A Beginner’s Guide to OSPF Setup in SD-WAN

Open Shortest Path First, or OSPF, is one of the most commonly used dynamic routing protocols in enterprise networks. As organizations shift toward software-defined networking technologies such as SD-WAN, it becomes critical to integrate traditional routing protocols into the modern fabric. This ensures continued communication with legacy devices, efficient route learning, and redundancy.

The integration of OSPF between SD-WAN edge devices (commonly referred to as vEdges) and traditional site routers allows dynamic routing data to propagate efficiently. It also simplifies network administration by reducing the need for static routes. This article provides a comprehensive guide to configuring OSPF between SD-WAN edge routers and site routers across four sample sites. Each site is uniquely addressed and includes multiple loopback interfaces to emulate internal networks.

The guide focuses on practical configuration and verification steps for enabling OSPF in a real or simulated environment. The instructions provided here are suitable for lab exercises, network engineers preparing for certifications, or professionals working on enterprise-grade network design and implementation.

Overview of Network Topology

The network topology used in this scenario includes four distinct site routers, each named Site-1 to Site-4. These routers connect to the SD-WAN fabric using their Ethernet0/0 interface. Each router is configured with three loopback interfaces to represent internal subnets. These loopbacks will be advertised using OSPF to simulate real-world traffic behavior across a WAN.

Each router is configured independently, but they all share the following configuration goals:

• Use Ethernet0/0 to connect to the vEdge device
  
  
• Assign loopback interfaces to simulate internal networks
  
  
• Enable OSPF area 0 on all interfaces
  
  
• Set loopbacks to OSPF network type point-to-point
  
  
• Use unique addressing to avoid conflicts
  
  
• Verify configuration using built-in router commands
  
  

This structure ensures that each site has the capacity to dynamically share routing information with others in the SD-WAN domain.

IP Addressing Plan for Site Routers

Below is the addressing scheme used for each of the four routers in this exercise. The IP schema is designed to maintain isolation and clarity between the sites.

Site-1:

• Ethernet0/0: 10.1.2.2 /24
  
  
• Loopback1: 10.1.11.1 /24
  
  
• Loopback2: 10.1.12.1 /24
  
  
• Loopback3: 10.1.13.1 /24

Site-2:

• Ethernet0/0: 172.16.5.2 /24
  
  
• Loopback1: 10.1.21.1 /24
  
  
• Loopback2: 10.1.22.1 /24
  
  
• Loopback3: 10.1.23.1 /24

Site-3:

• Ethernet0/0: 192.168.6.2 /24
  
  
• Loopback1: 10.1.31.1 /24
  
  
• Loopback2: 10.1.32.1 /24
  
  
• Loopback3: 10.1.33.1 /24

Site-4:

• Ethernet0/0: 172.16.7.2 /24
  
  
• Loopback1: 10.1.41.1 /24
  
  
• Loopback2: 10.1.42.1 /24
  
  
• Loopback3: 10.1.43.1 /24

This IP scheme keeps each site logically separated while maintaining a consistent pattern for easier administration.

Preparing Site-1 for OSPF Configuration

The configuration for Site-1 begins with basic interface setup. The Ethernet interface will connect to the vEdge, while loopbacks will be used for internal routing advertisements. The loopbacks are also configured with the point-to-point OSPF network type, which is required for ensuring full adjacency and consistent LSAs.

Begin with enabling the router and entering configuration mode. Set the hostname to Site-1 to help identify the router in monitoring systems and troubleshooting logs.

Assign the Ethernet0/0 interface its designated IP address and bring the interface up. Then configure the three loopback interfaces with their respective addresses and OSPF settings.

Finally, enable OSPF process 1 and define the networks that should participate in OSPF area 0. The wildcard mask 0.0.255.255 is used to capture all relevant subnets within the 10.1.0.0 range.

Once configured, use the interface summary and OSPF interface commands to verify that the interfaces are up and participating in OSPF.

Sample output should show all interfaces in the up state, with OSPF neighbor relationships forming where applicable.

Configuring Site-2 with OSPF

Move on to Site-2 and apply similar configurations using its unique IP address scheme. Begin by setting the hostname to Site-2 and configuring the Ethernet0/0 interface with its IP address. The three loopback interfaces are also configured using the point-to-point OSPF network type.

Once interfaces are ready, OSPF is enabled using process ID 1. Two network statements are defined:

• One for the directly connected Ethernet IP (172.16.5.2) with wildcard 0.0.0.0
  
  
• One for the loopback networks (10.1.0.0) with wildcard 0.0.255.255

These statements ensure that both internal loopback subnets and external WAN connections are advertised in OSPF.

After saving the configuration, use the same verification commands to check the interface and OSPF status. You should see all interfaces marked up and OSPF states such as P2P or BDR, indicating that OSPF is functioning properly.

Implementing OSPF at Site-3

For Site-3, repeat the configuration steps with a new set of IP addresses. The Ethernet interface is assigned 192.168.6.2, and three loopbacks are configured in the 10.1.31.0/24, 10.1.32.0/24, and 10.1.33.0/24 ranges.

Assign these addresses to the appropriate interfaces and configure each with point-to-point OSPF settings.

The OSPF configuration uses process ID 1 again and includes two network statements:

• One for the Ethernet range (192.168.0.0) with a wildcard mask of 0.0.255.255
  
  
• One for the loopback networks (10.1.0.0) with a wildcard mask of 0.0.0.255

These statements ensure full participation of Site-3 in the OSPF topology.

Use verification commands to confirm the status of all interfaces. Check that each loopback and the Ethernet interface show as up and that OSPF has successfully formed neighbor relationships where expected.

Setting Up Site-4 with OSPF

The final router in this topology is Site-4. Configuration steps are similar but involve a new address range. Set the hostname and assign 172.16.7.2 to Ethernet0/0. Loopbacks will be configured with IPs in the 10.1.41.0/24 to 10.1.43.0/24 ranges.

Each loopback must again be marked as a point-to-point OSPF network.

After interface configuration, enable OSPF using process ID 1 and include network statements:

• One for 172.16.7.2 with wildcard 0.0.0.0
  
  
• One for 10.1.0.0 with wildcard 0.0.255.255
  
  

This ensures both the WAN link and internal networks are advertised correctly.

Once configured, confirm that all interfaces show as up and that OSPF status is healthy. You may observe the Ethernet interface in a WAIT or DR state depending on how it interacts with the vEdge.

Verifying Connectivity and OSPF Adjacency

The most reliable way to confirm OSPF operation is by using a combination of interface summary and OSPF status commands. At each site, the following checks are recommended:

• Ensure all loopbacks have the correct IP address and are in the up state
  
  
• Confirm that Ethernet0/0 is up and has established OSPF adjacency
  
  
• Use the OSPF interface brief command to view the cost, state, and neighbor count

Expected states for loopbacks should be point-to-point with zero neighbors (as they are not connected to other routers). Ethernet interfaces may show DR, BDR, or WAIT states depending on their election process.

In production, use additional commands such as show ip route or show ip ospf neighbor to confirm dynamic route propagation.

Importance of Loopback Interfaces in Routing Design

Loopback interfaces play an important role in OSPF and overall routing design. Because they are logical interfaces, they remain up as long as the router is functioning. This makes them ideal for router IDs and for testing reachability in a dynamic routing protocol like OSPF.

By advertising loopbacks, you simulate internal networks and validate route learning across the WAN. This is a safe and effective method to test OSPF without needing physical end devices at each site.

Configuring loopbacks as point-to-point in OSPF also ensures faster convergence and simpler adjacency handling.

Benefits of Integrating OSPF in SD-WAN

Combining OSPF with SD-WAN edge devices offers a range of benefits:

• Seamless integration with legacy routers
  
  
• Automatic route redistribution between overlay and underlay
  
  
• Improved failover and path selection
  
  
• Easier scalability for large enterprise networks
  
  
• Centralized policy control without sacrificing dynamic routing

OSPF’s mature and robust behavior makes it a good candidate for deployment alongside SD-WAN technologies.

Common Troubleshooting Scenarios

If OSPF is not working as expected, consider the following checks:

• Ensure IP addresses are assigned correctly with the right subnet mask
  
  
• Confirm that interfaces are not administratively down
  
  
• Verify that OSPF network statements include the correct wildcard masks
  
  
• Make sure the OSPF network type is properly set on loopbacks
  
  
• Use debug OSPF commands for more insight (in lab environments only)

Even a single misconfiguration on an interface can prevent OSPF neighbor formation, so always verify line-by-line.

Configuring OSPF on vEdge Routers

Once OSPF is enabled and configured on the site routers, the next step is to configure OSPF on the corresponding vEdge devices. The goal is to ensure that OSPF adjacency forms correctly between the site router and the vEdge, allowing internal routes from each site to propagate into the SD-WAN fabric.

The Cisco SD-WAN (Viptela) architecture uses a slightly different configuration model compared to traditional IOS or IOS-XE devices. vEdges rely on templates, feature configurations, and centralized policies applied via vManage or CLI depending on deployment.

In this configuration, each vEdge will form an OSPF neighbor relationship with its directly connected site router over the Ethernet0/0 interface.

Interface Configuration on vEdge Devices

Each vEdge should be configured with an interface that connects to its local site router. That interface must be assigned an IP address in the same subnet as the site router’s Ethernet0/0 and be placed in VPN 0 for transport interfaces or VPN 1+ for service-side.

Example: For vEdge-1 connected to Site-1

This configuration ensures that the vEdge can communicate with the site router. After this, OSPF must be configured under the same VPN.

Enabling OSPF on vEdge

OSPF on vEdges must be configured per VPN. The OSPF process is defined along with router ID and interface-specific settings. OSPF is only supported on service VPNs (not VPN 0).

Ensure the router ID is unique and consistent across all vEdges. The area configuration here matches that of the site routers (area 0). Interface eth0 is included within area 0 to match the neighbor’s configuration.

Repeat this setup for each vEdge device and their corresponding interface/VPN.

Advertising Site LAN Subnets into OSPF

On the site routers, loopback interfaces are already part of OSPF. Once adjacency is established, these routes should automatically be learned by the vEdge. However, the vEdge must also be configured to redistribute OSPF routes into the SD-WAN fabric (OMP) so they can be advertised to other branches.

This redistribution is crucial because OMP acts as the overlay routing protocol for SD-WAN.

With this configuration, any routes learned through OSPF by the vEdge will be advertised into the overlay using OMP. Similarly, routes received via OMP can be redistributed into OSPF for use by the local site router.

Verifying OSPF Adjacency Between vEdge and Site Router

Once both the site router and the vEdge are configured, you can verify OSPF neighbor adjacency. Use the following commands on each side:

You should see a FULL state neighbor relationship. The OSPF adjacency status must be verified before proceeding to route advertisement validation.

If adjacency fails to form, verify the following:

• IP connectivity between vEdge and site router
  
  
• OSPF area mismatch
  
  
• MTU mismatches
  
  
• Interface being passive
  
  
• Authentication settings (if enabled)

Confirming Route Advertisement on vEdge

Once the OSPF neighbor relationship is stable, verify if the loopback subnets from the site router are visible on the vEdge.

sql

show ip route vpn 1

Check for entries like:

10.1.11.0/24 via 10.1.2.2

10.1.12.0/24 via 10.1.2.2

10.1.13.0/24 via 10.1.2.2

These confirm that the site subnets are being received over OSPF. You should also see them advertised into OMP:

sql

show omp routes

Each of these routes should appear in the output, which means they’re now accessible to other sites in the overlay.

OSPF Configuration Summary for All vEdges

vEdge-1

In vEdge-1, VPN 1 is configured with interface eth0 assigned the IP address 10.1.2.1/24 and set to no shutdown. OSPF is enabled with the router ID 1.1.1.1 under area 0, and interface eth0 is included in the process. OMP is configured to advertise OSPF routes.

vEdge-2

For vEdge-2, VPN 1 is set up with interface eth0 using the IP address 172.16.5.1/24 and marked as no shutdown. The OSPF configuration specifies router ID 2.2.2.2, operating under area 0 with interface eth0 included. OMP is enabled to advertise OSPF.

vEdge-3

In vEdge-3, VPN 1 has interface eth0 configured with the IP address 10.10.10.1/24 and no shutdown. The OSPF process runs with router ID 3.3.3.3, and interface eth0 is part of area 0. OMP is configured to advertise OSPF routes.

vEdge-4

For vEdge-4, VPN 1 includes interface eth0 assigned the IP address 172.16.20.1/24 with no shutdown. OSPF is configured with router ID 4.4.4.4 under area 0, and interface eth0 is added. OMP is enabled to advertise OSPF.

Key Considerations

Router IDs must always be unique across devices, and the correct interfaces should be properly included under OSPF to ensure seamless routing.

Loopback Reachability Testing

Once all configurations are complete and OSPF routes are visible in OMP, perform ping tests from one site router to the loopback interfaces of another site.

For example, from Site-1 router:

nginx

ping 10.2.11.1

ping 10.3.13.1

ping 10.4.12.1

Each ping should succeed, demonstrating that loopback subnets at each site are reachable through the SD-WAN fabric, traversing OSPF to OMP and back to OSPF.

Common Issues and Troubleshooting Tips

If loopback subnets are not reachable, or OSPF neighbors aren’t forming correctly, consider the following troubleshooting steps.

Interface Mismatches

Make sure the interface on the vEdge is in the correct VPN and is up. Verify IP addresses and connectivity.

OSPF Configuration Errors

Double-check area numbers, router IDs, and interface activation in OSPF. A common error is forgetting to include an interface in the OSPF area.

OMP Not Advertising

If loopback routes are seen on the vEdge but not in other sites, confirm OMP is advertising them.

OMP Not Redistributed into OSPF

If remote sites cannot reach each other’s loopbacks, the issue might be redistribution into OSPF on the remote vEdge. Make sure OMP routes are being redistributed back.

And check for remote loopback subnets.

Advantages of Using OSPF with vEdge

Implementing OSPF between site routers and vEdge devices allows for smooth migration and hybrid deployments. Some of the key benefits include:

• Dynamic route advertisement of LAN subnets
  
  
• Reduced static configuration burden
  
  
• Automatic failover with OSPF convergence
  
  
• Compatibility with existing enterprise routing topologies
  
  
• Redistribution flexibility using route policies

Additionally, OSPF provides scalability in multi-site SD-WAN deployments, especially in environments where redistribution of dynamic routes into the overlay is needed.

Route Filtering and Policy Considerations

In production environments, it’s not always desirable to advertise every local subnet into the SD-WAN fabric. Route policies can be used to filter which prefixes are advertised into OMP or accepted from it.

On vEdges, route policies can be applied to:

• Limit loopback advertisements into OMP
  
  
• Restrict which OMP routes are redistributed into OSPF
  
  
• Perform route summarization
  
  
• Implement tagging for better control

Policies are typically created in vManage and pushed via centralized templates.

OSPF-vEdge Configuration Workflow

1. Configure OSPF on the site router.
   
   
2. Add LAN subnets (loopbacks) to OSPF.
   
   
3. Assign IP to the connected interface on the vEdge under the correct VPN.
   
   
4. Enable OSPF on the vEdge under the same VPN.
   
   
5. Include the interface in the OSPF area.
   
   
6. Redistribute OSPF into OMP.
   
   
7. Redistribute OMP into OSPF if remote prefixes are needed locally.
   
   
8. Verify neighbor status, routing tables, and connectivity.

Once this process is completed across all sites, each branch router can reach every other branch’s internal subnets dynamically, and the full mesh connectivity becomes active.

Understanding OSPF Route Exchange Between vEdges and Site Routers

After OSPF is configured on both vEdges and site routers, the next crucial step is to ensure that routing information is successfully exchanged. This ensures that all internal networks (such as the loopbacks representing internal subnets) are reachable from across the SD-WAN fabric. This phase is where dynamic routing starts delivering its true value by enabling seamless communication between remote sites without static configuration.

OSPF works by exchanging Link-State Advertisements (LSAs), which contain information about the router’s interfaces, neighbor relationships, and the cost of reaching various networks. When vEdges are configured correctly to participate in the same OSPF process as the site routers, they begin forming OSPF adjacencies and exchanging these LSAs. These LSAs are then used to build a routing table with optimal paths.

The verification of OSPF peerings is essential. Site routers should detect vEdges as OSPF neighbors, and vice versa. Moreover, the loopback addresses from each site should be dynamically advertised through OSPF and become reachable from other locations.

Common Reasons for OSPF Neighbor Failures

Even when configurations appear to be correct, OSPF peering might fail. Understanding the potential causes can save valuable troubleshooting time.

One common cause is mismatched OSPF Hello and Dead intervals. Both routers in a peer relationship must use the same timing values for these intervals. Another issue might be mismatched authentication settings. If one device is using OSPF authentication and the other is not, the adjacency will not form.

Interface mismatches can also prevent OSPF from functioning. If a vEdge is connected to a site router on a different interface than expected or if the interface is administratively down, the adjacency will fail. The interface must be up and belong to the same OSPF area for communication to take place.

Lastly, incorrect network statements may prevent certain networks from being included in OSPF advertisements. If the interface connected to the neighbor is not included in the OSPF process, no Hello packets will be sent, and the neighbor relationship won’t form.

Verifying OSPF Adjacencies and Routes

Once configurations are in place, the focus shifts to verification. Several key indicators help confirm that OSPF is functioning as intended.

First, check the OSPF neighbor relationships. Each site router should have an adjacency with the connected vEdge. This confirms that Hello packets are being exchanged, and the OSPF state machine has reached the full state.

Next, confirm that routes to remote loopback addresses have been populated in the routing tables. For instance, if Site-1’s router has a loopback of 10.1.11.1, routers at Site-2, Site-3, and Site-4 should be able to reach that address dynamically without static routes.

If routes are missing, verify whether the loopback interfaces are active and included in OSPF advertisements. Also, ensure that the connected vEdge is redistributing OSPF routes into the SD-WAN overlay and vice versa.

Finally, check connectivity through pings or traceroutes. A successful ping from Site-2’s router to Site-1’s loopback confirms not just routing, but also end-to-end reachability.

Redistribution Between OSPF and SD-WAN Overlay

SD-WAN networks operate with a central controller that manages route distribution across all vEdges. For internal LAN routes to reach the overlay and propagate across the SD-WAN fabric, redistribution must be enabled.

Redistribution is the process of injecting routes from one routing domain into another. In this context, it means redistributing OSPF-learned routes into the SD-WAN overlay so that other vEdges can learn about them. Similarly, overlay routes should be redistributed into OSPF so that connected site routers can access remote networks.

This step is vital. Without redistribution, the OSPF process will function locally, but remote routers will remain unaware of networks in other branches. Each vEdge serves as the bridge between the OSPF domain and the SD-WAN fabric.

It is also important to avoid routing loops during redistribution. Loop prevention techniques like route-maps, prefix-lists, or administrative distance tuning can be implemented to ensure routing remains accurate and efficient.

Optimizing OSPF Areas for Scalability

OSPF is a link-state routing protocol that uses areas to segment routing domains and reduce overhead. While the lab or initial setup might place all devices in a single area (often Area 0), in large deployments, it is best practice to design multiple areas.

Using different OSPF areas reduces the size of the link-state database on each router, improving performance. It also allows for hierarchical routing designs, where a backbone area (Area 0) connects to other areas.

In SD-WAN environments, vEdges can act as Area Border Routers (ABRs), connecting branch areas to the backbone or to each other. This makes them critical points in the OSPF topology, controlling how routes flow between areas and into the SD-WAN overlay.

When implementing multiple areas, careful planning is needed. Every non-backbone area must connect to Area 0, either directly or through virtual links. Loopback interfaces may be advertised into OSPF with specific metrics to reflect their use for services or management.

High Availability and OSPF

High availability is essential in enterprise networks. OSPF supports fast convergence and redundant paths, making it suitable for resilient routing designs.

Within the SD-WAN environment, vEdges can be deployed in pairs to ensure failover capability. OSPF should be configured to detect link failures quickly and reroute traffic through alternate paths. The use of loopback interfaces for routing rather than physical interfaces can enhance stability and minimize the impact of hardware failures.

Designing the network with multiple vEdges per site and redundant uplinks ensures that no single point of failure disrupts communication. In such scenarios, OSPF’s rapid detection and rerouting capabilities become crucial. Features like BFD (Bidirectional Forwarding Detection) can be enabled to enhance failure detection speed.

In conjunction with SD-WAN’s centralized control, these OSPF mechanisms help ensure always-on connectivity, even in complex network topologies.

Best Practices for Enterprise Deployments

As organizations scale their SD-WAN deployments and integrate traditional routing protocols, certain best practices ensure stability, performance, and ease of management.

Keep the OSPF area design simple. Use Area 0 for small networks, but consider multiple areas for complex topologies to improve manageability. Assign loopback interfaces with unique, structured IP addresses that reflect site IDs or geographical data. This makes route identification easier during troubleshooting.

Use passive interfaces for loopbacks and other interfaces that do not need to form adjacencies. This reduces unnecessary Hello packets and CPU usage.

Enable route summarization at ABRs to minimize the number of advertised routes and maintain cleaner routing tables. Summarization also helps in isolating issues and speeding up convergence.

Implement route filtering to control which prefixes are advertised. This avoids unnecessary propagation of private or temporary routes.

Document all OSPF configurations thoroughly. Use meaningful process IDs, interface descriptions, and network comments to make future maintenance easier.

Finally, always validate configurations in a staging environment before deploying changes in production. This helps catch errors early and minimizes service disruption.

Monitoring and Troubleshooting OSPF in SD-WAN

Once the integration is complete and operational, continuous monitoring ensures the network remains healthy.

Monitor OSPF adjacency states to detect any unexpected changes. Sudden neighbor loss could indicate link failures, misconfigurations, or resource constraints.

Track routing tables for completeness and accuracy. Unexpected route changes might point to redistribution issues or incorrect summarization.

Use network management tools or controllers provided by SD-WAN vendors to visualize OSPF topologies, detect anomalies, and receive alerts. Metrics such as OSPF neighbor uptime, Hello intervals, LSA refresh rates, and CPU usage are valuable indicators of performance.

When troubleshooting, isolate the issue by checking interfaces, OSPF configurations, and logs. A systematic approach to testing connectivity and route propagation helps resolve problems quickly.

It is also helpful to keep a baseline of known-good OSPF operations. Comparing current states with historical data can reveal gradual degradation or pinpoint the impact of recent changes.

Conclusion

Integrating OSPF with SD-WAN is a strategic step in modern network architectures. It allows enterprises to preserve the reliability and dynamic routing capabilities of traditional protocols while embracing the flexibility and scalability of software-defined networking.

Through thoughtful configuration, route redistribution, proper area design, and continuous monitoring, OSPF can be effectively deployed between vEdges and site routers. This creates a resilient, scalable, and efficient network that meets the demands of distributed enterprises.

While the concepts can be complex, especially when combining traditional and modern systems, a well-structured approach based on best practices ensures success. With dynamic routing in place, enterprises gain the confidence that their networks will adapt, grow, and recover—without constant manual intervention.

This unified approach to routing opens the door to automation, enhanced visibility, and improved performance across all locations, truly fulfilling the promise of SD-WAN.