LTM with BGP route advertisement

Is the SNAT range attached to a VLAN? (In other words, does the F5 have an interface in that subnet?)

 

Yes, it is.

OK, so it should just get advertised without any specific work on your part. Is the SNAT related VLAN in the same Route Domain as the VLAN used to connect with the Cisco routers? Do any ACLs or Route Maps need to be adjusted on the Cisco side?

 

 

You might find this useful too for checking what's in the kernel routing table and what's advertised: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-2-0/4.htmlconceptid

 

Yes it is advertised, as soon as I disable BGP on one node, everthing is working. "show ip route kernel" shows all virtual servers and the host route for the SNAT IP Address as well. If I enable dynamic routing again, the virtual servers are still reachable but the SNAT is out of order. Apart from that, each time the device is rebooted it loses BGP from the routing domain.

 

Disable BGP on one node? Can you explain that in more detail please. Same for "the SNAT is out of order" - I assume you mean you can no longer see it in the output of the 'show ip route kernel'.

 

 

Regarding the reboots, do you mean the BGP module doesn't run automatically for that RD on system startup?

 

 

Lastly, what version are you running?

On Node 1 - Network ›› Route Domains ›› 0 -> remove BGP from Dynamic Routing Protocols -> update, after that SNAT and virtual adresses are working and reachable from the internet. I'm also able to ping from the internal network to hosts on the internet.

 

 

On node 2 - [0]sh ip route kern. shows me the virtual server routes including the SNAT address

 

 

On Node 1 - Network ›› Route Domains ›› 0 -> add BGP to Dynamic Routing Protocols -> update, virtual servers are still reachable (even when I force the node to standby) but no SNAT

 

 

Version 11.2.1

cisco 1 123.123.55.241

 

cisco 2 123.123.55.242

 

node 1 123.123.55.243

 

node 2 123.123.55.244

 

 

node 2 with bgp enabled only on that node

 

 

show ip bgp 123.123.55.208

 

BGP routing table entry for 123.123.55.208/28

 

Paths: (1 available, best 1, table Default-IP-Routing-Table)

 

Advertised to non peer-group peers:

 

123.123.55.241 123.123.55.242 123.123.55.243

 

Local

 

0.0.0.0 from 0.0.0.0 (192.168.1.4)

 

Origin IGP, localpref 100, weight 32768, valid, sourced, local, best

 

Last update: Mon Oct 15 13:03:04 2012

 

 

node 2 after enabling bgp also on node 1

 

 

show ip bgp 123.123.55.208

 

BGP routing table entry for 123.123.55.208/28

 

Paths: (2 available, best 2, table Default-IP-Routing-Table)

 

Advertised to non peer-group peers:

 

123.123.55.241 123.123.55.242 123.123.55.243

 

Local

 

123.123.55.243 from 123.123.55.243 (192.168.1.3)

 

Origin IGP metric 0, localpref 100, valid, internal

 

Last update: Mon Oct 15 16:48:03 2012

 

 

Local

 

0.0.0.0 from 0.0.0.0 (192.168.1.4)

 

Origin IGP, localpref 100, weight 32768, valid, sourced, local, best

 

Last update: Mon Oct 15 13:03:04 2012

 

and here the output from node 1

 

show ip bgp 123.123.55.208

 

BGP routing table entry for 123.123.55.208/28

 

Paths: (2 available, best 2, table Default-IP-Routing-Table)

 

Advertised to non peer-group peers:

 

123.123.55.241 91.241.55.242 91.241.55.244

 

Local

 

123.123.55.244 from 91.241.55.244 (192.168.1.4)

 

Origin IGP metric 0, localpref 100, valid, internal

 

Last update: Mon Oct 15 16:48:08 2012

 

 

Local

 

0.0.0.0 from 0.0.0.0 (192.168.1.3)

 

Origin IGP, localpref 100, weight 32768, valid, sourced, local, best

 

Last update: Mon Oct 15 16:48:02 2012

 

 

Both nodes shows the route as best path although the route is in the kernel table from node 1

 

 

sh ip route kernel

 

K 123.123.54.195/32 is directly connected, tmm0

 

K 123.123.54.196/32 is directly connected, tmm0

 

K 123.123.54.198/32 is directly connected, tmm0

 

K 123.123.54.199/32 is directly connected, tmm0

 

K 123.123.54.200/32 is directly connected, tmm0

 

K 123.123.54.201/32 is directly connected, tmm0

 

K 123.123.54.202/32 is directly connected, tmm0

 

K 123.123.54.203/32 is directly connected, tmm0

 

K 123.123.54.204/32 is directly connected, tmm0

 

K 123.123.54.205/32 is directly connected, tmm0

 

K 123.123.54.207/32 is directly connected, tmm0

 

K 123.123.54.208/32 is directly connected, tmm0

 

K 123.123.54.209/32 is directly connected, tmm0 <---- SNAT

 

K 123.123.54.210/32 is directly connected, tmm0

 

K 123.123.54.212/32 is directly connected, tmm0

 

K 123.123.54.213/32 is directly connected, tmm0

 

K 123.123.55.132/32 is directly connected, tmm0

 

K 123.123.55.133/32 is directly connected, tmm0

 

K 123.123.55.135/32 is directly connected, tmm0

 

K 123.123.55.136/32 is directly connected, tmm0

 

K 123.123.55.210/32 is directly connected, tmm0

 

K 123.123.55.211/32 is directly connected, tmm0

 

 

 

Are these devices in a HA pair, active/standby or completely independent? Are you using ConfigSync for the LTM configuration?

 

 

Do you have an IGP running too?

 

I take it the whole /28 is advertised to the Cisco routers. Do things look OK from that POV? Do they route to node 1 when BGP is enabled? Are they running an IGP?

 

Devices configured as an HA pair active / standby and yes the config is synced using the LTM GUI. No we don't have an IGP running, only BGP between these for devices. The config on the Ciscos looks fine.

And in any configuration, do the Cisco routers get the correct routes advertised? If there's no IGP I take it you've turned off synchronisation on the Cisco routers and you've configured next hop self? I'm far from a BGP expert so forgive me if the questions are way off field. Can you post the IMI configuration and also compare it between the two devices?

 

 

Also, did you change the SNAT Packet Forwarding setting you asked about earlier on both boxes, or check it's synchronised?