Citrix SD-WAN supports a wide variety of deployments. In an earlier post, I explained how to enable BGP on Citrix SD-WAN. In this blog post, I’ll cover Open Shortest Path First (OSPF) routing protocol.

Technically speaking, both protocols have the same goal in the SD-WAN network: support virtual inline or edge implementation. Unlike BGP, which is an EGP, OSPF is an IGP and is commonly deployed on the DC LAN side in the SD-WAN architecture.

Before I dig into configurations, let’s recap some basic OSPF concepts in case you aren’t familiar with the protocol. Already familiar with the technical aspects of OSPF? Skip ahead to the configuration section of this post.

The diagram below will be used as a configuration reference for this article:

Open Shortest Path First (OSPF)

Because OSPF is an open standard routing protocol, it allows multi-vendor compatibility, which is common with SD-WAN deployments.

OSPF is a link-state routing protocol. That means routers in the OSPF domain exchange topology information with its neighbors, so all routers in a given area will have a copy of the OSPF topology table. Link-state protocols metric calculation is much more advanced than distance vector protocols such as RIP, which only considers cost as routing metric. That makes OSPF a robust protocol for most LAN environments.

OSPF uses the area concept. An area is a logical collection of routers. Area 0 (or 0.0.0.0) is also called the Backbone area because all areas must be connected to a router (ABR) that connects to Area 0. There are multiple roles among the routers in an OSPF area, including:

  • Area Border Router (ABR) — The router that shares inter-area interfaces.
  • Autonomous System Boundary Router (ASBR) — The router that redistributes external routes, usually from other routing protocol, into the OSPF Domain (SD-WAN can be deployed as an ASBR).

When it comes to implementation type, SD-WAN supports two methods:

  • Broadcast — This is where multiple routers interconnect within a multi-access area. To avoid flooding the network with OSPF packets, a multi-access broadcast method uses multicast (IP 224.0.0.5). In this kind of implementation, OSPF elects one router to be the  designated router (DR), and another router to be the backup designated router (BDR). If a router isn’t DR or BDR, it’s called DROTHER. This happens per multi-access network, not per area, so you can have multiple DRs and BDRs within an area. We recommend SD-WAN to be DROTHER and let the internal routers be responsible for the DR and BDR functions. The order of the DR/BDR election happens as follows:
  1. Highest OSPF priority.
  2. Highest OSPF router-ID.
  3. Highest loopback interface
  4. Highest configured interface ID

Here’s an example of the Broadcast Network output:

The image above shows the OSPF neighbor as displaying SD-WAN Neighbors as DR and BDR.

The image above shows the state of the SD-WAN OSPF Interface (DROTHER), Area, and Timers, as well as the address of the DR/BDR RID and IP.

  • OSPF Point-to-Point: This implementation method is the simplest and doesn’t have DR/BDR. This literally involves connecting two OSPF neighbors directly.

OSPF Route Type

With Citrix SD-WAN, OSPF implementations support two OSPF route types:

Type 1 Intra-Area (aka LSA type 1)

In this implementation method, SD-WAN will advertise its routes as OSPF routes. LSA type 1 packets are sent between routers within the same area of origin. These routes usually don’t leave the local area and need to be summarized by the ABR. Use this method if you want to receive SD-WAN routes as Internal Routes. Below, you’ll find an example of how OSPF routes will look like if you select Type-1 routes. The neighbor Router OSPF output shows OSPF networks as Type 1.

Type 5 External (aka LSA type 5)

In this kind of configuration, SD-WAN is the ASBR and advertises its routes as external routes. All SD-WAN routes are seen as E1, which means that the Cost of the External metric adds to the internal cost to reach that network. The image below shows how the OSPF Type-5 networks will look in the Routing table

SD-WAN OSPF Configurations

The first thing you have to do when configuring OSPF is configure the Basic Settings.

Options:
Enable: Enabling SD-WAN OSPF Routing
Advertise Citrix SD-WAN Networks: SD-WAN advertises its Networks to OSPF Neighbors
Advertise BGP Routes: Advertises BGP route table into the OSPF
Router ID: Used in the DR/BDR Election, it doesn’t necessarily need to be an SD-WAN IP. If left in blank, the OSPF Interface IP will be used.
Export OSPF Route Type: Select Route Type-1 or Type-5 Routes
Export OSPF Route Weight: Change the default OSPF route weight


The next section is the area configuration:

Area ID: Area Number where SD-WAN will be connected
Stub Area Check: Used when SD-WAN is placed in a Stub Area
Virtual Interfaces: Define interfaces where OSPF will be enabled
Name: Interface Name (select)
Source IP: Automatically set to the Interface VIP
Interface Cost: 10 is the default
Authentication type and Password: Select between plain text and MD5 Password and Define Password
Network Type: Select between, Auto, Point-to-Point or Broadcast (default is Auto)
Hello/Dead Intervals:  Default protocol timers are 10/40 (seconds)

Export Filters

In this list, you can filter overlay routes advertised to the OSPF Neighbor. To avoid routing loops, I’d recommend that you advertise only overlay networks into the data center.

Import Filters

This list filters routes learned from the OSPF Neighbor to inject in the overlay network.

OSPF Outputs

To access the route table, go to Monitoring > Routing Protocols.

Dynamic Route table

The image below shows the local SD-WAN Routing table:

Other Useful Tables

OSPF State Table

OSPF Topology Table

OSPF LSADB Table

Troubleshooting

You can enable the dynamic routing debugging tool for troubleshooting purposes. That logs OSPF errors, route database exchange, OSPF hello messages, and more.

Summary of the SD-WAN design recommended practices.

  • OSPF Configurations
    • Broadcast Network is preferred
    • SD-WAN configured as DROther
    • Tune SD-WAN neighbor OSPF timers
    • Adjust SD-WAN interface cost
    • Define Type-1 or Type-5 networks according to your environment
    • Make sure SD-WAN networks are preferred over WAN networks
    • Be aware that eBGP admin distance is preferred over OSPF
    • Configure import/export filters and cost to avoid routing loops
    • Adjust BGP/OSPF redistribution if needed

Conclusion

Now you’re exchanging routes with the DC and are saving countless hours by eliminating the need for manual configs. Additionally, you don’t have to rely on multiple PBR access lists. OSPF is simple and easy to configure and helps you to avoid manually updating static routes.

In my next blog post, I’ll cover import/export filters in more detail. Stay tuned!


Citrix Tech Bytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix technologies.

Click here for more Tech Bytes and subscribe.

Want specific Tech Bytes? Let us know! tech-content-feedback@citrix.com.