Forum Discussion
BGP stops advertising after upgrade
Hello ,
we have an LTM VE in a HA cluster . We have defined a couple of route domain (RD) and have enabled BGP/BFD for these route domains .
There is a BGP routing configuration present (imish -r RD) . In this configuration peer devices are defined , and by putting RHI (route health injection) we advertise our virtual servers towards these bgp peers .
The current setup is running on version 13.1.1.5 and is working since long time without any issue.
AS v13 is going end of life we tried to upgrade recently to v14.1.5.2 . The upgrade itself went smooth . New version was activated , all pools and virtual servers were present as before. Initially all looked ok .
When we checked out BGP peer (show ip bgp summary) we could see that the peering was established , again this looked ok . But when checking the advertised routes , no routes were being advertised .
"sh ip bgp neighbour x.x.x.x advertised-routes" --> showed no routes present , whereas before we had about 10 virtual servers being announced in v13
I'm aware of article https://cdn.f5.com/product/bugtracker/ID1031425.html concerning BGP advertising . But this is the case when you receive a route , and try to advertise it then from F5 (back to front advertising) .
In our case F5 is end device , and just announcing these virtual servers. So we are not receiving any BGP update and then sending these routes on .
IN the end we needed to rollback to v13 again , by booting from partition with old version . Once this was done all started working again including BGP .
Any idea what could be issue here ? (i've pasted our BGP config here below , it's quite basic)
we use a routemap for blocking incoming updates (DENY-ALL) and with routemap "KERNEL2BGP" we control which virtual servers we can advertise . (each ip we want to announce it mentioned in this routemap)
router bgp F5-AS
bgp router-id F5-selfIP
bgp always-compare-med
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
redistribute kernel route-map KERNEL2BGP
neighbor peer-IP remote-as "remote-as-nr"
neighbor peer-IP description "xxx"
neighbor peer-IP update-source selfip-address
neighbor peer-IP password "xxx"
neighbor peer-IP timers 3 9
neighbor peer-IP fall-over bfd
neighbor peer-IP next-hop-self
neighbor peer-IP soft-reconfiguration inbound
neighbor peer-IP route-map DENY-ALL in
Hi werner_verheyle ,
First you should take this TMOS Version v14.1.5.2 and open F5 Bug tracker web site and see all of it's Bugs , maybe you will find bug related to BGP or BFDs or Advertising routes.
Look at this : https://cdn.f5.com/product/bugtracker/ID1134057.html
I got it from Bug tracker , it's a bug related to V14.1.5.2.
> the other thing , you have to raise a case with F5 support , you may get hotfix to cover this issue.
Hi werner_verheyle ,
First you should take this TMOS Version v14.1.5.2 and open F5 Bug tracker web site and see all of it's Bugs , maybe you will find bug related to BGP or BFDs or Advertising routes.
Look at this : https://cdn.f5.com/product/bugtracker/ID1134057.html
I got it from Bug tracker , it's a bug related to V14.1.5.2.
> the other thing , you have to raise a case with F5 support , you may get hotfix to cover this issue.- werner_verheyleAltocumulus
thx , i'll open a case for this .
Just a remaining question , from bug report https://cdn.f5.com/product/bugtracker/ID1134057.html i can see this is also applicable on the version we use now ( v13.1.1.5 ) . So asking myself why we never encountered this before . Seems to be present in all version & only engineering hotfix will help
- werner_verheyleAltocumulus
will perform upgrade again on standby device in HA cluster , no spare LTM VE anymore at hand .
I've check RHI last night & indeed it was on selective after the upgrade . We changed it back to "when available" but this doesn't change anything .
upgrading changes a lot for BGP
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com