F5 BGP Peering in Active /Standby Cluster

Try this:

Restructure the network so pool member subnet is NOT directly connected to F5:

bash

# Remove the directly connected self-IP from pool member VLAN tmsh delete net self <pool-member-selfip> # Create a static route to reach pool members via another gateway tmsh create net route pool-members-route network b.b.b.b/24 gw <gateway-ip> # Now create virtual address with RHI for the subnet tmsh create ltm virtual-address b.b.b.b/24 route-advertisement selective

With this approach:

Pool member subnet is no longer "directly connected"
RHI will work because F5 can generate kernel routes
Only active device will advertise the route

Since you can't use RHI, configure different BGP attributes based on HA role:

bash

# Create scripts that modify BGP route-maps based on HA status # On standby device - prepend AS path to make routes less preferred route-map STANDBY_SUPPRESS permit 10 match ip address pool-subnet-acl set as-path prepend <YOUR-AS> <YOUR-AS> <YOUR-AS> route-map STANDBY_SUPPRESS permit 20 # Apply to redistribution on standby only router bgp <AS> redistribute kernel route-map STANDBY_SUPPRESS

Move pool member VLAN to a dedicated traffic group:

bash

# Create dedicated traffic group for pool member subnet tmsh create cm traffic-group pool-members-tg # Assign pool member VLAN to the traffic group tmsh modify net vlan pool-member-vlan traffic-group pool-members-tg # Configure traffic group failover preferences tmsh modify cm traffic-group pool-members-tg ha-order { device1 device2 }

The most feasible solution would be removing the direct connection to the pool member subnet so RHI can function properly, or implementing AS-path manipulation with automation to adjust based on HA state changes.

I saw this behaviour being confirmed by F5 documentation on reddit: here