9 Replies Latest reply: Dec 30, 2014 2:48 AM by Aref - CCNPx2 (R&S - Security) / Network+ / Security+ RSS

    OSPF Wildcard masks

    Steven Williams

      So when I am configuring OSPF networks, I am getting into the habit of this:

       

      The interface IP is 192.168.1.1

       

      network 192.168.1.0 0.0.0.255 area 1

       

       

      Now I have seen it done like this:

       

      The interface IP is 192.168.1.1

       

      network 192.168.1.1 0.0.0.0 area 1

       

       

      I understand that they both work, but what is best practices and what are some pros and cons?

        • 1. Re: OSPF Wildcard masks
          Keith Barker - CCIE RS/Security, CISSP

          So when I am configuring OSPF networks, I am getting into the habit of this:

           

          The interface IP is 192.168.1.1

           

          network 192.168.1.0 0.0.0.255 area 1

           

           

          Now I have seen it done like this:

           

          The interface IP is 192.168.1.1

           

          network 192.168.1.1 0.0.0.0 area 1

           

           

          I understand that they both work, but what is best practices and what are some pros and cons?

          Hello Hollywood -

           

          Wild card mask with .255 Pros:

           

          1 statement covers multiple interfaces, so less typing.

           

          Wild card mask with .255 Cons:

           

          1 statement covers multiple interfaces, so less typing.     This is the pro and the con.   If a large wild card is used, you may accidentally  include interfaces not intended, or even future interfaces that haven't been configured yet, unintentionally.

           

           

           

          Using the all 0.0.0.0 for the wildcard is more lines to type in, if you are including multiple networks, (that would be the con side), but it is very exact, like a surgeon making precision cuts, for each specific interface to be included in OSPF (and that is the pro side).    If you like to control everything, to a very detail level, the 0.0.0.0 option would be preferred.

           

          Best wishes,

           

          Keith

          • 2. Re: OSPF Wildcard masks
            Conwyn

            Hi Hollywood

             

            Use 0.0.0.0 and avoid typing or thinking errors.

             

            Use 0.0.0.255 if you want people to know you are a trainee.

             

            Regards Conwyn

            • 3. Re: OSPF Wildcard masks
              Steven Williams

              I finally got a laugh today with all my hard studying!!

              • 4. Re: OSPF Wildcard masks
                Richard Burts

                I like the concept that Keith introduced of precise (or precision of specification) and for me that is the core of the distinction. Either wildcard will work (0.0.0.255 or 0.0.0.0 - or for that matter 0.0.255.255 etc) and the difference is how precise do you want to exert control over what is happening. You can use the more inclusive mask which probably results in fewer statements to enter but results in less precise control of what interfaces are affected.

                 

                Lets assume that there are 3 interfaces that fall within the address range covered by 0.0.0.255. For now you want all of them to be in area 1. So the entry with 0.0.0.255 works just fine. But what if in 3 months the network has grown and to accomodate growth you want to introduce area 2 and you want to put just one of the interfaces into area 2. That is why I prefer to use the more specific mask - it is much easier to come back and make changes without impacting other things.

                 

                Your original post asked about what is best practice. I would advocate for the more precise mask as best practice. I like having lots of control over what is going on in my config and the more precise mask gives me more control.

                 

                HTH

                 

                Rick

                • 5. Re: OSPF Wildcard masks
                  Steven Williams

                  That's make some sense Rick, but isnt the idea of OSPF to keep the similar subnets in the same area? So if you had three interfaces all apart of a 192.168.1.0/24 subnet, why would you later put break those up into different areas?

                  • 6. Re: OSPF Wildcard masks
                    Richard Burts

                    I would suggest that over time the determination of what are "similar subnets" that should be in the same area might change. Think about what happens as the network grows. For a simple scenario lets think about a company that has HQ in New York city and they originally had 6 branch offices (three in New York state and thee in Mass) and they put all branch offices in area 1. Then the company grew and there are more branch offices. And they decide to redesign the network and now they want area 1 to be New York state and they want to introduce area 2 as Mass. So now they need to re-assign the OSPF interfaces that connect to all the Mass branch offices.

                     

                    I would suggest that in a live network there are many similar reasons why the assignment of interfaces to areas might change.

                     

                    HTH

                     

                    Rick

                    • 7. Re: OSPF Wildcard masks
                      Scott Morris - CCDE/4xCCIE/2xJNCIE

                      conwyn.flavell wrote:

                       

                      Hi Hollywood

                       

                      Use 0.0.0.0 and avoid typing or thinking errors.

                       

                      Use 0.0.0.255 if you want people to know you are a trainee.

                       

                      Regards Conwyn

                       

                      Hey now!  >I< still do that sometimes!  

                       

                      Anyway, the lesson is more that the "network" command has nothing to do (directly) with advertising a network, so there isn't direct correlation between the configured subnet mask and the inverse mask used on the network command.

                       

                      The "network" command is ONLY used to determine which interfaces will be participating in the routing protocol, and the ONLY match is based on configured IP address (thus the idea that 0.0.0.0 will work).  The advertising of the network in the RIB is a secondary effect.

                       

                      HTH,

                       

                      Scott

                      • 8. Re: OSPF Wildcard masks
                        Frank

                        Hi, I was asking myself if there are errors on the following page when talking about OPSF wildcard masks,

                        it is almost at the top of the page at the 1st Detailed Steps commands:

                         

                        http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/route_ospf.html

                         

                        Step 2

                        network ip_address mask area area_id
                        

                        Example:

                        hostname(config)# router ospf 2
                        

                        hostname(config-router)# network 10.0.0.0 
                        255.0.0.0 area 0

                        If I know my stuff well, OSPF uses wildcard masks,
                        it should be:
                        hostname(config)# router ospf 2

                        hostname(config-router)# network 10.0.0.0 
                        0.255.255.255 area 0


                        Thank You!
                        • 9. Re: OSPF Wildcard masks
                          Aref - CCNPx2 (R&S - Security) / Network+ / Security+

                          Hi Frank,

                           

                          That's because you use the subnet mask not the wildcard mask on Cisco ASAs.

                           

                           

                          Regards,

                          Aref