Table Of Contents

Configure Basic OSPF on Nexus 9000

Topology:

Diagram of OSPF configuration between two Cisco Nexus 9000 switches connected via Ethernet interfaces with loopback interfaces advertised into OSPF.
The last octet is the router number unless specified otherwise. Example: N9K-1's Eth1/1 is 10.0.12.1/24

In this tutorial I’ll show you how to configure basic OSPF on Nexus 9000 devices. The topology has two Nexus 9000’s physically connected on their Eth1/1 interfaces. I’ll show you how to enable the feature, create the OSPF process, enable these interfaces for single area OSPF, specify a router-ID (and why you should), and advertise loopback interfaces in OSPF. Everything will be in the backbone area, area 0. 

Keep in mind there are some important differences and things you should know when it comes to OSPF on NX-OS and regular Cisco IOS. I explain them here and recommend you take a look if you haven’t already. With that being said let’s jump right in. 

Before you start configuring routing protocols all over the place, it’s a good idea to make sure you at least have IP reachability between the 9K’s. If not then the OSPF adjacencies will never come up and you might waste time troubleshooting OSPF when it’s really an interface or IP addressing problem.

N9K-1# ping 10.0.12.2
PING 10.0.12.2 (10.0.12.2): 56 data bytes
36 bytes from 10.0.12.1: Destination Host Unreachable
Request 0 timed out
64 bytes from 10.0.12.2: icmp_seq=1 ttl=254 time=45.501 ms
64 bytes from 10.0.12.2: icmp_seq=2 ttl=254 time=9.116 ms
64 bytes from 10.0.12.2: icmp_seq=3 ttl=254 time=7.463 ms
64 bytes from 10.0.12.2: icmp_seq=4 ttl=254 time=6.489 ms

--- 10.0.12.2 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 6.489/17.142/45.501 ms
The first ping is usually lost because the device needs to send out an ARP request to get the destination MAC address.

IP reachability is there, now it’s time to configure basic OSPF on Nexus 9000 devices.

Configuration Steps

Enable the OSPF feature.

N9K-1(config)# router ospf 1
                    ^
% Invalid command at '^' marker.

I can’t even configure OSPF unless I enable the “OSPF” feature. Most features in NX-OS are disabled by default. Only the minimum features needed to get connectivity to the box are enabled.

N9K-1(config)# feature ospf
N9K-1(config)# router ospf 1
N9K-1(config-router)# log-adjacency-changes

I was able to create the OSPF process after enabling the feature. 

The log-adjacency-changes command in Cisco NX-OS can be used to configure a router to send a syslog message when the state of an Open Shortest Path First (OSPF) neighbor changes. It's disabled by default.

In regular Cisco IOS when you want to specify what interfaces participate in OSPF you have the option to use a network statement under the OSPF process or directly at the interface level. In NX-OS there are no network statements. You must use interface level OSPF commands. Let’s get Eth 1/1 on N9K-1 into OSPF.

N9K-1(config-router)# int e1/1
N9K-1(config-if)# ip router ospf 1 area 0

Under Eth1/1 I used the ip router ospf 1 area 0 command. This tells Eth 1/1 that it belongs to OSPF process 1 and it’s in area 0. I’ll do the same thing on N9K-2.

N9K-2(config)# feature ospf
N9K-2(config)# router ospf 1
N9K-2(config-router)# log-adjacency-changes
N9K-2(config-router)# int e1/1
N9K-2(config-if)# ip router ospf 1 area 0

After a few moments a log message on N9K-2 should tell me its neighbor is in the full state. 

N9K-2 %OSPF-5-ADJCHANGE:  ospf-1 [8402]  Nbr 10.0.12.1 on Ethernet1/1 went FULL

Perfect, the neighbor is up and in the full state. If you want to quickly verify the OSPF interface information you can use the show ip ospf interface brief command. I’ll do this on N9K-1.

N9K-1# show ip ospf interface brief 
 OSPF Process ID 1 VRF default
 Total number of interface: 1
 Interface               ID     Area            Cost   State    Neighbors Status
 Eth1/1                  1      0.0.0.0         40     BDR      1         up  

This output tells me important OSPF inforation about Eth1/1 including what OSPF area it’s in, the cost (metric), how many neighbors it has and more. If I want to see information specific to its OSPF neighbors I can use the show ip ospf neighbor command. 

N9K-1# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 1
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.0.12.2         1 FULL/DR          00:21:01 10.0.12.2       Eth1/1 

I can see OSPF router-ID of the neighbor, its state, up time and more. Next I’ll show you how to specify the OSPF router-ID. 

If a router ID is not manually configured, the loopback 0 IP address is always preferred. If loopback 0 does not exist, Cisco NX-OS selects the IP address for the first loopback interface in the configuration. If no loopback interfaces exist, Cisco NX-OS selects the IP address for the first physical interface in the configuration.

You always want to manually specify the router-ID. I haven’t so far, let me show you what it’s set to currently on both switches.

N9K-1(config)# show ip ospf | include ID
 Routing Process 1 with ID 10.0.12.1 VRF default
N9K-2(config)# show ip ospf | include ID
 Routing Process 1 with ID 10.0.12.2 VRF default

It’s set to the first physical IP in the configuration which belongs to Eth1/1 on each device. If I configure loopback 0 on N9k-1 with 1.1.1.1/32 it will immediately override the OSPF router-ID with its own value. Let me show you. 

N9K-1(config)# int lo0
N9K-1(config-if)# ip add 1.1.1.1/32
N9K-1(config-if)# show ip ospf | include ID
 Routing Process 1 with ID 1.1.1.1 VRF default

Right away after configuring loopback 0 with an IP address the OSPF router-ID was updated to that value. When the router-ID changed, the adjacency flapped. 

N9K-1(config-if)# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 1
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.0.12.2         1 TWOWAY/DR        00:00:04 10.0.12.2       Eth1/1 

You can see the neighbor has been up for 4 seconds. That flap causes an outage in traffic until the adjacency is back up. That’s why you should specify the router-ID’s just incase loopback 0 gets added after OSPF is up and running, or deleted or something like that. I’ll show you that now. 

N9K-1(config)# router ospf 1
N9K-1(config-router)# router-id 1.1.1.1
N9K-1(config-router)# show ip ospf | include ID
 Routing Process 1 with ID 1.1.1.1 VRF default

Now I’ll do N9K-2.

N9K-2(config)# router ospf 1
N9K-2(config-router)# router-id 2.2.2.2
N9K-2(config-router)# show ip ospf | include ID
 Routing Process 1 with ID 2.2.2.2 VRF default

You can see that the OSPF router-ID is reflecting what was manually configured. Now if someone deletes loopback 0 or its IP address changes nothing happens to the OSPF router-ID and the adjacencies don’t flap. Next I’ll get N9K-2’s loopback 0 created and make sure the loopback 0 on both N9K’s are in OSPF. 

N9K-1(config)# int lo0
N9K-1(config-if)# ip router ospf 1 area 0 
N9K-2(config)# int lo0
N9K-2(config-if)# ip add 2.2.2.2/32
N9K-2(config-if)# ip router ospf 1 area 0 

I went under the loopback 0 interface on both N9K’s and used the ip router ospf 1 area 0 command. Remember there are no network statements in NX-OS. The N9K’s should know about eachothers loopback 0 network. I’ll use the show ip route ospf command to verify.

N9K-1# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF 

2.2.2.2/32, ubest/mbest: 1/0
    *via 10.0.12.2, Eth1/1, [110/41], 00:03:08, ospf-1, intra 
N9K-2# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF 

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.0.12.1, Eth1/1, [110/41], 00:04:58, ospf-1, intra

Excellent, both switches have a route for eachothers loopback. Let’s do a quick ping test to make sure the reachability is there. 

N9K-1# ping 2.2.2.2 source-interface loopback 0
PING 2.2.2.2 (2.2.2.2): 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=254 time=17.99 ms
64 bytes from 2.2.2.2: icmp_seq=1 ttl=254 time=12.154 ms
64 bytes from 2.2.2.2: icmp_seq=2 ttl=254 time=16.738 ms
64 bytes from 2.2.2.2: icmp_seq=3 ttl=254 time=13.336 ms
64 bytes from 2.2.2.2: icmp_seq=4 ttl=254 time=9.801 ms

--- 2.2.2.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 9.801/14.003/17.99 ms

And they do, perfect. That’s about it when it comes to configuring basic OSPF on nexus 9000’s. I showed you how to enable the OSPF feature, create the OSPF process, bring up an adjacency between two directly connected switches, advertise loopback networks and change the OSPF router-ID’s. I hope you found this tutorial helpful. If you have a question please let me know in the comments. Have a great day. 

Full Configs

Here are the full configs from all routers if you want to try it out yourself.

Discussion