Table of Contents
- Introduction to Dynamic Routing in NSX-T
- OSPF in NSX-T: Step-by-Step Deep Dive
- Topology and Process Flow
- Configuration Steps
- Verification (CLI, PowerShell, Python)
- Troubleshooting Common Issues
- Real-World Use Cases
- BGP in NSX-T: Step-by-Step Deep Dive
- Topology and Process Flow
- Configuration Steps
- Verification (CLI, PowerShell, Python)
- Troubleshooting Common Issues
- Real-World Use Cases
- Route Redistribution in NSX-T
- Concepts and Design
- Configuration Walkthrough
- Verification and Troubleshooting
- OSPF vs. BGP: Comparison, Use Cases, and Hybrid Design Patterns
- Troubleshooting Dynamic Routing in NSX-T: Deep Dive
- OSPF Neighbor Issues
- BGP Route Flap Analysis
- Redistribution Pitfalls
- Best Practices and Gotchas
- Conclusion
1. Introduction to Dynamic Routing in NSX-T
Dynamic routing protocols allow NSX-T environments to adapt to network changes in real time. OSPF and BGP automate path selection, improve failover, and support hybrid data centers.
NSX-T 4.x supports:
- OSPF (Open Shortest Path First) – primarily for north-south connectivity with physical networks
- BGP (Border Gateway Protocol) – for large-scale multi-tenant routing, multi-site, and edge-to-edge scenarios
- Route Redistribution – for seamless exchange between protocol domains (e.g., static to OSPF/BGP, and vice versa)
NSX-T uses the Tier-0 and Tier-1 Gateway model. Dynamic routing is typically configured on Tier-0 for external connectivity and on Tier-1 for internal routing.
2. OSPF in NSX-T: Step-by-Step Deep Dive
OSPF Topology Diagram
OSPF Neighbor Establishment Flow
Configuration Steps
1. Enable OSPF on Tier-0 Gateway
set logical-router <Tier0-ID> routing ospf enabled
2. Configure OSPF Areas and Interfaces
Set-NsxLogicalRouter -Id $Tier0 -OspfEnabled $true
Add-NsxOspfArea -LogicalRouterId $Tier0 -AreaId "0.0.0.0"
Set-NsxOspfInterface -LogicalRouterId $Tier0 -InterfaceId $IfId -AreaId "0.0.0.0"
3. Set OSPF Parameters (Priority, Authentication, etc.)
import requests
headers = {"Authorization": "Bearer <token>"}
ospf_payload = {
"ospf_enabled": True,
"areas": [{"area": "0.0.0.0"}],
"interfaces": [{"interface_id": "<IfId>", "area": "0.0.0.0"}]
}
requests.patch("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/ospf", json=ospf_payload, headers=headers)
Verification
CLI
get logical-router <Tier0-ID> ospf neighbors
PowerShell
Get-NsxOspfNeighbor -LogicalRouterId $Tier0
Python (API)
response = requests.get("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/ospf/neighbors", headers=headers)
print(response.json())
Troubleshooting Common OSPF Issues
| Symptom | Cause | Fix |
|---|---|---|
| Down/Init State | MTU mismatch, IP wrong | Match MTU, check addressing |
| No Adjacency | Area mismatch, auth fail | Check area ID, passwords |
| Flapping | Network instability, timers | Tune hello/dead intervals |
CLI Commands:
get logical-router <Tier0-ID> ospf interface
get logical-router <Tier0-ID> ospf database
Real-World OSPF Use Cases
- Single data center, simple north-south routing to campus or WAN
- Environments requiring fast convergence (OSPF is quicker than BGP for LAN)
- Legacy OSPF environments integrating with NSX-T
3. BGP in NSX-T: Step-by-Step Deep Dive
BGP Topology Diagram
BGP Neighbor Establishment Flow
Configuration Steps
1. Enable BGP on Tier-0
set logical-router <Tier0-ID> routing bgp enabled
2. Configure Local ASN and Peers
Set-NsxLogicalRouter -Id $Tier0 -BgpEnabled $true -Asn 65002
Add-NsxBgpNeighbor -LogicalRouterId $Tier0 -IpAddress "10.1.1.1" -RemoteAsn 65001
3. Set BGP Parameters (Multipath, Graceful Restart, etc.)
bgp_payload = {
"enabled": True,
"local_as_num": 65002,
"neighbors": [
{"ip_address": "10.1.1.1", "remote_as_num": 65001}
]
}
requests.patch("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/bgp", json=bgp_payload, headers=headers)
Verification
CLI
get logical-router <Tier0-ID> bgp neighbors
PowerShell
Get-NsxBgpNeighbor -LogicalRouterId $Tier0
Python (API)
response = requests.get("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/bgp/neighbors", headers=headers)
print(response.json())
Troubleshooting Common BGP Issues
| Symptom | Cause | Fix |
|---|---|---|
| Idle/Active state | Peer unreachable, firewall blocks | Verify reachability, port 179 |
| Not Established | ASN mismatch, auth fail, timers | Check ASN, passwords, timers |
| Route Missing | Prefix filters, export policy error | Check route maps, redistribution |
CLI Commands:
get logical-router <Tier0-ID> bgp routes
get logical-router <Tier0-ID> bgp neighbor
Real-World BGP Use Cases
- Multi-site NSX-T deployments needing scalable, policy-driven routing
- Integration with public cloud (AWS, Azure) or external MPLS/WAN
- Multi-tenant environments where route leaking and control are needed
4. Route Redistribution in NSX-T
Redistribution Scenario Diagram
Concepts and Design
Route redistribution enables NSX-T gateways to exchange routes between static, OSPF, and BGP domains. This is crucial for hybrid or migration environments.
Configuration Walkthrough
1. Define Redistribution Rules
set logical-router <Tier0-ID> routing redistribution rule add <rule>
2. Map Route Types to Protocols
Add-NsxRedistributionRule -LogicalRouterId $Tier0 -From "connected" -To "ospf"
Add-NsxRedistributionRule -LogicalRouterId $Tier0 -From "ospf" -To "bgp"
3. Specify Filters and Priorities
redistribution_payload = {
"rules": [
{"from": "connected", "to": "bgp"},
{"from": "ospf", "to": "bgp"}
]
}
requests.patch("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/redistribution", json=redistribution_payload, headers=headers)
Verification and Troubleshooting
CLI
get logical-router <Tier0-ID> routing redistribution
PowerShell
Get-NsxRedistributionRule -LogicalRouterId $Tier0
Python (API)
response = requests.get("https://<nsxt-mgr>/api/v1/logical-routers/<Tier0-ID>/routing/redistribution", headers=headers)
print(response.json())
Common Pitfalls
- Missing or misconfigured rule order
- Filtering out necessary prefixes
- Feedback loops (route re-injection)
5. OSPF vs. BGP: Comparison, Use Cases, and Hybrid Patterns
| Criteria | OSPF | BGP |
|---|---|---|
| Convergence | Fast | Slower, depends on scale |
| Scalability | Limited to campus/DC | Very high, Internet-scale |
| Policy Control | Basic | Extensive (route maps, filters) |
| Use Case | LAN, simple DC routing | WAN, multi-tenant, cloud, hybrid |
| Hybrid | OSPF for LAN, BGP for WAN | Both for seamless integration |
Hybrid Example:
- Use OSPF between NSX-T and internal routers, BGP for cloud or WAN. Use route redistribution for translation.
6. Troubleshooting Dynamic Routing in NSX-T: Deep Dive
OSPF Neighbor Issues
- MTU mismatches: Check interface configs on both sides.
- Authentication errors: Ensure matching MD5/plaintext keys.
- Area mismatches: Both routers must be in the same OSPF area.
BGP Route Flap Analysis
- Unstable links: Monitor interface errors, packet loss.
- TCP resets: Inspect NSX-T and external device logs.
- Policy misconfiguration: Check import/export route-maps.
Redistribution Pitfalls
- Missing routes: Validate redistribution rules and filters.
- Feedback loops: Avoid re-injecting routes into same protocol.
- Overlapping prefixes: Prioritize filters and rules.
<a name=”best-practices”></a>
7. Best Practices and Gotchas
- Always document OSPF and BGP peerings and parameters.
- Use route-maps and filters to prevent unwanted route propagation.
- Validate all changes in a test lab before production.
- Monitor neighbor and route status regularly with scripts.
- Leverage API/Python automation for regular route checks.
8. Conclusion
Dynamic routing is essential for scalable, resilient NSX-T networks. OSPF provides quick LAN convergence and legacy integration, while BGP unlocks scale, policy, and cloud connectivity. Route redistribution bridges protocol domains, but must be configured carefully to avoid leaks and loops. Always verify, monitor, and automate your route validation for optimal uptime.
Disclaimer: The views expressed in this article are those of the author and do not represent the opinions of VMwware, my employer or any affiliated organization. Always refer to the official VMWare documentation before production deployment.