Configuring OSPF in Ubiquiti UniFi USG to work with NSX

In my home/home lab I use all Ubiquiti UniFi gear. I have a USG, 3 different switches and 2 AP’s. If you don’t know much about Ubiquiti UniFi gear, check it out here:

https://unifi-sdn.ubnt.com/

The USG or UniFi Security Gateway, is a pretty small device that provides routing and firewalling for your network. It’s extremely easy to setup and use which is great, but the downside is that it lacks a really good CLI interface which can cause some issues when you want to do something advanced that isn’t available through the UniFi GUI.

So how do we implement advanced settings? You can SSH into the USG and if you can figure out the weird CLI commands you can add or modify settings. The problem is these commands do not survive reboots or the re-provisioning of the USG that usually occurs after you make changes to your UniFi config. To make config changes that can survive reboots and re-provisioning we need to use a custom JSON file that gets picked up by the USG on reboot or re-provision. The big problem is that this JSON file is not very well documented, so let me share what I did.

In this example, we’ll be configuring OSPF in the USG so it will work with VMware NSX. I have also implemented DHCP relays so we can push some VLANs to use an InfoBlox (or another IPAM solution) instead of the USG for DHCP, and setup an L2TP VPN on my network so I can login and access my Lab from outside of my home. I’ll make separate posts about those 2 things later.

If you SSH into your USG and run “show configuration all” you can see the full configuration of your USG:

To enable OSPF, you can go into config mode on the USG and enter these commands.

NOTE: In this example, 192.168.48.X is my Default GW, 192.168.48.0/24 is my network being used by NSX, and 192.168.48.Y is my Uplink IP of my NSX Edge Gateway VM.

configure
set protocols ospf parameters router-id 192.168.48.X
set protocols ospf area 0 network 192.168.48.0/24
set protocols ospf neighbor 192.168.48.Y
set protocols ospf redistribute connected
set protocols ospf redistribute static
commit

Again, the problem is these commands won’t stick in the case of a USG re-provision or reboot. To do that we need to create the custom JSON file.

The custom JSON file will be called “config.gateway.json” and it should be uploaded to your UniFi Controller or Cloud Key in the following directory:

/srv/unifi/data/sites/default

In my case, to enable OSPF in my home lab, my config.gateway.json file looks like the below example. This JSON file doesn’t contain your entire configuration, only the things you want to change/add so if you only want to enable OSPF, your JSON file will only contain what’s shown below.

CAUTION: Be sure to double-check the syntax before you upload the file, all brackets must be closed and syntax must be correct or it could send your USG into a boot-loop. If this happens, remove the JSON file and reboot your USG and then check/fix the syntax and try again.

Again, 192.168.48.X is my Default GW for this network, 192.168.48.0/24 is my network being used by NSX, and 192.168.48.Y is my Uplink IP of my NSX Edge Gateway VM.

{
“protocols”: {
“ospf”: {
“area”: {
“0”: {
“network”: [
“192.168.48.0/24”
]
}
},
“neighbor”: {
“192.168.48.Y”: {
“poll-interval”: “60”,
“priority”: “0”
}
},
“parameters”: {
“abr-type”: “cisco”,
“router-id”: “192.168.48.X”
},
“redistribute”: {
“connected”: {
“metric-type”: “2”
},
“static”: {
“metric-type”: “2”
}
}
}
},
}

To verify if these changes worked you can run “show ip route” and you should see an entry that starts with “O” for OSPF. If you do not see this line then the config change was not successful. Check your files and try again, or you may just need to reboot the USG for it to pick up the changes.

You can also run “show configuration all” and as you go down through the config, you should see a new protocols section in there with the OSPF config. It took me a while to figure all this out, so hopefully this helps somebody out there!