Routing – OSPF between ASA and IOS: Subnet and area design

cisco-asacisco-ios-12ospfrouting

enter image description here Network: 100.10.0.0/21

R1, 100.10.0.9/29 (loopback 100.10.0.1/32)
R2, 100.10.0.10/29 (loopback 100.10.0.2/32)

ASA (active), 100.10.0.11/29
ASA (passive), 100.10.0.12/29

R1 has two bgp transit upstreams. R2 and R1 has iBGP so R2 can route via R1. R2 will, after ospf is confirmed working, get one of the transit upstreams. Both R1 and R2 now has a static route for 100.10.0.0/21 to 100.10.0.11 (asa).

Do I have to divide the /21 subnet into smaller areas, or can it, in its whole, be part of area 0 (if so, I don't understand how R1 or R2 would know to reach everything on the /21 by routing to the asa).

Divide the /21

area 0
    network 100.10.0.8 255.255.255.248

area 1
    network 100.10.1.0 255.255.255.0
    network 100.10.2.0 255.255.255.0
    network 100.10.3.0 255.255.255.0
    network 100.10.4.0 255.255.255.0
    network 100.10.5.0 255.255.255.0
    network 100.10.6.0 255.255.255.0
    network 100.10.7.0 255.255.255.0

OR, have the network as a whole in area 0?

area 0
    network 100.10.0.0 255.255.248.0

Best Answer

Like Mike said (in the comments) the network command will search for interfaces within that range and start advertising through it. It will also take the subnet of that interface and advertise it into OSPF. A cleaner way of looking at it that now a days instead of giving the network command you can go into an interface and add it to the OSPF proccess. This in turn does the same as the network command (find interface - advertise it)

If you say /24 or /21 doesn´t matter it's just a wider scope for OSPF to search for the interface.

Now back to your issue, the /21 won´t be advertised unless you have an interface as /21 and are advertising it in OSPF. What you could do is a static route (pointing to null0) on the ASA and redistribute it into OSPF (redistribute static subnets). Other methods like summary address are only available in ABR and ASBR (OSPF Border routers). Or you could, if applicable inject a default route in OSPF at the ASA.

The area part totally depends on your setup but if we are only talking OSPF within routers and ASA we can safely assume that one Area 0 will suffice. Try not to get mixed up with areas and networks here. Without going into to much detail and explinations of area and LSA just remember the golden rule, every area has to connect to the center (area 0), and area 0 can not be discontiguous.

Also remember if you want to redistribute iBGP into OSPF you need to allow it within BGP with "bgp redistribute-internal".

Based on your information i hope this is what you where looking for.

EDIT: OSPF area

Best Answer

Related Solutions

Bgp – Odd OSPF/BGP issue

Cisco – BGP Multihoming with 2900’s – one /24 and 2 ASA 5510’s

Related Topic