NSX-T Routing With OSPF

Introduction

NSX-T 3.1.1 introduced support for OSPFv2 routing protocol for Tier-0 gateways. This feature was one of the most awaited features for some time. The introduction of OSPF to NSX-T solves one of the major hindrances that was stopping customers from migrating to NSX-T.

There are lots of customers who are still running NSX-V in their environment and OSPF as routing protocol used in their infrastructure. Now since NSX-T supports OSPF, customers can do a greenfield deployment of NSX-T and switch workloads from NSX-V to NSX-T using the L2 bridge and without much changes to their physical network.

Since this feature is pretty new, it will be interesting to see how soon customers adopt this in their environment. 

Disclaimer: This post is inspired by an original blog post written by  Peter Milchov

Before jumping into the lab, let’s revisit some important facts associated with OSPF support.

  • NSX-T 3.1.1 supports OSPFv2 only. OSPFv3 might come in a later release.
  • OSPF can be configured only on the Parent Tier-0. VRF gateways still support BGP only.
  • Backbone (Area 0), Normal area, and Not So Stubby Area (NSSA) are supported.
  • Only one Area definition can be configured as of now.
  • OSPF is not supported by the NSX-T federation yet.
  • Interface running OSPF could be Broadcast or Point-to-Point (p2p).
  • OSPF ECMP supports up to 8 paths.
  • BFD failure detection is supported with OSPF.
  • Route Redistribution from OSPF to BGP and vice versa is not supported.
  • IPv6 is not supported.
Lab Setup

In my lab, I have deployed a couple of vyos routers which act as ToR switches for my SDDC networks. The below diagram shows the high-level architecture of my lab setup. 

ToR Configuration

ToR 01

Note: Area 10 is being used in my OSPF config

ToR 02

NSX-T Config

Create Uplink Segments for Tier-0

I have created 2 VLAN-backed segments in VLAN 600 & 700 respectively and associated them with Edge Uplink Transport Zone. 

Deploy Tier-0 Gateway: Pretty straight-forward task. Please see my previous blog post for Tier-0 creation steps. 

Configure Tier-0 Interfaces

Once Tier-0 is created, interfaces can be configured by editing Tier-0 and selecting External and Service Interfaces, and clicking on set. 

I have the below interfaces configured in my lab. 

Configure Tier-0 Routing (OSPF)

Once T0 interfaces are configured, expand Routing > OSPF.

Use the toggle button to enable OSPF and click on Set Area Definition. 

Click on Add Area Definition and specify the Area ID. Since I am using Area 10 on my ToR’s, I have entered the same here. Select type as Normal (as we are not using backbone/NSSA area) and hit Save.

Enable ECMP (if T0 is deployed in A-A) and click on Set OSPF Configured Interfaces to associate T0 interfaces with OSPF. 

  • Click on Configure Interface and select the T0 interface one by one and associate them with Area ID which you created in the previous step.
  • Select Network Type as Broadcast (as same has been configured on my ToR) and enable OSPF on this interface. 
  • Enable BFD and select BFD profile as Default and hit save. 

Repeat the process for all other T0 interfaces. 

This is how it looks like in my lab after enabling OSPF on all 4 interfaces of T0. 

Configure Route Re-Distribution for OSPF
  • Expand Route Re-Distribution and use the toggle button to enable OSPF one. 
  • Click on Set Route Re-Distribution to specify what route will be advertised from Tier-0 to the ToRs. 

  • Click on Add Route Re-Distribution and provide a name for the rule.
  • Select OSPF as destination protocol.
  • Click on the Set button to specify re-distribution sources. 

Since this is my lab environment, I have almost selected everything. For the production environment, you have to plan this carefully as per your environment needs. 

Click on Add button to finish the Route Re-Distribution wizard. 

  • Hit the Save button to commit the OSPF configuration. 
  • Click on Close Editing to finish the routing setup wizard.

Clicking on View OSPF Neighbors will show you neighbor adjacency that Tier-0 has formed with ToRs and the 2 edge nodes among themselves. 

Note: In the below diagram, you can see that there are 4 neighbor adjacencies that are stuck in a “2-way” state. These are the adjacencies formed between the uplinks of the 2 edge nodes. What this means is the Tier-0 instances on the edge nodes receive Hello packets from each other, however, they will never establish an adjacency. 

This is the default behavior of OSPF when it is is configured in broadcast mode. In this mode, an OSPF-enabled device forms full adjacency only with the designated router instances (ToRs/North-bound router). For all other neighbors, it stays in a 2-way state forever. 

Verify OSPF Adjacency on ToRs

On logging to the ToRs, I can see that both the ToRs have formed OSPF adjacency with the NSX-T edges. 

Verify Route Advertisement

To verify route are getting advertised from NSX-T edges to ToRs or not, I created two test segments in NSX-T

and then I checked the routing table on ToRs.

OSPF external routing table shows that NSX-T configured subnets are advertised to  ToRs. 

And that concludes this post. 

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂

Leave a ReplyCancel reply