Selecting a Routing Protocol for NSX-V
by Vince DeFiore

by | Jan 15, 2019 | Blog

There are two routing protocol options for VMware NSX-V: Border Gateway Protocol (“BGP”) and Open Shortest Path First (“OSPF”). In most cases BGP is the preferred option for several reasons that are covered below. However, OSPF can also be a viable option for some customer environments.

This Technical Article does not dive into the details of how these protocols operate. Rather, it can assist with selecting the appropriate routing protocol for a customer.

Regardless of the routing protocol selected, VMware NSX can be considered a stub network and therefore only requires a default route. The physical network should advertise a default route to the NSX perimeter ESGs which is passed down to the uDLR/DLR. Conversely, NSX should only advertise a unique block of IP space to upstream routers.

How to Choose Between OSPF and BGP

Customers that have a single data center location and are currently using OSPF may be a good candidate for OSPF running in NSX-V. The customer may already be comfortable with OSPF and introducing a new protocol like BGP can add to the learning curve. However, if there are plans to expand to a multi-site architecture, the complexity with OSPF can greatly increase in terms of influencing traffic ingress/egress.

Additional consideration should be given to OSPF area design. It is recommended that the ESGs are not positioned as an ABR. An ABR is a router that is connected to one or more areas. The physical router/L3 switch should provide the ABR function and the ESG has both uplinks and transit interfaces in an NSSA area. The DLR would also uplink to the NSSA area.

Additional considerations:

  • MTU mismatches will affect neighboring. Always give extra attention to path MTU between neighbors to ensure it matches end-to-end.
  • Neighbors are not statically defined, instead hellos are transmitted onto an L2 segment to discover neighbors. This is a major disadvantage compared to BGP because OSPF routers can sometimes neighbor with other routers that are unnecessary or unintended.
  • The cost metric does not influence egress (as you would expect) due to the fact that route redistribution generates external type 2 (E2) routes which ignore the cost metric. For this reason, egress traffic steering can be a challenge.

When to Choose BGP vs. OSPF

When designing NSX for multi-site data center architectures, BGP is almost always recommended. NSX egress path preference can be easily influenced using the weight metric. Ingress path preference must be handled by the physical network using a method such as AS-Path prepend or local preference If using local preference, this assumes the customer is using a single ASN across both DC locations physical core routers. A significant advantage to BGP is that neighboring is statically defined by IP address. This ensures deterministic behavior for route propagation. It also allows for granular control on a per-neighbor basis.

Additional considerations:

  • Typically, a single BGP ASN is used for all NSX components which includes both sites ESGs and DLRs. This means that iBGP is configured within NSX
  • eBGP should be configured between the NSX perimeter ESGs and the physical network
  • The default hello and hold timers are 60/180. Consider tuning these down to lower values to improve routing convergence time. Common options include 1/3, 4/12, 10/30, 20/60. Check with the customer to understand requirements for HA and also check if the physical network vendor has capabilities for tuned timers.

If you have any questions, please feel free to reach out to us at contactus@sas-us.com. We are always available to discuss your needs and recommend solutions.