Lack of OSPF support has been a major blocker for multiple customers to migrate their NSX for vSphere environments to NSX-T. That's not the case anymore, since VMware released NSX-T 3.1.1 that offers OSPF support. While that news is still fresh, let's catch the hype and configure OSPF neighbour adjacency in my lab.

 

OSPF implementation in NSX-T

• NSX-T supports OSPFv2 only.
• IPv6 is not supported.
• Both, A-A and A-S High availability modes are supported.
• Only the Parent/Default Tier-0 supports OSPF. VRF Lite instances still support BGP only.
• Backbone (Area 0), Normal area and Not So Stubby Area (NSSA) are supported. For detailed explanation on the different Area types click here.
• Inter SR routing, in case of Active-Active implementation, is not needed as the LSDB is synced.
• No Federation support for OSPF, as of yet.
• Interface running OSPF could be Broadcast or Point-to-Point (p2p).
• OSPF ECMP supports up to 8 paths.
• BFD failure detection is supported with OSPF.
• Default Originate is supported, however I still fail to understand the use case in that implementation.
• Redistribution from OSPF to BGP and vice versa is not supported.

 

To fulfil the Physical Network Prerequisites I have enabled OSPF, on my Top of Rack switches, on the trunked interfaces that face the ESXi hosts, set a Default Area to 0 and the Default Area Type to Normal. Additionally, I enabled redistribution from BGP to OSPF and vice versa, and Default Originate to advertise the ToR switches as default routes to the OSPF enabled Tier-0 gateway.

 

My Setup

In my home lab I already have configured 2 separated tenants that use VRF Lite gateways, as I described in previous post. Those VRFs are connected to the "Default Tier-0 Gateway", which in turn runs on my first two node Edge cluster, that consists of Edge Node 1 and Edge Node 2.

Now I have a though choice to make - I either have to get rid of my VRF Lite configuration or create a 3rd tenant, which will use brand new Tier-0 gateway deployed on a new Edge Cluster that will consists of separate set of edges.

I chose the latter option. Now, after all the pre-reqs are met, that is how my environment looks like:

 

My home lab

Note that is a lab setup, so it is far from the best practices and requirements as set in the NSX-T Reference Design Guide, but that is how I had to implement it due to hardware constraints.

 

The logical routing topology I am deploying:

 

 

STEP 1: Create new Tier-0 gateway and add it to a dedicated Edge cluster. I chose to use Active-Active High Availability mode, just to double the throughput of the Edge nodes.

 

Create new Tier-0 gateway

 

STEP 2: Create two uplink interfaces per Edge Node, to connect to each uplink VLAN.

 

Tier-0 Interfaces

 

STEP 3: Enable OSPF by just flipping the switch.

Enable OSPF

Note when you create new Tier-0 gateway it gets BGP enabled by default. However, it is just that the BGP switch is on, there's nothing configured in the back, so either disable it or leave it as is, it won't make any difference.

STEP 4: Set the Area type. I am going to use Area 0 (Backbone), as that is what I configured on my Top of Rack switches.

Create OSPF Area

 

STEP 5: It is time to merry the Interfaces with the OSPF configuration. Click on "Set OSPF Configured Interfaces" --> "Configure Interface". Repeat that step 4 times to configure OSPF on all 4 interfaces.

Marry Interfaces with OSPF

I chose to enable BFD for these interfaces and that concludes the OSPF setup in NSX-T. The reason to enable BFD is because it provides rapid failure detection times between forwarding engines, while maintaining low overhead. In NSX-T 3.1.1 the default BFD keep alive TX/RX timers are set to 500ms with three retries, which accounts to a network convergence of a second and a half in a case any of the ToR switches fail.

 

STEP 6: It is time to verify the OSPF configuration is correct and the Tier-0 has formed adjacencies with both ToR switches and they are exchanging link-state updates/routing information.

In the UI, go to Networking --> Tier-0 Gateways --> Expand the T0-OSPF gateway --> and click on View, that is next to OSPF Neighbours:

Verify OSPF Neighbours Adjacency

 

OSPF Neighbours

There are 4 Neighbour adjacencies that are stuck in "2-way" state. These are the adjacencies between the uplinks on Edge Node 1 and Edge Node 2. The 2-way state indicates that the Tier-0 instances receive Hello packets from each other, however they will never establish an adjacency because in a Broadcast Network Type OSPF configuration, a router forms full adjacency only with the designated router instances, it stays in 2-way state with all other neighbours. More on the OSPF Neighbour States here.

 

Alternatively, to the method above, we can verify the OSPF adjacency via the CLI. For that purpose, I'm gonna ssh to Edge Node 3 to verify the Neighbour adjacency state and the routing table.

CLI

 

STEP 7: Set Route Redistribution, so all the Tier-1 connected (or directly connected to the Tier-0) Segments get advertised via the OSPF adjacency. Go to Networking --> Tier-0 Gateways --> Edit the freshly created Tier-0 --> expand Route Re-Distribution --> flip the switch on OSPF Route Redistribution Status to ON. Click on Set --> Add Route Re-distribution --> give it a name and select OSPF as Destination Protocol. Then click on Set and choose the route sources to be redistributed into the OSPF protocol.

 

Set Route Redistribution

 

Select the route sources to be redistributed into OSPF

 

Thanks for reading.

 

EDIT: VMware has released a slide deck with the supported OSPF features and example configurations and topologies. You can find it here.