Forum Discussion
frank_thyes_309
Nimbostratus
NimbostratusLTM with BGP route advertisement
One more question to the group. Two Cisco router and a pair of LTMs in a dual homed environment. Each Cisco has it's own uplink. All four devices communicate internal using iBGP, virtual servers are correctly advertised and the failover is working as expected. Each time I enable bgp in the route domain on both devices, the routing is screwed up, the virtual server is correctly advertised but i.e my snat adress is not.
Could anyone help here?
Best
Frank
17 Replies
frank_thyes_309Yes the cisco gets the correct routes advertised. Synchronisation is turned off by default in that IOS version. Each Cisco uses next hop self. Here is the whole config.
node 1
router bgp 12345
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
network 123.123.54.0/23
network 123.123.54.0/26
network 123.123.54.64/26
network 123.123.54.128/26
network 123.123.54.192/26
network 123.123.55.0/26
network 123.123.55.64/27
network 123.123.55.96/27
network 123.123.55.128/27
network 123.123.55.160/27
network 123.123.55.160/28
network 123.123.55.176/28
network 123.123.55.192/28
network 123.123.55.208/28
network 123.123.55.209/32
network 123.123.55.224/28
network 123.123.55.240/28
redistribute kernel
neighbor 123.123.55.241 remote-as 12345
neighbor 123.123.55.241 next-hop-self
neighbor 123.123.55.241 capability graceful-restart
neighbor 123.123.55.242 remote-as 12345
neighbor 123.123.55.242 capability graceful-restart
neighbor 123.123.55.244 remote-as 12345
neighbor 123.123.55.244 capability graceful-restart
!
ip route 70.72.6.200/30 123.123.55.241
ip route 70.231.161.80/30 123.123.55.242
!
node 2
router bgp 12345
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
network 123.123.54.0/23
network 123.123.54.0/26
network 123.123.54.64/26
network 123.123.54.128/26
network 123.123.54.192/26
network 123.123.55.0/26
network 123.123.55.64/27
network 123.123.55.96/27
network 123.123.55.128/27
network 123.123.55.160/27
network 123.123.55.160/28
network 123.123.55.176/28
network 123.123.55.192/28
network 123.123.55.208/28
network 123.123.55.209/32
network 123.123.55.224/28
network 123.123.55.240/28
redistribute kernel
neighbor 123.123.55.241 remote-as 12345
neighbor 123.123.55.241 capability graceful-restart
neighbor 123.123.55.242 remote-as 12345
neighbor 123.123.55.242 capability graceful-restart
neighbor 123.123.55.243 remote-as 12345
neighbor 123.123.55.243 capability graceful-restart
!
ip route 70.72.6.200/30 123.123.55.241
ip route 70.231.161.80/30 123.123.55.242
cisco 1
router bgp 12345
bgp log-neighbor-changes
network 123.123.54.0 mask 255.255.254.0
network 123.123.54.0 mask 255.255.255.192
network 123.123.54.64 mask 255.255.255.192
network 123.123.54.128 mask 255.255.255.192
network 123.123.54.192 mask 255.255.255.192
network 123.123.55.0 mask 255.255.255.192
network 123.123.55.64 mask 255.255.255.224
network 123.123.55.96 mask 255.255.255.224
network 123.123.55.128 mask 255.255.255.224
network 123.123.55.160 mask 255.255.255.224
network 123.123.55.160 mask 255.255.255.240
network 123.123.55.176 mask 255.255.255.240
network 123.123.55.192 mask 255.255.255.240
network 123.123.55.208 mask 255.255.255.240
network 123.123.55.224 mask 255.255.255.240
network 123.123.55.240 mask 255.255.255.240
neighbor 70.72.6.201 remote-as 5656
neighbor 70.72.6.201 route-map prepend out
neighbor 70.72.6.201 filter-list 1 out
neighbor 123.123.55.242 remote-as 12345
neighbor 123.123.55.243 remote-as 12345
neighbor 123.123.55.243 next-hop-self
neighbor 123.123.55.244 remote-as 12345
!
ip forward-protocol nd
!
ip as-path access-list 1 permit ^$
!
no ip http server
no ip http secure-server
ip route 2.2.2.2 255.255.255.255 GigabitEthernet0/0
ip route 70.231.161.80 255.255.255.252 123.123.55.242
ip route 123.123.54.0 255.255.254.0 Null0
ip route 123.123.55.176 255.255.255.240 GigabitEthernet0/0
cisco 2
router bgp 12345
bgp log-neighbor-changes
bgp default local-preference 150
network 123.123.54.0 mask 255.255.254.0
network 123.123.54.0 mask 255.255.255.192
network 123.123.54.64 mask 255.255.255.192
network 123.123.54.128 mask 255.255.255.192
network 123.123.54.192 mask 255.255.255.192
network 123.123.55.0 mask 255.255.255.192
network 123.123.55.64 mask 255.255.255.224
network 123.123.55.96 mask 255.255.255.224
network 123.123.55.128 mask 255.255.255.224
network 123.123.55.160 mask 255.255.255.224
network 123.123.55.160 mask 255.255.255.240
network 123.123.55.176 mask 255.255.255.240
network 123.123.55.192 mask 255.255.255.240
network 123.123.55.208 mask 255.255.255.240
network 123.123.55.224 mask 255.255.255.240
network 123.123.55.240 mask 255.255.255.240
neighbor 70.231.161.81 remote-as 1111
neighbor 70.231.161.81 filter-list 1 out
neighbor 123.123.55.241 remote-as 12345
neighbor 123.123.55.243 remote-as 12345
neighbor 123.123.55.243 next-hop-self
neighbor 123.123.55.244 remote-as 12345
neighbor 123.123.55.244 next-hop-self
!
ip forward-protocol nd
!
ip as-path access-list 1 permit ^$
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 GigabitEthernet0/0
ip route 70.72.6.200 255.255.255.252 123.123.55.241
ip route 123.123.54.0 255.255.254.0 Null0
ip route 123.123.55.176 255.255.255.240 GigabitEthernet0/0
cisco 1
snat address
show ip bgp 123.123.55.209
BGP routing table entry for 123.123.55.209/32, version 11073552
Paths: (2 available, best 2, table default)
Advertised to update-groups:
6
Refresh Epoch 1
Local
123.123.55.243 from 123.123.55.243 (192.168.1.3)
Origin IGP, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
Local
123.123.55.244 from 123.123.55.244 (192.168.1.4)
Origin IGP, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
cisco 1
some virtual server
show ip bgp 123.123.55.210
BGP routing table entry for 123.123.55.210/32, version 11079429
Paths: (1 available, best 1, table default)
Advertised to update-groups:
6
Refresh Epoch 1
Local
123.123.55.243 from 123.123.55.243 (192.168.1.3)
Origin incomplete, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
the virtual server is correct announced but the snat address point to the standby device
What_Lies_Bene1Cirrostratus
Just for your own protection I assume you've masked any sensitive information? Some of the static routes look 'real'.- What_Lies_Bene1
On node 2 you're missing 'neighbor 123.123.55.241 next-hop-self'
On cisco 1 you're missing 'neighbor 123.123.55.244 next-hop-self'
Any reason for that?
- frank_thyes_309Sure, all addresses are masked and unfortunately the missing statement is just a copy & paste error :(
- What_Lies_Bene1OK, here's some more questions;
1) Anything in the /var/log/zebos.log and /var/log/daemon.log files?
2) When you do a 'show ip route' on node 1 does it show node 2 as the best path for the .209 SNAT address?
3) Can you get any more detailed output from show ip bgp x.x.x.x command that might explain the preference for node 2?
4) This from the ARM manual: "When using BGP, RIP, or IS-IS, both units of the redundant system automatically advertise their shared, floating self IP address as the next hop for all advertised routes. This ensures that peer routers use the shared self IP address as the next hop for all routes advertised by the BIG-IP system." - You're output suggests this isn't the case? Is there no Floating IP? - frank_thyes_309Debug is enabled on both but /var/log/zebos.log contains no good informations, daemon log is also not very useful. Item 4 on your list helped me a lot. I was able to fix it. To solve the issue I created a floating self IP for the uplink interfaces on the bigip ips and changed the peering on the cisco boxes to only use the floating IP, after that it's working :)
Thanks for you effort and your time.
Best Frank - What_Lies_Bene1Phew, I was close to conceding defeat there. You're very welcome and hey, I've learned quite a bit on the way myself.
