nsx lab -Configure dynamic routing protocols: OSPF

Posted byruss oconnor Leave a comment on nsx lab -Configure dynamic routing protocols: OSPF

In the last post we configured static routes so the vm web-1 172.168.10.10 could reach the external layer 3 router 192.168.100.1
Static routes are probably going to be exceptions, and most deployments will use a routing protocol.

In this post we are going to configure the following OSPF areas and mappings

NSX-Lab-dLR - OSPF (3)

If you haven’t be sure to remove the static routes created on the ESG – see nsx lab – add/remove static routes

First from an esx session run net-vdr -l –route <dLR Name>
and note the routes available

[root@esx01:~] net-vdr -l --route nsxlab+edge-2
VDR nsxlab+edge-2 Route Table
Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
Legend: [H: Host], [F: Soft Flush] [!: Reject] [E: ECMP]

Destination      GenMask          Gateway          Flags    Ref Origin   UpTime     Interface
-----------      -------          -------          -----    --- ------   ------     ---------
0.0.0.0          0.0.0.0          192.168.10.10    UG       2   AUTO     806        138800000002
172.16.10.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   286745     13880000000a
172.16.20.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   286745     13880000000b
172.16.30.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   286745     13880000000c
192.168.10.0     255.255.255.128  0.0.0.0          UCI      1   MANUAL   286746     138800000002

Set a router ID
Networking and Security  > Edge Perimeter Gateway > Manage 

Global Configuration and add a router id, all we are doing is using the uplink interface id as a unique name that OSPF can use to distinguish the device

nsxlab-75

nsxlab-76

nsxlab-77

nsxlab-78

 

Enable OSPF
Routing tab >  OSPF > Edit and Enable OSPF

nsxlab-80

And Publish Changes

 

OSPF sub-divides networks, routers, and links into areas that are identified by a number, it’s a method of limiting route propagation,  limiting the scope of route information distribution. In other words we avoid passing the route information for every devices to every device by sub-dividing the network.

First up OSPF always has an Area 0, or backbone Area, this will be the hub that all the other areas must connect to

OSPF Areas - New Page (1)

Before we start creating a new area and Area to Interface mappings we need to decide where to place the backbone area
VMware KB2110603 recommends;

  • Each non-backbone area must have at least one router connected to Area 0.
  • An OSPF network can have only a single Backbone Area.
  • At least one internal router (a router having all interfaces mapped to the same area) must have connectivity to an Area Border Router.
  • When configuring NSX for vSphere Distributed Logical Router (DLR), if the uplink interface is not mapped to the Backbone Area, then VMware recommends connecting the uplink interface to an ABR.

In the last post the middle of our network was the ESG, that is where a static route had to be configured, the dLR didn’t need any route itself, so we will locate the area north of the dLR and consider the ESG as the internal router.

Configure ESG

Create Area 2

nsxlab-81

 

Next create area to interface mappings on the ESG (which is our area border router) one for each area mapping to the corresponding interfaces

area2

 

OSPF Areas mapping

OSPF Areas mapping2

 

Then configure OSPF to redistribute routes

OSPF Areas route

Specify that connected and Static routes can be redistributed

OSPF Areas route1

 

Publish changes and now move down to the dLR

OSPF Areas route3.3

There is only 1 area to interface mapping

OSPF dLR 1

An additional IP is required specified as the Protocol Address – this is a type of proxy address
The forwarding address is the Transit-LIF address

OSPF dLR 2

Define the OSPF Area

OSPF dLR 3

Create an area to Interface mapping

OSPF dLR 4

And set the Route Redistribution

OSPF dLR 5

That should be all

from an esx session run net-vdr -l –route <dLR Name>
Now note the routes – a new route 192.168.100.0 is added automatically

[root@esx01:~] net-vdr -l --route nsxlab+edge-2

VDR nsxlab+edge-2 Route Table
Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
Legend: [H: Host], [F: Soft Flush] [!: Reject] [E: ECMP]

Destination      GenMask          Gateway          Flags    Ref Origin   UpTime     Interface
-----------      -------          -------          -----    --- ------   ------     ---------
0.0.0.0          0.0.0.0          192.168.10.10    UG       1   AUTO     31         138800000002
172.16.10.0      255.255.255.0    0.0.0.0          UCI      2   MANUAL   286995     13880000000a
172.16.20.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   286995     13880000000b
172.16.30.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   286995     13880000000c
192.168.10.0     255.255.255.0    0.0.0.0          UCI      1   MANUAL   62         138800000002
192.168.100.0    255.255.255.0    192.168.10.10    UG       2   AUTO     23         138800000002

Ping the vyos router 192.168.100.1 from web-1 172.16.10.10 and it should now respond

 

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.