OSPF Configuring
Configuring OSPF
The NetScaler supports Open Shortest Path First (OSPF) Version 2 (RFC 2328). The features of OSPF on the NetScaler are:
- If a vserver is active, the host routes to the vserver can be injected into the routing protocols.
- OSPF can run on any subnet.
- Route learning advertised by neighboring OSPF routers can be disabled on the NetScaler.
- The NetScaler can advertise Type-1 or Type-2 external metrics for all routes.
- The NetScaler can advertise user-specified metric settings for VIP routes. For example, you can configure a metric per VIP without special route maps.
- You can specify the OSPF area ID for the NetScaler.
- The NetScaler supports not-so-stubby-areas (NSSAs). An NSSA is similar to an OSPF stub area but allows injection of external routes in a limited fashion into the stub area. To support NSSAs, a new option bit (the N bit) and a new type (Type 7) of Link State Advertisement (LSA) area have been defined. Type 7 LSAs support external route information within an NSSA. An NSSA area border router (ABR) translates a type 7 LSA into a type 5 LSA that is propagated into the OSPF domain. The OSPF specification defines only the following general classes of area configuration:
- Type 5 LSA: Originated by routers internal to the area are flooded into the domain by AS boarder routers (ASBRs).
- Stub: Allows no type 5 LSAs to be propagated into/throughout the area and instead depends on default routing to external destinations.
After enabling OSPF, you need to configure advertisement of OSPF routes. For troubleshooting, you can limit OSPF propagation. You can display OSPF settings to verify the configuration.
Enabling and Disabling OSPF
To enable or disable OSPF, you must use either the NetScaler command line or the NetScaler GUI. When OSPF is enabled, the NetScaler starts the OSPF process. When OSPF is disabled, the NetScaler stops the OSPF routing process.
To enable or disable OSPF routing by using the NetScaler command line:
At the command prompt, type one of the following commands:
-
enable ns feature OSPF
-
disable ns feature OSPF
To enable or disable OSPF routing by using the NetScaler GUI:
- Navigate to System > Settings, in Modes and Features group, click Change advanced features.
- Select or clear the OSPF Routing option.
Advertising OSPF Routes
OSPF enables an upstream router to load balance traffic between two identical virtual servers hosted on two standalone NetScaler appliances. Route advertising enables an upstream router to track network entities located behind the NetScaler.
To configure OSPF to advertise routes by using the VTYSH command line:
At the command prompt, type the following commands, in the order shown:
Command | Specifies |
---|---|
VTYSH | Display VTYSH command prompt. |
configure terminal | Enters global configuration mode. |
router OSPF | Start OSPF routing process and enter configuration mode for the routing process. |
network A.B.C.D/M area <0-4294967295> | Enable routing on an IP network. |
redistribute static | Redistribute static routes. |
redistribute kernel | Redistribute kernel routes. |
Example:
>VTYSH
NS# configure terminal
NS(config)# router OSPF
NS(config-router)# network 10.102.29.0/24 area 0
NS(config-router)# redistribute static
NS(config-router)# redistribute kernel
Limiting OSPF Propagations
If you need to troubleshoot your configuration, you can configure listen-only mode on any given VLAN.
To limit OSPF propagation by using the VTYSH command line:
At the command prompt, type the following commands, in the order shown:
Command | Specifies |
---|---|
VTYSH | Display VTYSH command prompt. |
configure terminal | Enter global configuration mode. |
router OSPF | Start OSPF routing process and enters configuration mode for the routing process. |
passive-interface < vlan_name> | Suppress routing updates on interfaces bound to the specified VLAN. |
Example:
>VTYSH
NS# configure terminal
NS(config)# router OSPF
NS(config-router)# passive-interface VLAN0
Verifying the OSPF Configuration
You can display current OSPF neighbors, and OSPF routes.
To view the OSPF settings by using the VTYSH command line:
At the command prompt, type the following commands, in the order shown:
Command | Specifies |
---|---|
VTYSH | Display VTYSH command prompt. |
sh OSPF neighbor | Displays current neighbors. |
sh OSPF route | Displays OSPF routes. |
Example:
>VTYSH
NS# sh ip OSPF neighbor
NS# sh ip OSPF route
Configuring Graceful Restart for OSPF
In a non-INC high availability (HA) setup in which a routing protocol is configured, after a failover, routing protocols are converged and routes between the new primary node and the adjacent neighbor routers are learned. Route learning take some time to complete. During this time, forwarding of packets is delayed, network performance might get disrupted, and packets might get dropped.
Graceful restart enables an HA setup during a failover to direct its adjacent routers to not remove the old primary node’s learned routes from their routing databases. Using the old primary node’s routing information, the new primary node and the adjacent routers immediately start forwarding packets, without disrupting network performance.
To configure graceful restart for OSPF by using the VTYSH command line, at the command prompt, type the following commands, in the order shown:
Command | Example | Command Description |
---|---|---|
VTYSH | VTYSH | Enters VTYSH command prompt. |
configure terminal | NS# configure terminal | Enters global configuration mode. |
router-id <id> | NS(config)# router-id 1.1.1.1 | Sets a router identifier for the NetScaler appliance. This identifier is set for all the dynamic routing protocols. The same ID must be specified in the other node in a high availability set up for graceful restart to work properly in the HA setup. |
ospf restart grace-period <1-1800> | NS(config)# ospf restart grace-period 170 | Specifies the grace period, in seconds, for which the routes are to be preserved in the helper devices. Default value: 120 seconds. |
ospf restart helper max-grace-period <1-1800> | NS(config)# ospf restart helper max-grace-period 180 | This is an optional command to limit the maximum grace period for which the NetScaler appliance will be in the helper mode. If the NetScaler appliance receives an opaque LSA with grace-period greater than the set helper max-grace-period, the LSA is discarded and the NetScaler is not placed in helper mode. |
router ospf | NS(config)# router ospf | Starts OSPF routing process and enter configuration mode for the routing process. |
network A.B.C.D/M area <0-4294967295> | NS(config-router)# network 192.0.2.0/24 area 0 | Enables routing on an IP network. |
capability restart graceful | NS(config-router)# capability restart graceful | Enables graceful restart on the OSPF routing process. |
redistribute kernel | NS(config-router)# redistribute kernel | Redistributes kernel routes. |
------------------------------
Troubleshooting OSPF-Specific Issues
Before you start debugging any OSPF specific issue, you must collect information from the Citrix ADC appliance and all systems in the affected LAN, including upstream and downstream routers. To begin, enter the following commands:
- show interface from both nscli and VTYSH
- show ip ospf interface
- show ip ospf neighbor detail
- show ip route
- show ip ospf route
-
show ip ospf database summary
- If there are only few LSAs in the database, then enter show ip ospf database router, show ip ospf database A. network, show ip ospf database external, and other commands to get the full details of LSAs.
- If there are a large number of LSAs in the database, enter the show ip ospf database self-originated command.
- show ip ospf
- show ns ip. This ensures that the details of all VIPs of interest are included.
-
Get the logs from peering devices and run the following command:
COPYgcore -s -c xyz.core /netscaler/ospfd <pid>
Note: The gcore command is non-disruptive.
Collect additional information from the Citrix ADC as follows:
-
Enable logging of error messages by entering the following command from the global configuration view in VTYSH:
COPYns(config)# log file /var/ospf.log
-
Enable debugging ospf events and log them by using the following command:
COPYns(config) #log file /var/ospf.log
Enable debug ospf lsa packet only if the number of LSAs in the database is relatively small (< 500).
-----------------------------
Generic Routing FAQs
Users typically have the following questions about how to troubleshoot generic routing issues:
-
How do I save the config files?
The write command from VTYSH saves only ZebOS.conf. Run the save ns config command from CLI to save both ns.conf and ZebOS.conf files.
-
If I have configured both a static default route and a dynamically learned default route, which is the preferred default route?
The dynamically learned route is the preferred default route. This behavior is unique to default routes. However, in case of the Network Services Module (NSM), unless the administrative distances are modified, a statically configured route in the RIB is preferred over a dynamic route. The route that is downloaded to the NSM FIB is the static route.
-
How do I block the advertisement of default routes?
The default route is not injected into ZebOS.
-
How do I view the debug output of networking daemons?
You can write debugging output from networking daemons to a file by entering the following log file command from the global configuration view in VTYSH:
COPYns(config)# log file /var/ZebOS.log
You can direct debug output to the console by entering the terminal monitor command from VTYSH user view:
COPYns# terminal monitor
-
How do I collect cores of running daemons?
You can use the gcore utility to collect cores of running daemons for processing by gdb. This might be helpful in debugging misbehaving daemons without bringing the whole routing operation to a standstill.
COPYgcore [-s] [-c core] [executable] pid
The -s option temporarily stops the daemon while gathering the core image. This is a recommended option, because it guarantees that the resulting image shows the core in a consistent state.
COPYroot@ns#gcore -s -c nsm.core /netscaler/nsm 342
-
How do I run a batch of ZebOS commands?
You can run a batch of ZebOS commands from a file by entering the VTYSH -f <file-name> command. This does not replace the running configuration, but appends to it. However, by including commands to delete the existing configuration in the batch file and then add those for the new, desired configuration, you can use this mechanism to replace a specific configuration:
COPY! router bgp 234 network 1.1.1.1 255.255.255.0 ! route-map bgp-out2 permit 10 set metric 9900 set community 8602:300 !
================= End