OSPF Design question

Unanswered Question
Oct 10th, 2009

I have a L3 cisco 4506 (LAN) and a cisco 3845 (WAN). Im running a single area OSPF network.

Would you use the network statement to advertise all your L3 interfaces on the 4506. Or use redistribute connected subnets and the network statement on the common interface between the 4506 and 3845. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Sat, 10/10/2009 - 08:12

Normally, I would use network statements to place interfaces within OSPF. This would be true, in your example, on both the 4506 and 3845. This makes it a little easier, I think, to control what is injected into OSPF and, if I remember correctly, makes for different type of OSFP routes (which could become important later on).

Giuseppe Larosa Sat, 10/10/2009 - 08:14

Hello Jeff,

the network area command for the common subnet is strictly required because otherwise no OSPF adjacency can be built between the two devices.

Using network area command + eventually passive-interface is to be preferred to redistribute connected:

red connected creates OSPF external routes O E2 or O E1.

network ... area commands create internal routes.

OSPF provides tools for inter-area filtering of internal routes but no selective filtering for external routes: the idea is or all external routes go in the area if it is a normal area or all external routes are blocked if it is a type of stub area.

So I would go for network .. area command.

Be aware that network ... area is not constrained to IP subnet on interfaces so with few statements you can address multiple connected interfaces.

example

network 10.10.0.0 0.0.255.255 area 0

works for

int vlan 10

ip addr 10.10.1.1 255.255.255.0

for

int vlan 45

ip addr 10.10.45.1 255.255.255.0

So I would use network area commands +

passive-interface to avoid to have OSPF hellos sent out client vlans.

Hope to help

Giuseppe

Joseph W. Doherty Sat, 10/10/2009 - 08:46

Just to expand on some of the additional details Giuseppe provided.

"Be aware that network ... area is not constrained to IP subnet on interfaces so with few statements you can address multiple connected interfaces."

The OSPF network statement can be restricted to an interface; matching an interface depends on the OSPF network statement's address and mask matching just the interface's IP. Unlike some other routing protocols, OSPF network statements match just interfaces IPs, not subnets. (OSPF will, though, "pick up" the network subnet from the interface when it's advertised into OSPF.)

e.g.

example

network 10.10.1.0 0.0.0.255 area 0

or

network 10.10.1.1 0.0.0.0 area 0

works for

int vlan 10

ip addr 10.10.1.1 255.255.255.0

but not for

int vlan 45

ip addr 10.10.45.1 255.255.255.0

"passive-interface to avoid to have OSPF hellos sent out client vlans. "

Certainly a good idea if there isn't another OSPF router you want to neighbor with. If there is, you'll need the hellos but you can secure them with authenication. Either can be rather important unless you don't mind someone adding OSFP routers on your client subnets (some hosts can run OSPF).

Actions

This Discussion