In a recent course on IPv6, one of my students asked what the “network” command did as we were beginning to study the routing commands used in Cisco IOS when configuring OSPF. In attempting to answer the question, I was asked a second question that challenged my explanation. I have been asked this question before, and it was obvious to me that there are some misunderstandings as to what exactly this command means.
First, in IPv6, there is no network command that does what the network command does in OSPF and BGP for IPv4. In OSPFv3 (the OSPF for IPv6) the network command is used to identify the type of interface. You can read more here. Further, this article does not discuss allowing networks to be advertised or not advertised between OSPF areas. That is done with the 'area range' command. You can read more about that here.
The 'network' command is used in OSPFv2 (for IPv4 routing). This article fully explains and illustrates what this “network” command does and does not do, and I hope this clarification is helpful to others as well.
Let’s begin with a definition, in my own words as to what the network command is. The command is used to identify which interface address on the router being configured will be included within the OSPF process and to what area the interface will be assigned to. Think of it as an ‘allow’ command - allow this network to be advertised.
The correct usage of the network command is vital for the operation of the OSPF network. The full command is:
network ip-address wildcard-mask area area-id
Often the wildcard-mask is a stumbling point of configuration as it is written the opposite, or inverse, of common subnet mask notation. For example, the subnet mask 255.255.255.0 would be identified with a wildcard-mask of 0.0.0.255. In this wildcard-mask the zero’s mean that portion of the address must match, and the one’s mean any match.
The area-id portion of the command is used to assign an interface (and the network it represents) into a specific OSPF area; OSPF areas are used to provide a two level hierarchy to the routing network.
When enabling the routing protocol OSPF there is a minimum set of commands that I always use (the following example is for OSPFv2, IPv4 networking):
configure terminal router ospf 1 network 0.0.0.0 255.255.255.255 area 0 end
Based on the explanation above, we would read the network command as “allow network anything (all the bits are wildcard-mask) to be advertised as belonging to area 0”.
I have created a simple little network topology to demonstrate this configuration. Note the Routers in the topology are connected with interfaces that use subnetworks in the 192.168.something addressing space and 172.16.something address space, and they have loop back addresses configured as 126.96.36.199 or 188.8.131.52 or 184.108.40.206 addresses, with each of those being 32 bit masked addresses.
I will begin by adding the simplest OSPF configuration from above to get OSPF routing working:
If I look at any of the routing tables, we can see that all nodes are receiving all the configured routes:
This is because any configured interface address on any of the routers is being “allowed” to be advertised. For some networks this may not be acceptable. For example, if there is a management interface on our network, we may not want to advertise those interfaces. So, first let’s simply add a 10.something 32 bit look back address to each of the routers:
If we look again at the routing tables, all these addresses are showing up. So now, let’s change the network commands to allow the 220.127.116.11 or 18.104.22.168 or 22.214.171.124 and the 192.168.1.anything and the 172.16.anything addresses, but not allows the 10.anything addresses. To do this we must, under the OSPF process, first negate the prior network command that allows any address, and add network commands as follows (on Router 1):
no network 0.0.0.0 255.255.255.255 area 0 network 126.96.36.199 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0 network 172.16.0.0 0.0.255.255 area 0
The first command negates the prior network command.
The second command allows the loopback address 188.8.131.52
The third command allows the 192.168.1.anything networks to be advertised
The fourth command allows the 172.16.anything networks to be advertised, but critically since the 10.anything networks are not being allowed they will not be advertised.
The resulting routing tables now do not show any 10.anything addresses from other routers. The only one present will be that of the locally configured address:
With all of that understood, and the fact we stated that there is no network command as such in OSPFv3 at the beginning of the article, how do you not advertise certain routes in and IPv6 network? The answer is that you need to understand OSPFv3 configuration, and you would simply leave off the interface association to the OSPF process. You can read more in an article I have written for that here.
I think this clearly illustrates the network command meaning. The same applies to using the network command in other protocols such as BGP.
Comments? Questions? Thoughts?