Networking/Computing Tips/Tricks

In a recent course on IPv6, one of my students asked what the “network” command did as we were beginning to study the routing commands used in Cisco IOS when configuring OSPF. In attempting to answer the question, I was asked a second question that challenged my explanation. I have been asked this question before, and it was obvious to me that there are some misunderstandings as to what exactly this command means.

First, in IPv6, there is no network command that does what the network command does in OSPF and BGP for IPv4.  In OSPFv3 (the OSPF for IPv6) the network command is used to identify the type of interface.  You can read more here.  Further, this article does not discuss allowing networks to be advertised or not advertised between OSPF areas.  That is done with the 'area range' command. You can read more about that here.

The 'network' command is used in OSPFv2 (for IPv4 routing).  This article fully explains and illustrates what this “network” command does and does not do, and I hope this clarification is helpful to others as well.

Let’s begin with a definition, in my own words as to what the network command is. The command is used to identify which interface address on the router being configured will be included within the OSPF process and to what area the interface will be assigned to. Think of it as an ‘allow’ command - allow this network to be advertised.

The correct usage of the network command is vital for the operation of the OSPF network. The full command is:

network ip-address wildcard-mask area area-id

Often the wildcard-mask is a stumbling point of configuration as it is written the opposite, or inverse, of common subnet mask notation. For example, the subnet mask 255.255.255.0 would be identified with a wildcard-mask of 0.0.0.255. In this wildcard-mask the zero’s mean that portion of the address must match, and the one’s mean any match.

The area-id portion of the command is used to assign an interface (and the network it represents) into a specific OSPF area; OSPF areas are used to provide a two level hierarchy to the routing network.

When enabling the routing protocol OSPF there is a minimum set of commands that I always use (the following example is for OSPFv2, IPv4 networking):

configure terminal
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
end

Based on the explanation above, we would read the network command as “allow network anything (all the bits are wildcard-mask) to be advertised as belonging to area 0”.

I have created a simple little network topology to demonstrate this configuration. Note the Routers in the topology are connected with interfaces that use subnetworks in the 192.168.something addressing space and 172.16.something address space, and they have loop back addresses configured as 1.1.1.1 or 2.2.2.2 or 3.3.3.3 addresses, with each of those being 32 bit masked addresses.

networkcmd1 

I will begin by adding the simplest OSPF configuration from above to get OSPF routing working:

 networkcmd2

If I look at any of the routing tables, we can see that all nodes are receiving all the configured routes:

 networkcmd3

This is because any configured interface address on any of the routers is being “allowed” to be advertised. For some networks this may not be acceptable. For example, if there is a management interface on our network, we may not want to advertise those interfaces. So, first let’s simply add a 10.something 32 bit look back address to each of the routers:

 networkcmd4

If we look again at the routing tables, all these addresses are showing up. So now, let’s change the network commands to allow the 1.1.1.1 or 2.2.2.2 or 3.3.3.3 and the 192.168.1.anything and the 172.16.anything addresses, but not allows the 10.anything addresses. To do this we must, under the OSPF process, first negate the prior network command that allows any address, and add network commands as follows (on Router 1):

no network 0.0.0.0 255.255.255.255 area 0
network 1.1.1.1 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0

The first command negates the prior network command.
The second command allows the loopback address 1.1.1.1
The third command allows the 192.168.1.anything networks to be advertised
The fourth command allows the 172.16.anything networks to be advertised, but critically since the 10.anything networks are not being allowed they will not be advertised.

 networkcmd5

The resulting routing tables now do not show any 10.anything addresses from other routers. The only one present will be that of the locally configured address:

 networkcmd6

With all of that understood, and the fact we stated that there is no network command as such in OSPFv3 at the beginning of the article, how do you not advertise certain routes in and IPv6 network?  The answer is that you need to understand OSPFv3 configuration, and you would simply leave off the interface association to the OSPF process.  You can read more in an article I have written for that here.

I think this clearly illustrates the network command meaning. The same applies to using the network command in other protocols such as BGP.

Comments?  Questions?  Thoughts?

 

Comments powered by CComment

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP AToM Baseline BGP Bloom's Taxonomy Broadband Cable cat CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud CMD Coloring Rules Computer Consulting Customer Support Data Center Data Networking DHCPv6 DNS Docker Documentation Dublin-Traceroute dumpcap ECMP Ethernet Ethics Evaluation Field Operations Fragmentation G-MPLS GeoIP Git GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 India Interface Control Internet IoT IPsec IPv4 IPv6 IRINN IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC Macro Microsoft mininet Monitoring MPLS mtr MTU Multicast Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap Npcap NSE Observations Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Paris-Traceroute Parrot PIM PMTU Policy POTS POTS to Pipes PPP Profile Programming Project Management PW3E Python QoS QUIC Remote Desktop Requirements Resume RIP Routing RPL RSVP Rural SDN Security Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark Testing TLS Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Windows Winpcap Wireless Wireless 5G Wireshark Wireshark Tip WLAN Writing Zenmap ZigBee

Twitter Feed