Wired

 View Only
last person joined: 3 days ago 

Back to discussions
Expand all | Collapse all

OSPF and VSX

This thread has been viewed 40 times

  • 1.  OSPF and VSX

    EMPLOYEE
    Posted Jun 01, 2021 09:28 PM

    This post is a discussion about how OSPF neighbour can be connected to VSX pair and how VSX Active forwarding will resolve the suboptimal forwarding.

    Topology:

    OSPF and VSX

    An OSPF neighbour of a VSX pair can be connected in various way.,

    1. Routed port to each VSX node.

    Using routed ports is the most convenient method, but in that case only 1 VRF can be active on the port.

    1. VLAN interfaces (SVI), 1 on each link to each VSX node.

    When multiple VRFs are required between the routers, VLAN interface needs to be used to transport multiple SVI contexts over the same physical port.

    OSPF Related Config:

    6300F Switch Config

    Agg1 Config

    Agg2 Config

    vlan 41-42

     

    interface 1/1/25

        no shutdown

        mtu 9198

        no routing

        vlan trunk native 1

        vlan trunk allowed 41

        spanning-tree bpdu-filter

    interface 1/1/26

        no shutdown

        mtu 9198

        no routing

        vlan trunk native 1

        vlan trunk allowed 42

        spanning-tree bpdu-filter

     

    interface vlan 41

        ip address 10.5.41.4/24

        ip ospf 1 area 0.0.0.0

    interface vlan 42

        ip address 10.5.42.4/24

        ip ospf 1 area 0.0.0.0

     

    interface loopback 0

        ip address 10.5.0.4/32

        ip ospf 1 area 0.0.0.0

     

    router ospf 1

        router-id 10.5.0.4

        area 0.0.0.0

    vlan 41

     

    interface 1/1/1

        no shutdown

        mtu 9198

        description sw1-6300

        no routing

        vlan trunk native 1

        vlan trunk allowed 41

     

    interface vlan 41

        ip address 10.5.41.2/24

        ip ospf 1 area 0.0.0.0

     

    interface loopback 0

        ip address 10.5.0.2/32

        ip ospf 1 area 0.0.0.0

     

    router ospf 1

        router-id 10.5.0.2

        area 0.0.0.0

    vlan 42

     

    interface 1/1/1

        no shutdown

        mtu 9198

        description sw1-6300

        no routing

        vlan trunk native 1

        vlan trunk allowed 42

     

    interface vlan 42

        ip address 10.5.42.3/24

        ip ospf 1 area 0.0.0.0

     

    interface loopback 0

        ip address 10.5.0.3/32

        ip ospf 1 area 0.0.0.0

     

    router ospf 1

        router-id 10.5.0.3

        area 0.0.0.0

     

    Verifying OSPF Neighbour:

    OSPF and Access Switch
    3. one VLAN interface on a Layer2 LAG to the combined VSX system.

    Since every VRF would require a unique VLAN and subnet for each port, VSX also supports connecting OSPF peers over a Layer2 LAG with multiple VLAN interfaces. This reduces the number of VLAN interfaces that are required.

    The administrator should note that instead of point to point connections, the transit network become an OSPF broadcast network with 3 routers on the subnet: VSX primary, VSX secondary and the peer router.

    OSPF Related Config:

    Controller Config

    Agg1 Config

    Agg2 Config

    vlan 40

     

    interface gigabitethernet 0/0/16

        description "toagg1"

        trusted

        trusted vlan 1-4094

        no poe

        lacp group 5 mode active

        lldp transmit

        lldp receive

    !

    interface gigabitethernet 0/0/17

        description "toagg2"

        trusted

        trusted vlan 1-4094

        no poe

        lacp group 5 mode active

        lldp transmit

        lldp receive

    !

     

    interface port-channel 5

        trusted

        trusted vlan 1-4094

        switchport mode trunk

        switchport trunk allowed vlan 1,11,40

    !

     

    interface vlan 40

        ip address 10.5.40.6 255.255.255.0

        ip ospf area 0.0.0.0

    !

     

    router ospf

    router ospf area 0.0.0.0

     

    vlan 40

     

    interface lag 5 multi-chassis

        no shutdown

        no routing

        vlan trunk native 1

        vlan trunk allowed 1,11,40

        lacp mode active

        spanning-tree root-guard

     

    interface 1/1/5

        no shutdown

        mtu 9198

        lag 5

     

    interface vlan 40

        vsx active-forwarding

        ip address 10.5.40.2/24

        ip ospf 1 area 0.0.0.0

     

    interface loopback 0

        ip address 10.5.0.2/32

        ip ospf 1 area 0.0.0.0

     

    router ospf 1

        router-id 10.5.0.2

        area 0.0.0.0

    vlan 40

     

    interface lag 5 multi-chassis

        no shutdown

        no routing

        vlan trunk native 1

        vlan trunk allowed 1,11,40

        lacp mode active

        spanning-tree root-guard

     

    interface 1/1/5

        no shutdown

        mtu 9198

        lag 5

     

    interface vlan 40

        vsx active-forwarding

        ip address 10.5.40.3/24

        ip ospf 1 area 0.0.0.0

     

    interface loopback 0

        ip address 10.5.0.3/32

        ip ospf 1 area 0.0.0.0

     

    router ospf 1

        router-id 10.5.0.3

        area 0.0.0.0

     

     

    Verifying OSPF Neighbour:

    VSX and Controller

     

    Understanding the need for Active Forwarding:

    Note:

    • ICMP redirect is enabled by default.
    • VSX Active forwarding is disabled by default.

    Two VSX systems (Primary and Secondary) should have the same routing table information.

    We have an even and odd IP as source (Lo0 - 10.5.0.4 and 10.5.0.7), to force a hashing difference. Some traffic that may be destined to VSX Primary may be sent to the VSX secondary due to the LAG HASH.

    If you ping from source to destination and you saw the ping packets on both Agg1 and Agg2, it means that the traffic is redirected to the other VSX node. The destination MAC of the ICMP packet will not match 1 of the 2 switches (Agg1, Agg2), so that switch will forward the traffic over the ISL. The VSX Active forwarding will resolve the suboptimal forwarding.

     

    Disable ICMP redirect and enable Active forwarding. Once Active forwarding is enabled locally on both the Agg1 and Agg2, MAC and IP of the neighbour system are learnt and will be programmed in the ASIC for local routing.

    no ip icmp redirect

    interface vlanX

        vsx active-forwarding

    So now if you ping from both the even and odd source IP address, you will find that the traffic is routed locally by each Aggregation switch. (Only for the SVI where active forwarding was enabled). The destination MAC address of the ICMP packet will still be the other switch MAC address, but now it is handled by the local switch.

    VSX Active Forwarding
    With "Active Forwarding", the VSX nodes will learn the SVI MAC address from each other, and when traffic arrives on the SVI with destination MAC address of the peer, it will also be locally routed.


    ------------------------------
    Kapildev Erampu
    PreSales Consultant
    Aruba, a Hewlett Packard Enterprise company
    Sydney, Australia.
    Any opinions expressed here are solely my own and not necessarily that of HPE
    ------------------------------