Product Documentation

OSPF

Aug 09, 2017

LAN Side: Dynamic Route Learning

OSPF running on the LAN port of Netscaler SD-WAN appliance deployed in Gateway Mode

SD-WAN appliances perform route discovery of Layer 3 routing advertisements within a local customer network (both branch and data center) for each of the desired routing protocols (OSPF and BGP). The routes that are learnt are dynamically captured and displayed.

This eliminates the need for SD-WAN administrators to statically define the LAN-side networking environment for each appliance that is part of the SD-WAN network. 

localized image

WAN Side: Dynamic Route Sharing

NetScaler SD-WAN appliance having an AREA defined as a STUB area by limiting the learning of Type 5 AS-external LSA.

SD-WAN appliances can advertise the locally learned dynamic routes with the MCN. The MCN can then relay these routes to other SD-WAN appliances in the network. This exchange of information dynamically allows for maintaining connectivity between sites across the changing network.

OSPF Deployment Modes

In previous releases, OSPF instance learned routes from SD-WAN were treated as external routes with Type 5 LSA only.  These routes were advertised to its neighbor routers in Type 5 External LSA. This resulted in SD-WAN routes to be less preferred routes according to the OSPF path selection algorithm. 

With the latest release, SD-WAN can now advertise routes as intra-area routes (LSA Type 1) to get preference as per its route cost using the OSPF path selection algorithm. The route cost can be configured and advertised to the neighbor router. This allows for deploying SD-WAN appliance in one-arm mode described below.

 

Implementing OSPF in One-Arm Topology

In one-arm configuration, the router needs complicated PBR or WCCP configuration in OSPF deployments.  By changing the default export route type from Type 5 to Type 1 we can simplify this deployment. If SD-WAN routes are advertized as intra-area routes with less cost, and the SD-WAN appliance becomes active, the neighbor router selects SD-WAN routes and automatically begins forwarding traffic through SD-WAN network. Additional PBR or WCCP configuration is not required any longer.  

Prerequisites:

  • SD-WAN Appliances at the DC and Branch sites should be running latest release version.
  • End-to-End IP connectivity should be configured and working fine.
  • OSPF is enabled on all the sites.
To configure OSPF Type 1:
  1.      Configure Virtual Interfaces and WAN links on both the DC and Branch sites so that you can create Virtual Path between them.
  2.      Under Connections->[MCN]->Route Learning->OSPF->Basic Settings, select Export OSPF Route Type to be Type 1 Intra Area.
  3.      Save the configuration, stage and activate the configuration.
You should be able to see following route types under Export OSPF Route Type 
  • Type 5 AS External
  • Type 1 Intra Area

You should be able to configure Type 5 AS External route.

After activation of the changed configuration, you should see the Route Type changes under Configuration->Virtual WAN->View Configuration->Dynamic Routing.

localized image

As shown in the illustration above, DC MCN is deployed in one-arm topology. When DC site is up, one-arm router forwards all traffic from local LAN to other sites, such as the Branch's local LAN whose destination IP address is within same subnet to the SD-WAN first, then SD-WAN appliance wraps all packets and sends it to the router with all the packets destination IP address in the Branch Virtual IP address. The router then forwards those packets to WAN.

When the DC site is down, router forwards all traffic from local LAN to other sites (branch site's local LAN, destination IP is within subnet) to WAN directly, and not to the SD-WAN appliance.

OSPF Type5 to Type1 Deployment in MPLS Network

The following deployment mode is provided to avoid loop formation in an MPLS network configured using SD-WAN appliances. The illustration below describes the standard MPLS network implementation.

 

localized image

In the above illustration:

  • OSPF is configured between ME-BR1_Router and ME-DC_Router in area 0.
  • OSPF is configured between ME-DC_Router and DC in area 0.

Recommended Configuration:

          a. DC VW and ME-DC_Router on area0

          b.  ME-BR1_Router and ME-DC_Router on area0

          c.  BR1 VW and ME-BR1_Router on area0

On the ME-DC_Router: 

                a. Add, static route for 172.58.3.10/32(Virtual IP of BR1 for MPLS Link) through 172.58.6.1

                b. Add, static route for 172.58.4.10/32(Virtual IP of BR1 for INET) through 172.58.5.1 

Adding static routes prevents loop formation between the ME-DC_Router and DC SD-WAN appliance. If you do not add static routes, the MCN forwards traffic to the ME-DC Router, and back from router to the MCN and this creates a loop continuously.

The static routes which are not PBR routes but the destination Host IP based routes will traverse towards the right link to be chosen from the DC side based on the path chosen and the encapsulation performed thereafter. Therefore, with these static routes configured, the encapsulated packets with any destination Virtual IP of BR1 SD-WAN appliance would use these links as per the best path selected by the DC MCN.

Add ACL to avoid loop formation when IPHOST routes are installed (if no static Virtual IPs configured):

     a.  If the IPHOST routes advertised by BR1 SD-WAN appliance are installed by the MCN router ME-DC_Router and not added as static routes as mentioned above, there is a possibility of loop formation if the OSPF participating interface (172.58.6.x) between ME-BR1_Router and ME-DC_Router goes down.

This is because with this interface down, the IPHOST routes are flushed from ME-DC_Router’s routing table.

     b.  If this happens, MCN will forward the encapsulated packet destined to one the BR1 VIPs to ME-DC Router and back from router to the MCN and loop continuously.

On the ME-BR1_Router: 

Advertise 172.58.3.x network to ME-DC_Router with a higher cost than the cost advertised for the same network by DC, if the same AREA-ID is used between ME-BR1_Router <-> ME-DC_Router and ME-DC_Router <-> DC (SD-WAN)

     a.  Based on the cost metric computation of OSPF 10^8/BW and the cost for route prefixes are based on the interface type. SD-WAN appliances advertise the virtual path and virtual WAN specific static routes to the external or peer routers with default SD-WAN cost of 5.

     b. If the ME-BR1_Router is also advertising 172.58.3.0/24 as an internal OSPF type 1 route alongside DC (SD-WAN) which also advertises the same prefix as interal ospf Type 1 route, then according to cost computation, by default the ME-BR1_Router’s route will be configured, as the cost is lesser than SD-WAN’s default cost of 5. To avoid this and make SD-WAN appliance chosen as preferred route initially, the interface cost of (172.58.3.1) needs to be manipulated to make it higher on the ME-BR1_Router so that DC SD-WAN route is configured in the routing table of the ME-DC_Router. 

This also ensures that when the DC SD-WAN appliance fails, the alternate route to use ME-BR1_Router as the next preferred gateway will ensure uninterrupted traffic flow.

Use ME-DC_Router as a source for advertising 172.58.8.0/24 network to both DC SD-WAN and the ME-BR1_Router

 With this route, the DC SD-WAN can send packets to the upstream router being aware of the LAN subnet after decapsulation. If DC SD-WAN goes down, the legacy routing infrastructure would help ME-BR1_Router use the ME-DC_Router as the next hop to reach the 172.58.8.x network.

 

To configure OSPF exported routes as Type1 under Basic OSPF Settings

  1. Configure Virtual Interfaces and WAN links on both DC and Branch sites to create Virtual Path between them.
  2. Under Connections->[MCN]>Route Learning->OSPF->Basic Settings, select Export OSPF Route Type to be Type 1 Intra Area
  3. Save the configuration, stage and activate the same.
  4. You should be able to see following two route types under Export OSPF Route Type

                        -  Type 5 AS External

                        -  Type 1 Intra Area

        5.  After activation of the changed config, you can see the Route Type changes under Configuration->Virtual WAN->View Configuration->Dynamic Routing

         6. Routes should be advertised as Type5 External AS by the SD-WAN appliance. Routes learnt through SD-WAN should be displayed in the neighboring routers as Type5 AS External routes.

To configure OSPF exported route weight under Basic OSPF Settings

  1. Configure Virtual Interfaces and WAN links on both DC and Branch sites to create Virtual Path between them.
  2. Under Connections->[MCN]->Route Learning->OSPF->Basic Settings, configure Export OSPF Route Weight.
  3. Save the configuration, stage and activate the same.
  4. Now, configure Export OSPF Route Weight to any numeric value between 1 to 65529.
  5. After activation of the changed config, you can see the Route Weight under Configuration->Virtual WAN->View Configuration->Dynamic Routing.
  6. The default route weight exported should be 0. Actual cost of the route should only be the cost of SD-WAN. 

To configure OSPF exported routes as Type1 under Export Filter settings

  1. Configure Virtual Interfaces and WAN links on both DC and Branch so that we can create Virtual Path between them
  2. Under Connections->[MCN]->Route Learning->OSPF->Export Filters configure an export filter.
  3. Expand the filter. Configure Export OSPF Route Type to Type 1 Intra Area route.
  4. Save the configuration, stage and activate the same.
  5. You should be able to see following two route types under Export OSPF Route Type

                        -  Type 5 AS External

                        -  Type 1 Intra Area

        6.  After activation of the changed config, user should be able to see the Route Type changes under  Configuration->Virtual WAN->View Configuration.  Route type should be displayed as Type 5 AS External. 

To configure OSPF exported route weight under Export Filter settings

  1. Configure Virtual Interfaces and WAN links on both DC and Branch so that we can create Virtual Path between them
  2. Under Connections->[MCN]->Route Learning->OSPF->Export Filters configure an export filter.
  3. Expand the filter. Configure Export OSPF Route Weight to any numeric value between 1 to 65529.
  4. Save the configuration, stage and activate the same.
  5. After activation of the changed config, user should be able to see the Route Type changes under Configuration->Virtual WAN->View Configuration.
  6. Route Weight configured under Export Filter should override the Weight configured under Basic OSPF Settings. 

SD-WAN and Third-Party (non SD-WAN) Appliance Deployment

As shown in the illustration below, third-party appliance site can get to Site B's LAN by sending traffic to Site B directly. If it cannot send traffic directly, fallback route goes to Site A, then using virtual path between DC to Branch sites to get to the Branch. If that fails, it will use MPLS2 to get to Branch site.

localized image

Configuration Steps:

  1. Configure Virtual Interfaces and WAN links on both DC and Branch so that a Virtual Path is created between the sites.
  2. Configure Export Route Type as Type1 and assign cost as 195 on the SD-WAN appliance.
  3. Save, stage and activate the configuration.
  4. Send traffic between the end hosts on DC and Branch sites.
  5. Shutdown the link between R1 and R2.
  6. Send traffic between the end hosts on DC and Branch sites.
  7. Unshut the link between R1 and R2.
  8. Send traffic between the end hosts on DC and Branch sites.
  9. Disable Virtual WAN Service on the DC site so that Virtual Paths go down. 
  10. Send the traffic between the end hosts on DC and Branch sites.
Verifying Configuration
  1.  Initially, at step 4, all the traffic passes through SD-WAN appliance.  
  2.  At step 6, when the link between R1 and R2 is broken, traffic is routed towards SD-WAN through R3. 
  3. At step 8, traffic flows through SD-WAN appliance with R2 as the next hop for the LAN Router R1. 
  4. At step 10, Virtual WAN paths go down between DC and BR1 appliance and traffic should flow normally as before the SD-WAN network was configured.

Traffic flow can be observed in the SD-WAN GUI under Monitoring->Flows.

Implementing OSPF with SD-WAN Network in High Availability Setup

localized image

OSPF Type5 to Type1 with high-availability sites during failover to standby appliance and deployed in high-availablity setup

To configure OSPF in HA deployment:

  1. Configure Virtual Interfaces and WAN links on both DC and Branch to create Virtual Path between them.
  2. Setup High-Availaiblity.
  3. Export Route Type configured as Type 1 and Route Weight as 50
  4. Save the configuration, stage and activate the same.
  5. Start traffic flow.
  6. Observe that under Monitor->Statistics->Routes, the hit count increases for OSPF routes with least costs.
  7. Bring the Active MCN down and observe the behavior. 
  8. Bring the original Active MCN back Up.
  9. The Dashboard->High Availability Status shows correctly for HA Local Appliance and Peer Appliance for Active and Standby.
  10. Under Configuration->View Configuration-> Dynamic Routing, OSPF is enabled and export_ospf_route_type shows Type1 and export_ospf_route_weight as 50.
  11.  Even after failover the High Availability Status shows correct OSPF configuration for Local and Peer Appliance.
  12. View Monitor->Statistics->Routes. The hit count increases for OSPF routes with least costs.
  13. After failback, the High Availability Status shows correct OSPF configuration for Local and Peer Appliance.
  14. Verify that the hit count increases for OSPF routes with low cost under view Monitor->Statistics->Routes.