OSPF is mostly used between a Core switch and downstream OSPF enabled devices like distribution switches, firewalls, etc. If the downstream device is connected via link aggregation to a Nexus vPC pair and vPC peer-gateway is configured, you will encounter OSPF adjacency flaps. This will not be noticed unless the OSPF adjacencies are monitored or debugged, so most engineers are not even aware that there is an underlying routing issue.
Example basic topology:
In the attached example, Switch A is connected via a PortChannel to the Nexus vPC. An OSPF adjacency will form between Switch A and Switch B, as well as Switch A and Switch C via SVI vlan 100, which is by design.
The problem arises when Switch A can also reach Switch B via Switch C across the vPC peer link. OSPF by default has a TTL of 1 which prevents devices more than 1 hop for establishing an adjacency. OSPF TTL’s are decremented each time an IP packet is forwarded by a switch so the OSPF packets initiated from Switch A will never be received by Switch B via Switch C causing flapping messages.
Nexus NX-OS introduced an enhancement to address this.
“layer3 peer-router” needs to be configured on the vPC pair. “layer3 peer-router” prevents the OSPF ttl from decrementing and therefore stabilizing the OSPF adjacencies.
Configuration Example:
vpc domain 1
peer-keepalive destination x.x.x.2 source x.x.x.x.1 vrf vpc-keepalive
peer-gateway
layer3 peer-router
NB** “peer-gateway” needs to be configured before layer3 peer-router
In conclusion, while OSPF is a widely used protocol for establishing adjacencies between core switches and downstream devices like distribution switches and firewalls, it can encounter issues when used with a Nexus vPC pair configured with peer-gateway. This configuration can lead to OSPF adjacency flaps that often go unnoticed without careful monitoring. The underlying issue arises due to the default OSPF TTL of 1, which prevents packets from traversing more than one hop. This problem can be mitigated by enabling the "layer3 peer-router" feature on the vPC pair, which prevents TTL decrement and stabilizes OSPF adjacencies. Proper configuration, as demonstrated in the example, ensures reliable OSPF operation in such network topologies.
LookingPoint offers multiple IT services if you’re interested. Want more information, give us a call! Please reach out to us at sales@lookingpoint.com and we’ll be happy to help!
Ryan Alibrando, Managed Services Team Lead