VMware Networking Community
ciscen
Contributor
Contributor
‎12-12-2018 02:21 PM

OSPF Area ID "0" and ESG

Hi All,

I'm playing in lab -ESG,DLR with OSPF and noticed that OSPF area 0 becomes really important. If the setup is similar to FW/Router-to-ESG with ospf area 0 and ESG-to-DLR with ospf area x then DLR can get the default route from ESG. And this setup works with either normal or NSSA ESG-to-DLR.

If the setup uses different OSPF area id (other than 0) in between FW/Router-to-ESG, then no matter what mode (normal/nssa) I've used didn't get the default route redistributed to DLR.

However, "vmware validated design using ospf dynamic routing" doc stated at pg 18; (https://docs.vmware.com/en/VMware-Validated-Design/4.1/vmware-validated-design-41-sddc-ospf-bgp-rout... )

  • do not use NSX ESG as OSPF ABRs
  • do not include NSX ESGs in Area 0.

So, I wonder if anybody has a running setup that uses different OSPF area ID in between ESG and FW/Router which still redistribute default route to DLR again using ospf in between  ESG and DLR.

Thanks,

Cem

Tags (3)
Reply
0 Kudos
3 Replies
ciscen
Contributor
Contributor
‎12-12-2018 05:11 PM

hi All,

I've found a link and made a similar setup which seems working. OSPF NSSA and ECMP on Edge – Networking made easy!! 

The only difference is NSSA didn't work in my setup so I've used normal mode for ospf.

FW/Router-to-ESG OSPF area 11 -normal

ESG-to-DLR OSPF area 11 -normal

I'm guessing this way is also compatible with the validated design as ESG is not part of OSPF area 0 and not acting as ABR. Design guide also recommends using nssa but again that didn't work in my setup.

Any insight would be highly appreciated...

thanks,

Cem

Reply
0 Kudos
spirest
VMware Employee
VMware Employee
‎12-17-2018 10:16 AM

Cem,

From my understanding, the VVD documentation you've linked lists only recommendations for how to configure OSPF routing in a VVD scenario. VVD makes specific routing recommendations to keep the design consistent. VVD doesn't make general routing recommendations for all NSX designs. The routing design will need to fit each specific use-case and network.

I can attest directly that i've configured ESG's in area 0 with no issue. I believe this is a recommendation for VVD because management is in area 0 OSPF already and running more than a single area 0 is not always a good idea.

Now, for your question on default route advertisement between FW>ESG>DLR, you're saying that you can advert default route from FW>ESG, but not ESG>DLR, I suspect this has something to do with your routing configuration between ESG>DLR.

Can you break down for me exactly how you're peering and what areas/types you're using from FW>ESG>DLR? I can duplicate in my environment to see what's up.

When I have this sort of setup, I usually just configure my ESG with a static default route to the upstream FW, then I turn on default-originate in the ESG so it advertises the route to its connected DLRs. Generally I keep my DLRs and ESG in the same area, and run my ESG as an ASBR.

Reply
0 Kudos
spirest
VMware Employee
VMware Employee
‎12-18-2018 05:56 AM

Your second post seems to fulfill the 2 VVD requirements you were concerned about.

No area 0

No ESG as an ABR

Glad you were able to get it working. I believe nssa should also work, but you have to explicitly allow your ABR to propagate the default route with default-originate. Remember, you also need a DEFAULT ROUTE WITH A REACHABLE NEXT HOP in your routing table in order for an NSSA ABR to advertise a default route. The below article sort of explains that concept.

Let me know if you need some more help. You should be able to get this working as an NSSA if that's what you want. I would say, if you don't have a specific reason to run NSSA, then running a normal area won't cause a problem. It may not be full on "VVD" compliant, but it's still a supported routing configuration.

How OSPF Injects a Default Route into a Not So Stubby Area - Cisco

Reply
0 Kudos