ArubaOS-CX, OSPFv2 Configuration

OSPF configuration is simple on Aruba, with a few simple differences between OS-CX and Cisco’s approach. Once both configured though, the two vendors equipment works very well, just as expected.

For clarity, to confirm the current OSPF state we can check to see if it is running. I’ve checked both the Default VRF and the FWTEST VRF whose configuration is explained here.

ArubaOS-CX# sh ip ospf
OSPF Process is not running on VRF default.
ArubaOS-CX# sh ip ospf vrf FWTEST
OSPF Process is not running on VRF FWTEST.
ArubaOS-CX# 

Initially in this example we will configure OSPFv2 to run in the FWTEST VRF, whilst leaving the Default VRF as it is. To start the process, we need to define OSPF

ArubaOS-CX# 
ArubaOS-CX# conf t
ArubaOS-CX(config)# router ospf 
  <1-63>  Specify the OSPF Process ID 
ArubaOS-CX(config)# router ospf 39 
  vrf   VRF Instance. 
  <cr>  
ArubaOS-CX(config)# router ospf 39 vrf FWTEST
ArubaOS-CX(config-ospf-39)# router ospf 39 vrf FWTEST

Much like the Cisco CLI, you can use the ? to show command help as appropriate. Here for example, we can see that Aruba use 6-bits to store the process ID. The process ID is only locally significant and good practise would be to use different process ID’s for each VRF. In testing though ArubaOS-CX does appear to allow you to use the same number for default and another VRF. I was surprised that it didn’t seem to break anything, but going forward I will use separate IDs. Here I chose 39 and specified which VRF it applied to.

We then go on to specify a router-id and other operating behaviours we need.

ArubaOS-CX(config-ospf-39)# 
ArubaOS-CX(config-ospf-39)# router-id 192.168.40.30
ArubaOS-CX(config-ospf-39)# reference-bandwidth 40000
ArubaOS-CX(config-ospf-39)# passive-interface default
ArubaOS-CX(config-ospf-39)# redistribute connected
ArubaOS-CX(config-ospf-39)# area 0.0.0.40
ArubaOS-CX(config-ospf-39)# 

At this stage, we do not have any ospf interfaces attached to the vhf FWTEST.

ArubaOS-CX# sh ip ospf vrf FWTEST
Routing Process 39 with ID : 192.168.40.30 VRF FWTEST
------------------------------------------------------


OSPFv2 Protocol is enabled
Graceful-restart is configured
Restart Interval: 120, State: inactive
Last Graceful Restart Exit Status: none
SPF: Start Time: 200ms, Hold Time: 1000ms, Max Wait Time: 5000ms
Maximum Paths to Destination: 4
Number of external LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 NSSA
Number of active areas is 0, 0 normal, 0 stub, 0 NSSA
BFD is disabled
Reference Bandwidth: 40000 Mbps
Area (0.0.0.40) (Inactive)
  Interfaces in this Area: 0 Active Interfaces: 0 
  Passive Interfaces: 0 Loopback Interfaces: 0 
  SPF calculation has run 1 times
  Area ranges: 
  Number of LSAs: 0, checksum sum 0 


ArubaOS-CX#
ArubaOS-CX# sh ip ospf interface vrf FWTEST
OSPF Interface is not attached to VRF FWTEST.
ArubaOS-CX# 

So next we need to attach at least one interface, the area were are attaching to is already defined above, if it isn’t defined you will get an error.

ArubaOS-CX# conf t
ArubaOS-CX(config)# interface vlan999 
ArubaOS-CX(config-if-vlan)#                             
           config-if-vlan)# ip ospf 39 area 0.0.0.40                         
ArubaOS-CX(config-if-vlan)# no ip ospf passive              
ArubaOS-CX(config-if-vlan)# 

For a basic configuration that the config that’s required. We are not running VRF-lite, with a Cisco 4500 as a neighbour. We can see from our routing table all is well.

ArubaOS-CX# sh ip ro vrf FWTEST


Displaying ipv4 routes selected for forwarding


'[x/y]' denotes [distance/metric]


0.0.0.0/0, vrf FWTEST 
        via  172.31.255.129,  [110/114],  ospf
172.31.255.240/28, vrf FWTEST 
        via  vlan998,  [0/0],  connected
172.31.255.192/28, vrf FWTEST 
        via  loopback99,  [0/0],  connected
172.31.255.128/28, vrf FWTEST 
        via  vlan999,  [0/0],  connected
172.31.255.4/30, vrf FWTEST 
        via  172.31.255.129,  [110/64],  ospf
172.31.255.12/30, vrf FWTEST 
        via  172.31.255.129,  [110/44],  ospf
172.31.255.8/30, vrf FWTEST 
        via  172.31.255.129,  [110/54],  ospf
172.31.255.0/30, vrf FWTEST 
        via  172.31.255.129,  [110/84],  ospf
172.31.255.130/32, vrf FWTEST 
        via  vlan999,  [0/0],  local
172.31.255.193/32, vrf FWTEST 
        via  loopback99,  [0/0],  local
172.31.255.241/32, vrf FWTEST 
        via  vlan998,  [0/0],  local


ArubaOS-CX#  

As you would expect for a standards based protocol, it just works !

Finally just for reference, this was all done on an 6300 running AribaOS-CX FL.10.04.0030

ArubaOS-CX, VRF Configuration

Adding the basics of a VRF configuration to an ArubaOS-CX is both simple, and very similar to other vendors platforms. In the example below we are adding a VRF called FWTEST and assigning two SVI’s to it along with a Loopback.

First we can see what VRFs are already configured, in this case none:

ArubaOS-CX# show vrf
VRF Configuration:
------------------
VRF Name   : default
        Interfaces             Status
        -----------------------------
        vlan1                    up
        vlan254                  up

ArubaOS-CX#

Then define the VRF, including the route distinguisher.

ArubaOS-CX# conf t
ArubaOS-CX(config)# vrf FWTEST
ArubaOS-CX(config-vrf)# rd 10:39
ArubaOS-CX(config-vrf)#

Ensure that any VLANs that require SVI’s in the new VRF are defined. If not we need to create them.

ArubaOS-CX(config-vrf)# vlan 998
ArubaOS-CX(config-vlan-998)# name FWTEST_Clients
ArubaOS-CX(config-vlan-998)# vlan 999
ArubaOS-CX(config-vlan-999)# name FWTEST_L3
ArubaOS-CX(config-vlan-999)# 

Configure the required SVIs and any other layer 3 interfaces, in our case Loopback 99.

ArubaOS-CX(config)# # interface vlan998
ArubaOS-CX(config-if-vlan)# vrf attach FWTEST
ArubaOS-CX(config-if-vlan)# ip address 172.31.255.241/28
ArubaOS-CX(config-if-vlan)# 
ArubaOS-CX(config-if-vlan)# interface vlan999
ArubaOS-CX(config-if-vlan)# vrf attach FWTEST
ArubaOS-CX(config-if-vlan)# ip address 172.31.255.130/28
ArubaOS-CX(config-if-vlan)# 
ArubaOS-CX(config-if-vlan)# interface loopback 99
ArubaOS-CX(config-loopback-if)# vrf attach FWTEST
ArubaOS-CX(config-loopback-if)# ip address 172.31.255.193/28
ArubaOS-CX(config-loopback-if)# 

Now if we check the VRFs on the switch, we can see our new SVIs and the Lo99 are all attached to the VRF FWTEST.

 
ArubaOS-CX# show vrf
VRF Configuration:
------------------
VRF Name   : default
        Interfaces             Status
        -----------------------------
        vlan1                    up
        vlan254                  up


VRF Name   : FWTEST
        Interfaces             Status
        -----------------------------
        loopback99               up
        vlan998                  up
        vlan999                  up


ArubaOS-CX# 

Finally, we can check the FWTEST routing table. This shows us the routes for the attached networks we have just defined. No other routes are shown as we are not going any routing with other devices yet.

ArubaOS-CX# 
ArubaOS-CX# sh ip ro vrf FWTEST

Displaying ipv4 routes selected for forwarding

'[x/y]' denotes [distance/metric]

172.31.255.240/28, vrf FWTEST 
        via  vlan998,  [0/0],  connected
172.31.255.192/28, vrf FWTEST 
        via  loopback99,  [0/0],  connected
172.31.255.128/28, vrf FWTEST 
        via  vlan999,  [0/0],  connected
172.31.255.130/32, vrf FWTEST 
        via  vlan999,  [0/0],  local
172.31.255.193/32, vrf FWTEST 
        via  loopback99,  [0/0],  local
172.31.255.241/32, vrf FWTEST 
        via  vlan998,  [0/0],  local

ArubaOS-CX# 

Next we can go on to configure OSPF

Finally just for reference, this was all done on an 6300 running AribaOS-CX FL.10.04.0030

ArubaOS-CX VSF

Aruba VSF (Virtual Switch Framework) on the Aruba CX line of switches provides the ability to manage a number of switches (upto 10 from memory) as a single virtual network node. This simple How-To gives a quick overview of an addition and removal of a switch to/from a stack. There is lots of official documentation available, and may well be other methods, but this works fine for me.

Adding a switch to an existing stack

When adding a new switch, boot the new switch up and configure it as switch 1 with the appropriate type and links.

6300-New# show run vsf
!
vsf member 1
 type jl665a
 link 1 1/1/49
 link 2 1/1/50
!

On the existing stack, provision the new switch with appropriate number type and links. In this example we are adding switch 3 to the existing stack.

6300-Stack# show run vsf
!
vsf member 1
 type jl665a
 link 1 1/1/49
 link 2 1/1/50
vsf member 2
 type jl665a
 link 1 2/1/49
 link 2 2/1/50
vsf member 3
 type jl665a
 link 1 3/1/49
 link 2 3/1/50
!

We can check to confirm the VSF member is defined correctly and isn’t currently present as shown for switch 3 below.

6300-Stack# sh vsf de
VSF Stack
MAC Address : 88:3a:30:97:dd:c0
Secondary : 2
Topology : chain
Status : No Split
Split Detection Method : None
Software Version : FL.10.04.0030


Name : Aruba-VSF-6300
Contact : "Network Team"
Location :


Member ID : 1
MAC Address : 88:3a:30:97:dd:c0
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Master
ROM Version : FL.01.05.0003
Serial Number : SG9XXXKX8B
Uptime : 16 hours, 21 minutes
CPU Utilization : 17%
Memory Utilization : 20%
VSF Link 1 : Down
VSF Link 2 : Up, connected to peer member 2, link 1


Member ID : 2
MAC Address : 88:3a:30:99:d6:40
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Standby
ROM Version : FL.01.05.0003
Serial Number : SG9XXKXX8X
Uptime : 15 hours, 52 minutes
CPU Utilization : 5%
Memory Utilization : 11%
VSF Link 1 : Up, connected to peer member 1, link 2
VSF Link 2 : Down


Member ID : 3
MAC Address :
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Not Present
ROM Version :
Serial Number :
Uptime :
CPU Utilization : 0%
Memory Utilization :
VSF Link 1 : Down
VSF Link 2 : Down


6300-Stack#

Install new switch in rack etc and connect cables etc. On the new switch issue the renumber from 1 (standalone) to 3 which is our planned stack number.

6300-New#
6300-New# conf
6300-New(config)# vsf renumber-to 3
This will save the VSF configuration and reboot the switch.
Do you want to continue (y/n)? y


2020/01/01 09:07:30 Registration with Credential Manager successful or deferred.
2020/01/01 09:07:30 Encrypt value in User table in password column ,
2020/01/01 09:07:30 Ignoring ssh_host_keygen_requested in system table to be saved in config

Switch will reboot and should join the stack assuming the cables are all patched etc.

Once the switch has rebooted, the VSF status can be checked as shown below.

6300-Stack# sh vsf de
VSF Stack
MAC Address : 88:3a:30:97:dd:c0
<<<SNIP>>>
Name : Aruba-VSF-6300
Contact : "Network Team"
Location :


Member ID : 1
MAC Address : 88:3a:30:97:dd:c0
<<<SNIP>>>
VSF Link 1 : Up, connected to peer member 3, link 2
VSF Link 2 : Up, connected to peer member 2, link 1


Member ID : 2
MAC Address : 88:3a:30:99:d6:40
<<<SNIP>>>
VSF Link 1 : Up, connected to peer member 1, link 2
VSF Link 2 : Up, connected to peer member 3, link 1


Member ID : 3
MAC Address : 88:3a:30:98:cf:00
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : OS Version Mismatch
ROM Version :
Serial Number :
Uptime :
CPU Utilization : 0%
Memory Utilization :
VSF Link 1 : Up, connected to peer member 2, link 2
VSF Link 2 : Up, connected to peer member 1, link 1link 2 1/1/50

However as you can see the OS is miss-matched, the new switch will be upgraded / downgraded and be rebooted automagically.

6300-Stack# sh vsf de
VSF Stack
MAC Address : 88:3a:30:97:dd:c0
<<<SNIP>>>
Name : Aruba-VSF-6300
Contact : "Network Team"
Location :


Member ID : 1
MAC Address : 88:3a:30:97:dd:c0
<<<SNIP>>>
VSF Link 1 : Down
VSF Link 2 : Up, connected to peer member 2, link 1


Member ID : 2
MAC Address : 88:3a:30:99:d6:40
<<<SNIP>>>
VSF Link 1 : Up, connected to peer member 1, link 2
VSF Link 2 : Down


Member ID : 3
MAC Address :
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Not Present
ROM Version :
Serial Number :
Uptime :
CPU Utilization : 0%
Memory Utilization :
VSF Link 1 : Down
VSF Link 2 : Down


6300-Stack#

After new switch is booted, the VSF will show connected with details.

6300-Stack# sh vsf de
VSF Stack
MAC Address : 88:3a:30:97:dd:c0
Secondary : 2
Topology : ring
Status : No Split
Split Detection Method : None
Software Version : FL.10.04.0030


Name : Aruba-VSF-6300
Contact : "Network Team"
Location :


Member ID : 1
MAC Address : 88:3a:30:97:dd:c0
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Master
ROM Version : FL.01.05.0003
Serial Number : SG9XXXKX8B
Uptime : 16 hours, 27 minutes
CPU Utilization : 4%
Memory Utilization : 20%
VSF Link 1 : Up, connected to peer member 3, link 2
VSF Link 2 : Up, connected to peer member 2, link 1


Member ID : 2
MAC Address : 88:3a:30:99:d6:40
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Standby
ROM Version : FL.01.05.0003
Serial Number : SG9XXKXX8X
Uptime : 15 hours, 58 minutes
CPU Utilization : 6%
Memory Utilization : 11%
VSF Link 1 : Up, connected to peer member 1, link 2
VSF Link 2 : Up, connected to peer member 3, link 1


Member ID : 3
MAC Address : 88:3a:30:98:cf:00
Type : JL665A
Model : 6300F 48-port 1GbE Class 4 PoE and 4-port SFP56 Switch
Status : Member
ROM Version : FL.01.05.0003
Serial Number : SG9XKXXX8V
Uptime : under a minute
CPU Utilization : 0%
Memory Utilization : 8%
VSF Link 1 : Up, connected to peer member 2, link 2
VSF Link 2 : Up, connected to peer member 1, link 1


6300-Stack#

Other commands available show the connectivity within the stack.

6300-Stack# sh vsf topol
Mstr Stdby
+---+      +---+      +---+
| 1 | 1==2 | 3 | 1==2 | 2 |
+---+      +---+      +---+
  2                     1
  +=====================+


6300-Stack# sh vsf link

VSF Member 1

Link Peer Peer
Link State Member Link Interfaces
---- ---------- ------- ------ ---------------------------
1 up 3 2 1/1/49
2 up 2 1 1/1/50



VSF Member 2

Link Peer Peer
Link State Member Link Interfaces
---- ---------- ------- ------ ---------------------------
1 up 1 2 2/1/49
2 up 3 1 2/1/50



VSF Member 3

Link Peer Peer
Link State Member Link Interfaces
---- ---------- ------- ------ ---------------------------
1 up 2 2 3/1/49
2 up 1 1 3/1/50


6300-Stack#

Interestingly if you connect a USB console to anything other than the stack master, you can log in, but only with local account. Tacacs etc only appear to function on the stack master. I suspect this will be fixed in a later version of code as this appears to be the opposite of the expected desired behaviour.

Finally just for reference, this was all done on an 6300 running AribaOS-CX FL.10.04.0030