  5. "If the area address ranges are nicely assigned (which also helps immensely when you have to start summarizing), you can use a single network statement to cover the whole area. If, for example, area 3 has address range 10.1.16.0/20, use network 10.1.16.0 0.0.15.255 area 3; "

    But doesn't the router-lsa see what is on the physical interface and assign accordingly, I have attempted to use a summary but the router-lsa will always advertise what mask you have configured

    Steve

    ReplyDelete
    Replies
    1. The "network" command specifies on which interfaces OSPF runs (and which subnets it includes in the LSA), not what subnet mask it should use.

      For OSPF summarization, look up "area summary" command, and remember that it only works across area boundaries. You cannot summarize within an OSPF area.

      Delete
    2. I agree on using area summary on the ABR for summaries, but what im trying to understand is you're point on an address range of 10.1.16.0/20 if the interface has the same mask then it's ok as the LSA type 1 will have the correct mask details if however you tried to summize to a /19 then the LSA would still show the /20 as configured on the interface

      Steve

      Delete
    3. I guess my point being what's the difference in using a .255 over a .0 in the wildcard when the genuine mask is /24 and will be propagated in the LSA 1 as such

      Delete
  6. I think you should re-read my comment. The "network" statement has nothing to do with the way OSPF advertises subnets and all to do with which subnets (interfaces) are advertised.

    ReplyDelete
    Replies
    1. Agree, so why you're point 2 "use network 10.1.16.0 0.0.15.255 area 3" when using a mask of 0.0.0.0 will achieve the same thing

      Steve

      Delete
    2. You would use the more specific area advertisement to ensure that range makes it into the correct area.

      A couple of notes (not for Ivan, but to clarify his point)
      1) The network command does not dictate anything about the LSA. If your interface has a /28 mask and your network wildcard mask is equivalent to a /16 (with the ranges overlapping) the LSA will contain the /28. If you have multiple interfaces that can be neatly summarized and they're all described by that /16 wildcard mask, the router will typically summarize and send out a summary LSA.

      2) The router organizes network statements from most to least specific regardless of how you type them. A wildcard mask of 0.0.0.255 would always appear before a mask of 0.0.255.255

      3) When the router is trying to decide which area to put an interface in, it iterates through the network statements like an ACL. When it finds one that matches, it assigns that area and stops looking.

      So, in Ivan's #2 example, he used 10.1.16.0 0.0.15.255 area 3. The reason he did this is because he probably has a less specific network statement to put everything else in area 0. Eg: 10.0.0.0 0.255.255.255 area 0. In this case the Router would put the area 3 statement above the area 0 statement and any interfaces matching 10.1.16.0 0.0.15.255 would be put in area 3; everything else in area 0.

      Important! - Using broad area definitions can be a security hole. The network statement causes an interface to become active on OSPF. That means two things: 1) LSA's are generated for that interface (good) 2) The router starts sending Hello messages on that interface (not always good). You should use the "passive-interface default" command in your OSPF configuration and then "no passive-interface" for every interface where you actually want an adjacency to form.

      Delete

Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.

Sidebar