From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Thu Sep 23 2004 - 20:22:52 GMT-3
At 1:47 PM -0400 9/23/04, Brian McGahan wrote:
>Duncan,
>
> Yes, the most specific network statement determines which area
>an interface will be in. For example, the below configuration dictates
>that interface 10.10.10.10 will be in area 3:
>
>Router ospf 1
> Network 10.0.0.0 0.255.255.255 area 0
> Network 10.10.0.0 0.0.255.255 area 1
> Network 10.10.10.0 0.0.0.255 area 2
> Network 10.10.10.10 0.0.0.0 area 3
>
> In previous versions it used to be the order in which the
>statements were entered in. In newer versions the IOS automatically
>reorders it the way it wants, so the most specific statement wins.
Awk. One of the guidelines of the IETF is called the "Principle of
Least Astonishment." In other words, a protocol, once implemented,
should behave consistently unless there is an overwhelming and widely
communicated need. Violation of the principle of least astonishment
was one of the major complaints about Verisign's adding DNS wildcards
to steer undefined domains to Sitefinder.
What urgent problem was Cisco solving by reordering this? It's
definitely going to cause some migration headaches, variously when
someone upgrades a sequence of network statements expected to work
the old way, and it no longer does. Of course, if you follow my
recommendation of always using an 0.0.0.0 mask unless absolutely
necessary, it won't break. :-)
With a change like this, watch out for backward compatibility as
well. I remember well moving from 10.2 to 10.3, in which 10.3 made
significant automatic changes to access lists, some of which were not
backward compatible. Prior to 10.3, you specified the numeric value
of a TCP or UDP port in an extended access list. 10.3 changed
well-known ports to mnemonics. If you found a bug in 10.3 and tried
to go back with the 10.3 config, all the access lists would break.
10.3 was also the release where the default behavior of an
access-group with no corresponding access-list changed. In 10.2 and
before, IOS essentially created an access list consisting of deny
all, which actually is a good rule by the security Principle of Least
Privilege. From 10.3 on, however, an access-group with no access list
had no effect.
>
>
>HTH,
>
>Brian McGahan, CCIE #8593
>bmcgahan@internetworkexpert.com
>
>Internetwork Expert, Inc.
>http://www.InternetworkExpert.com
>Toll Free: 877-224-8987 x 705
>Outside US: 775-826-4344 x 705
>24/7 Support: http://forum.internetworkexpert.com
>Live Chat: http://www.internetworkexpert.com/chat/
>
>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>Of
>> duncan5322@bellsouth.net
>> Sent: Thursday, September 23, 2004 12:28 PM
>> To: ccielab@groupstudy.com
>> Subject: OSPF Question
>>
>> Could someone help me with this?
>> Let's say I have this config.
>>
>> ROUTER OSPF 10
>> network 172.1.0.0 0.0.255.255 area 0
>>
>>
>> and I add:
>> network 172.1.1.0 0.0.0.255 area 1
>>
>> which area will 172.1.1.0 be advertised in? Will the more specific
>> statement override the more general one even though it comes later in
>the
>> config?
>>
>> Thanks
>>
>>
>_______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:48 GMT-3