Using the OSPF screen in the vCloud Director tenant portal, you can configure the Open Shortest Path First (OSPF) routing protocol for the dynamic routing capabilities of your advanced edge gateway. A common application of OSPF on an edge gateway in a vCloud Director environment is to exchange routing information between edge gateways in vCloud Director.

About this task

The NSX edge gateway supports OSPF, an interior gateway protocol that routes IP packets only within a single routing domain. As described in the NSX Administration Guide, configuring OSPF on an NSX edge gateway enables the edge gateway to learn and advertise routes. The edge gateway uses OSPF to gather link state information from available edge gateways and construct a topology map of the network. The topology determines the routing table presented to the Internet layer, which makes routing decisions based on the destination IP address found in IP packets.

As a result, OSPF routing policies provide a dynamic process of traffic load balancing between routes of equal cost. An OSPF network is divided into routing areas to optimize traffic flow and limit the size of routing tables. An area is a logical collection of OSPF networks, routers, and links that have the same area identification. Areas are identified by an Area ID.


A Router ID must be configured . Specify Default Routing Configurations for the Edge Gateway.

To use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must be converted to an advanced edge gateway. You can do this on the edge gateway in the vCloud Director Web console or from the tenant portal. For details on performing this step from the tenant portal, see Convert an Edge Gateway to an Advanced Edge Gateway.


  1. Launch Edge Gateway Services by completing the following steps.
    1. Click Network > Edge Gateway.
    2. Select the edge gateway to edit, and click Configure Services.

      The tenant portal opens Edge Gateway Services.

  2. Navigate to Routing > OSPF.
  3. If OSPF is not currently enabled, use the OSPF Enabled toggle to enable it.
  4. Configure the OSPF settings according to your organization's needs.



    Enable Graceful Restart

    Specifies that packet forwarding is to remain uninterrupted when OSPF services are restarted.

    Enable Default Originate

    Allows the edge gateway to advertise itself as a default gateway to its OSPF peers.

    At this point, you can click Save changes or continue with configuring area definitions and interface mappings.

  5. Add an OSPF area definition to the on-screen table by clicking the + icon, specifying details for the mapping in the dialog box, and then clicking Keep.

    By default, the system configures a not-so-stubby area (NSSA) with area ID of 51, and this area is automatically displayed in the area definitions table on the OSPF screen. You can modify or delete this NSSA area if it does not meet your organization's needs.



    Area ID

    Type an area ID in the form of an IP address or decimal number.

    Area Type

    Select Normal or NSSA.

    NSSAs prevent the flooding of AS-external link-state advertisements (LSAs) into NSSAs. They rely on default routing to external destinations. As a result, NSSAs must be placed at the edge of an OSPF routing domain. NSSA can import external routes into the OSPF routing domain, thereby providing transit service to small routing domains that are not part of the OSPF routing domain.

    Area Authentication

    Area Authentication Value

    Select the type of authentication for OSPF to perform at the area level.

    All edge gateways within the area must have the same authentication and corresponding password configured. For MD5 authentication to work, both the receiver and transmitter must have the same MD5 key.

    Choices are:

    • None, the default value. No authentication is required.

    • Password. With this choice, the password you specify in the Area Authentication Value field is included in the transmitted packet.

    • MD5. With this choice, the authentication uses MD5 (Message Digest type 5) encryption. An MD5 checksum is included in the transmitted packet. Type the Md5 key into the Area Authentication Value field.

  6. Click Save changes, so that the newly configured area definitions are available for selection when you add interface mappings.
  7. Add an interface mapping to the on-screen table by clicking the + icon, specifying details for the mapping in the dialog box, and then clicking Keep.

    These mappings map the edge gateway's interfaces to the areas.

    1. In the dialog box, select the interface you want to map to an area definition.

      The interface specifies the external network that both edge gateways are connected to.

    2. Select the area ID for the area to map to the selected interface.
    3. (Optional) Change the OSPF settings from the default values to customize them for this interface mapping.

      When configuring a new mapping, the default values for these settings are displayed. In most cases, it is recommended to retain the default settings. If you do change the settings, make sure that the OSPF peers use the same settings.



      Hello Interval

      Interval (in seconds) between hello packets that are sent on the interface.

      Dead Interval

      Interval (in seconds) during which at least one hello packet must be received from a neighbor before that neighbor is declared down.


      Priority of the interface. The interface with the highest priority is the designated edge gateway router router.


      Overhead required to send packets across that interface. The cost of an interface is inversely proportional to the bandwidth of that interface. The larger the bandwidth, the smaller the cost.

    4. Click Keep.
  8. Click Save changes in the OSPF screen.

What to do next

Configure OSPF on the other edge gateways that you want to exchange routing information with.

Add a firewall rule that allows traffic between the OSPF-enabled edge gateways. See Add an Edge Gateway Firewall Rule Using the Tenant Portal for information.

Make sure that the route redistribution and firewall configuration allow the correct routes to be advertised. See Configure Route Redistribution Using the Tenant Portal.