OSPF NSX
The above topology illustrates OSPF Totally NSSA setup in NSX domain.
Distributed logical router is handling east-west traffic
within the data center while the edges E1 and E2 are handling north-south
traffic.
Edges E1 and E2 are configured in ECMP mode which allows
more bandwidth to flow in north-south direction.
Upto eight edges E1 – E8 can be configured in ECMP mode to
handle north-south traffic.
The other mode for edge is Active/Standby which can be
utilized when stateful services like NAT, firewall, load balancer, SSL and
IPSec VPN are to be configured on the edge.
In our topology above, such stateful services are not
configured and the requirement is to have more bandwidth in north-south
direction.
Downstream to the DLR are the logical switches corresponding
to Web, App and DB tiers respectively.
And the workloads are connected to the logical switches.
A brief about DLR control VM.
DLR Control VM is required when:
a.
There are dynamic routing protocols configured
b.
Or when there is L2 Bridging configured.
L2 bridging is useful while migrating workloads
from physical to virtual environment.
L2 bridging also facilitates extending
physical network to virtual network and vice versa.
Referencing the topology and the routing protocol setup, a
DLR control VM is required in this setup.
Also, when you deploy edge as a Distributed Logical Router,
these two IP addresses need to be configured aside from IP addresses related to
LIFs
-
Protocol address – This IP address corresponds
to the control plane exchange.
-
Forwarding address which corresponds to data
plane and this IP address handles exchange of data traffic.
===========================================================================
Routing setup:
a.
Totally
NSSA area is configured which is corresponding to the NSX domain.
b.
With Totally NSSA area configuration, the ABRs
will inject a default route into Totally NSSA area automatically.
c.
Totally NSSA area configuration will allow redistribution
of connected interfaces on the DLR.
d.
Physical routers have been configured as OSPF
Area Border Routers
So the physical routers are interfacing
backbone area and the Totally NSSA Area.
e.
The DLR along with edges E1 and E2 are within
Totally NSSA Area.
f.
NSX domain needs a default route for egress
traffic from NSX domain.
Routes which do not belong to the Totally
NSSA area and which are external to this area will be replaced by Type 3
default route.
Likewise for edge E2.
h.
Two external VLANs are used from each edge to peer
with the physical routers.
The number of external VLANs will be equal
to number of VDS uplinks. Each external VLAN will be carried on one ESXi
uplink.
With such a setup, both uplinks from ESXi
will be utilized for forwarding data traffic. Also a failure of one of the
physical uplinks will cause data traffic to shift to the other physical uplink
from ESXi.