Forum Discussion
CirrusF5 BGP Peering in Active /Standby Cluster
Hi I was able to advertise routes by declaring a floating Ip for the bgp peering subnet self ips and attaching it to default traffic group , rest F5 takes care of advertising routes only via floating ip on both active and standby
AltocumulusThis could be an approach for controlling pool member subnet advertisements:
Create a static route to null0 for your pool member subnet:
text
tmsh create net route b.b.b.b/subnet_mask interface null0
Configure BGP aggregate-address in imish:
text
router bgp YOUR_ASN
aggregate-address b.b.b.b/subnet_mask
Enable kernel route redistribution instead of connected routes:
text
router bgp YOUR_ASN
redistribute kernel
no redistribute connected
Control route advertisement using route-maps to filter based on device state:
Create a prefix-list for pool member subnets:
text
ip prefix-list POOL_MEMBERS seq 10 permit b.b.b.b/subnet_mask
Create route-maps with conditional logic:
text
route-map EXPORT_TO_ACI permit 10
match ip address prefix-list POOL_MEMBERS
set metric 100 ! Lower metric on active, higher on standby
route-map EXPORT_TO_ACI permit 20
Apply route-map to BGP neighbors:
text
router bgp YOUR_ASN
neighbor ACI_PEER_IP route-map EXPORT_TO_ACI out
If you cannot suppress routes entirely, manipulate BGP attributes to prefer the active device:
On Active Device:
text
route-map ACTIVE_DEVICE permit 10
match ip address prefix-list POOL_MEMBERS
set metric 50
set local-preference 200
On Standby Device:
text
route-map STANDBY_DEVICE permit 10
match ip address prefix-list POOL_MEMBERS
set metric 200
set local-preference 100
Ensure your floating self-IPs and virtual addresses are properly associated with traffic groups. This is critical for proper route advertisement behavior:
text
tmsh modify ltm virtual-address b.b.b.b/32 traffic-group traffic-group-1
tmsh modify ltm virtual-address b.b.b.b/32 route-advertisement selective
Configure identical BGP settings on both devices, but let the HA mechanism control which routes are actually advertised:
text
tmsh modify net route-domain 0 routing-protocol add { BGP }
Regular monitoring commands to verify proper behavior:
bash
# Check BGP advertised routes
show ip bgp neighbors X.X.X.X advertised-routes
# Verify kernel routes (should differ between active/standby)
show ip route kernel
# Check traffic group status
tmsh show cm traffic-group
The aggregate-address with null0 approach is the most reliable method to achieve your goal. It leverages F5's HA mechanisms to ensure only the active device advertises pool member routes while maintaining proper failover behavior. This solution aligns with F5's design principles and provides the cleanest routing behavior for your Cisco ACI integration.
CirrusHi, thanks for the brief explanation. I tried adding the route for null0 but since I have declared the selfip(will be used for pool member health check) and floating ip address (which acts as gateway for Pool Member subnet b.b.b.b ) it tries to deny because of an implied route present due to Self IP being configured for the pool member subnet.
I am successfully able to achieve the TMM route being injected for External Subnet a.a.a.a which will be used for VIP but when it comes to Pool member subnet or Internal Subnet b.b.b.b , the route is being advertised by both active and standby through redistribute connected. I tried with conditional prefixing but to advertise route metrics is a good idea when we dont have auto failover configured for the devices.
How will that play a role when we have traffic failover done and the previous standby device takes over the active role then it will absolutely have a lower metrics configured for the route and traffic will still flow through previous active device.
How will it help in case of traffic failover, is there a key metric which can increase the metric of route in case of traffic failover.
On Active Device:
text
route-map ACTIVE_DEVICE permit 10
match ip address prefix-list POOL_MEMBERS
set metric 50
set local-preference 200
On Standby Device:
text
route-map STANDBY_DEVICE permit 10
match ip address prefix-list POOL_MEMBERS
set metric 200
set local-preference 100
