Nexus 7k & OSPF

surya.thapa · ‎10-23-2011

hi,

We are having two nexus 7k configured in vpc environment, Currently we are using SVI's and single vdc. Default route going to our company's network. We have a seperate setup for particular source and destination for which traffic gets encrypted and follow vpn tunnel and goes through the same company network. I mean, for three particular SVI's, traffic to Destination A, will go through VPN routers and gets encrypted and in return follow the path over the company network. Whereas for other SVI's to go to destination A, it will follow normal company path without VPN tunnel. We are currently using PBR for the same on those three SVI's. Now, the destinations have increased and we want to configure OSPF instead of using PBR, to fulfill this requirement. First query, is it possible to configure OSPF to serve the purpose. We tried as per attached diagram, but facing few problems. Below are some observations.

1. Neighbourship is getting formed, but routing table is getting updated only in one nexus core at a time as second core will get update over vPC link.

2. All SVI's taking OSPF path for Destination A, instead of taking normal default route.

Now questions are, is it really possible to configure OSPF for particular SVI's? How to stop OSPF route learning over vPC links, like in router we could define distance 255... command? Any help will be really appreciated.

Marwan ALshawi · ‎10-23-2011

You need to have a separate link either layer 3 or layer with svi on both switches for ospf peering

Do not use the vPC peer link to form ospf peering as this will lead to splitting the routing and issues like the one you facing

For VPN re routing you can keep the pbr and for other traffic you could use ospf for simplicity

Hope this help

If helpful rate