Here are the steps to configure OSPF routing between ACI fabric and an external router. The part on the external router is not mentioned in this blog post, since I focus here only on ACI.
If our network design involves BGP Route Reflectors, then we need to have a BGP Route Reflector Policy set before configuring external OSPF routed network.
We also need to have the same MTU size on both ends of the OSPF segment, either by setting it to 1500 Bytes on the border leaf, or by setting it to 9000 Bytes on the external router.
Our network design here dictates that the tenant has its own L3out block.
Configure OSPF Interface Policy and OSPF Interface Timer Policy
When we decide to configure the L3 Out on a particular tenant, then OSPF must be configured under that tenant.
Go to the tenant –> Policies –> Protocol –> OSPF –> OSPF Interface –> Create OSPF Interface Policy
This is the new configuration path. In older ACI versions, it was Tenant -> Networking -> Protocol Policies -> OSPF.
We will associate this OSPF Interface Policy with the created External Network later.
Similarly we can configure the OSPF Timer Policy under the tenant –> Policies –> Protocol –> OSPF –> OSPF Timers.
Configure a VLAN Pool
see my blog post on VLAN Pools first.
Configure a static allocation for VLAN Pool that defines the VLAN ID on the leaf port between ACI fabric and the external router:
It will be a one-VLAN range.
Configure an Interface Policy Group
Configure an Interface Profile
Configure a Switch Profile and associate it with the Interface Policy Group
Configure a L3 Domain (aka External Routed Domain)
Configure an AAEP and associate it with the created L3 Domain and the created Interface Policy Group
Configure an External Routed Network under the Tenant
Once we activate OSPF as the peering protocol, a new set of parameters appear. Notice that the default OSPF area type is NSSA:
Now we create the OSPF Interface Profile. In general, please do not confuse a protocol Interface Profile (configured solely within an External Routed Network object) with a fabric Interface Profile access policy.
To configure the protocol Interface Profile (in our case OSPF), click on the “+” sign near OSPF Interface Profiles:
We associate our OSPF Interface Profile to our previously created OSPF Interface Policy:
We select which type of L3 interface we will run OSPF onto.
Click OK and return back to the menu Create Interface Profile
Click OK and return back to the menu Create Node Profile
OK to return back to the L3 Routed Outside menu. We see now that the Node and Interface Protocol Profile field is filled:
Now we are going to define the external subnets, aka the subnets that constitute the external EPG:
These are the subnets that are allowed to be visible to the fabric. Click Next.
We manually add the individual external subnets:
At this point we should have established an OSPF adjacency between ACI border leaf and the external router. We can test the connectivity between the internal and external subnets by deactivating VRF enforcement temporarily and issuing Ping or whatever.
Defining a Contract Between the External EPG and an Internal EPG
Up to this point there is still no communication allowed between the fabric internal subnets and the external subnets. Remember that every communication in ACI is ruled by contracts and here is no exception. So we define the internal EPG to provide the contract and the external EPG to consume it.