OSPF configuration

One of the basic steps in configuring the Open Shortest Path First (OSPF) routing protocol is telling the router which interfaces should be included in which areas. This is accomplished via the "network" command, and in most networks, is very simple. The command syntax in IOS includes an IP address, wildcard mask and the area number as configurable parameters. Interestingly, many administrators believe the IP address and wildcard mask are what OSPF will advertise, but this is not the case. What this statement actually does is define which interfaces on the router will be included in OSPF. The router creates its advertisements based on the subnet mask configured on each interface.

So, nine times out of ten, you will see administrators configure the IP address as the network address instead of the interface address and the wildcard mask with the same number of interesting bits as the subnet mask, and there is nothing really wrong with this. For instance, if a router had two interfaces with addresses 10.1.1.1 /24 and 10.1.2.1 /24 respectively in area 0, you might expect to see an administrator enter these network commands:

network 10.1.1.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.255 area 0

But as I said, that doesn't tell the router to advertise 10.1.1.0 /24 and 10.1.2.0 /24. Rather, it tells the router that all interfaces on the router between 10.1.1.0 and 10.1.2.255 are OSPF interfaces assigned to area 0. For example, the statements

network 10.1.1.1 0.0.0.0 area 0
network 10.1.2.1 0.0.0.0 area 0

or

network 10.0.0.0 0.255.255.255 area 0

are functionally equivalent to the first set of statements in that all three sets of statements will enable OSPF on those two interfaces.

So... why would you use one or the other? The answer depends in part on your network, discipline and preference. In a small network, where you probably only have one area, and all your interfaces will be in OSPF and part of the same network (e.g. 10.0.0.0/8), it probably makes sense to take the path of least resistance, keep the config simple and just use a single network statement to cover all interfaces.

If your network is more complex, or you have multiple areas, or your network changes a lot, a very good habit to get into is specifying each interface address explicitly. The advantage here is that you don't accidentally slip up and put an interface in the wrong area. The wildcard mask 0.0.0.0 means each statement only applies to a single IP address and won't accidentally overlap another interface. If you're using a lot of VLSM, that can be challenging to troubleshoot.

An example of where this could cause trouble is if you had a router that joined an OSPF network to an EIGRP network, and you were redistributing between the protocols... If you accidentally included an interface in OSPF when you thought it was only in EIGRP, then your router may behave much differently than you anticipate.

Another example could be that a loopback address is accidentally included and is covered by a summary command. Consider what happens if a real interface fails, and you may expect a summary to be withdrawn, but because the loopback never goes down, the summary stays up, preventing traffic from taking an alternate and still available route.

Granted, these examples are unlikely, but they have happened many times before and demonstrate the sorts of issues that can be easily avoided.

Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSP^TM: Secure PIX and Secure VPN Study Guide published by Sybex.