Implementing OSPF as an Underlay Protocol in SONiC

As data center networks continue to evolve, the choice of underlay routing protocol becomes increasingly important. While BGP has gained popularity in modern data center designs, many organizations still prefer using OSPF as their underlay protocol due to its familiarity and widespread deployment in enterprise networks. In this article, I’ll explore how to implement OSPF as an underlay protocol in Enterprise SONiC, covering key configuration aspects, design considerations, and best practices.

Why OSPF as an Underlay?

Before diving into the implementation details, let’s understand why you might choose OSPF as your underlay protocol:

1. Protocol Separation: Some organizations prefer to maintain a clear separation between underlay and overlay routing protocols. Using OSPF for underlay and BGP for overlay provides this clean distinction.
2. Familiarity: Network engineers often have extensive experience with OSPF in traditional enterprise networks, making it a comfortable choice.
3. Simplicity: For networks that don’t require the scale and policy control of BGP, OSPF can be simpler to implement and troubleshoot.
4. Convergence Speed: OSPF can provide fast convergence times, which is critical in a data center environment.

OSPF Design Principles in SONiC

Enterprise SONiC’s implementation of OSPF as an underlay follows these key design principles:

• Single Area Design: All links are placed in a single OSPF area for simplicity
• IP Unnumbered Support: Saves IP addresses and simplifies configuration
• Point-to-Point Links: Optimizes OSPF operation between leaf and spine switches
• BFD Integration: Enables fast failure detection
• Authentication: Secures OSPF adjacencies

Configuring IP Unnumbered

One of the most elegant aspects of modern data center designs is the use of IP unnumbered interfaces. This approach allows an interface to “borrow” its IP address from another interface (typically a loopback), saving IP addresses and simplifying configuration.

Here’s how to configure IP unnumbered in SONiC:

ip unnumbered <donor-interface>        

For example:

Leaf1(config)# interface Ethernet 14
Leaf1(conf-if-Ethernet14)# ip unnumbered Loopback 0        

You can verify the configuration with:

show ip interfaces        

Basic OSPF Configuration

To configure OSPF in SONiC, you start by enabling the OSPF router process and assigning a router ID:

router ospf [vrf <vrf-name>]
ospf router-id <routerid>        

Then, you enable OSPF on specific interfaces by assigning them to an area:

ip ospf area <area-id>        

Here’s a complete example:

Leaf1(config)# router ospf
Leaf1(config-router-ospf)# ospf router-id 99.1.1.1
Leaf1(config-router-ospf)# exit
Leaf1(config)# interface Ethernet 14
Leaf1(conf-if-Ethernet14)# ip ospf area 0
Leaf1(conf-if-Ethernet14)# ip ospf network point-to-point        

To verify your configuration, use:

show ip ospf
show ip ospf interface        

OSPF Reference Bandwidth

By default, OSPF calculates link cost using the formula: Cost = Reference BW/Link BW (in Mbps), with a default reference bandwidth of 10^8 (100 Mbps). This means that all links faster than 100 Mbps (like 1G, 10G, etc.) would get the same minimum cost of 1, making them indistinguishable from a routing perspective.

To properly account for modern high-speed data center links, you should adjust the reference bandwidth:

auto-cost reference-bandwidth <ref-bandwidth>        

For example:

Leaf1(config)# router ospf
Leaf1(config-router-ospf)# auto-cost reference-bandwidth 100000        

This sets the reference bandwidth to 100 Gbps, allowing OSPF to differentiate between links of various speeds up to 100G.

You can verify this configuration with:

Leaf1# show running-configuration ospf
!
router ospf
 ospf router-id 99.1.1.1
 auto-cost reference-bandwidth 100000        

OSPF Authentication

Security is crucial in data center networks. SONiC supports three authentication options for OSPF:

1. No authentication (Null Authentication)
2. Clear-text authentication
3. Cryptographic authentication based on message digest (recommended)

To configure message digest authentication:

• First, enable authentication for the area:

router ospf
area <areaid> authentication message-digest        

• Then, configure authentication on each interface:

ip ospf authentication message-digest
ip ospf message-digest-key <keyid> md5 <md5key>        

Here’s a complete example:

Leaf1(config)# router ospf
Leaf1(config-router-ospf)# area 0 authentication message-digest
Leaf1(config-router-ospf)# exit
Leaf1(config)# interface Ethernet 14
Leaf1(conf-if-Ethernet14)# ip ospf authentication message-digest
Leaf1(conf-if-Ethernet14)# ip ospf message-digest-key 1 md5 Bro@dcom        

This configuration ensures that OSPF adjacencies are only formed between switches that share the same authentication credentials, protecting your network from unauthorized devices.

A Complete OSPF Underlay Example

Let’s look at a more comprehensive configuration example for a leaf switch in an OSPF underlay:

interface Loopback 0
 description Router-ID
 ip address 192.168.0.1/32
 ip ospf area 0.0.0.1

interface Ethernet7
 mtu 9100
 speed 25000
 fec none
 no shutdown
 ip unnumbered Loopback0
 ip ospf area 0.0.0.1
 ip ospf authentication message-digest
 ip ospf bfd
 ip ospf network point-to-point
 ip ospf message-digest-key 1 md5 08d542e925e9fed7fe3c5eb3f6c2a5bb encrypted

interface Ethernet8
 mtu 9100
 speed 25000
 fec none
 no shutdown
 ip unnumbered Loopback0
 ip ospf area 0.0.0.1
 ip ospf authentication message-digest
 ip ospf bfd
 ip ospf network point-to-point
 ip ospf message-digest-key 1 md5 08d542e925e9fed7fe3c5eb3f6c2a5bb encrypted

router ospf
 ospf router-id 192.168.0.1
 auto-cost reference-bandwidth 100000
 log-adjacency-changes detail
 area 0.0.0.1 authentication message-digest        

This configuration includes: - A loopback interface for the router ID - Two Ethernet interfaces configured with IP unnumbered - OSPF enabled on all interfaces with authentication - BFD for fast failure detection - Point-to-point network type for optimal operation - Adjusted reference bandwidth for proper cost calculation

Best Practices for OSPF Underlay

Based on the Enterprise SONiC documentation, here are some best practices to follow when implementing OSPF as your underlay protocol:

1. Use a single area: Keep all links in a single area (typically area 0 or area 0.0.0.1) to simplify the design.
2. Configure IP unnumbered: This saves IP addresses and simplifies configuration management.
3. Set interfaces as point-to-point: This optimizes OSPF operation by eliminating the DR/BDR election process.
4. Enable BFD: This provides sub-second failure detection, improving convergence times.
5. Implement authentication: Always secure your OSPF adjacencies with MD5 authentication.
6. Adjust reference bandwidth: Set this to accommodate your fastest links to ensure proper cost calculation.
7. Enable detailed logging: Use the log-adjacency-changes detail command to help with troubleshooting.

Integrating OSPF Underlay with BGP EVPN Overlay

When using OSPF as your underlay protocol with a BGP EVPN overlay, you’ll typically configure iBGP sessions between leaf and spine switches for the overlay. The OSPF underlay provides reachability for the BGP sessions.

Here’s a simplified example of how this integration works:

router ospf
 ospf router-id 192.168.0.1
 auto-cost reference-bandwidth 100000
 area 0.0.0.1 authentication message-digest

router bgp 65000
 router-id 192.168.0.1
 address-family l2vpn evpn
  advertise-all-vni

 neighbor 192.168.0.4
  remote-as 65000
  update-source interface Loopback 0
  address-family l2vpn evpn
   activate        

In this configuration, OSPF provides the underlay connectivity between the loopback interfaces, allowing the BGP sessions to establish over these loopbacks.

Conclusion

Implementing OSPF as an underlay protocol in Enterprise SONiC provides a familiar and effective foundation for your data center network. The combination of IP unnumbered, authentication, and BFD creates a robust, secure, and fast-converging underlay that can support advanced overlay technologies like VXLAN and EVPN.

While BGP has become increasingly popular for data center underlays, OSPF remains a viable and sometimes preferable option, especially for organizations with existing OSPF expertise or those seeking a clear separation between underlay and overlay routing protocols.

By following the configuration examples and best practices outlined in this article, you can successfully deploy an OSPF underlay in your Enterprise SONiC network, providing the reliable connectivity foundation needed for modern data center applications.

• CLOS Architecture in Data Centers with Enterprise SONiC
• Host Attachment Models in Enterprise SONiC: Single-homed, Dual-homed, and ECMP
• Basic Configuration and Management of SONiC Devices
• Zero Touch Provisioning in Enterprise SONiC: Automating Network Deployment
• L2 Switching Configuration in SONiC: VLANs and Port Channels - STORDIS GmbH
• MCLAG and Link State Tracking in SONiC: Configuration Guide for Resilient Data Center Networks
• DHCP Relay Configuration in Enterprise SONiC
• Deploying BGP Underlay in Enterprise SONiC: Peer Templates, Authentication, and BFD - STORDIS GmbH
• Unnumbered BGP in Enterprise SONiC STORDIS GmbH