Forum Discussion

FFive's avatar
FFive
Icon for Altocumulus rankAltocumulus
May 20, 2022

NSX-T and F5 HA using BGP

Hi All, I am working on a lab to get F5 LTM VE high availability pair working with NSX-T T0 router using BGP The routing domain all works find, I am able to establish the BGP neighborship and I see...
application delivery
bgp
ha
high-availability
  • Frederick_Witte's avatar
    Frederick_Witte
    May 25, 2022

    Hello,

    This configuration is entirely supported and used at many service provider accounts, including my own.

    For the BGP peers you will want to peer with the self-IP, not with the floating self-IP.  This will indeed allow for two active peers and they will receive routes from both BIP-IP's.  The way you control traffic is indeed with the floating self-IP, you just need to set the outbound (or inbound on the routers) next-hop as the floating self-IP using a quick route-map.  Here is a quick example config:

    router bgp xxxx
    bgp log-neighbor-changes
    bgp graceful-restart restart-time 120
    neighbor x.x.x.x remote-as xxxxx
    neighbor x.x.x.x description xxxxx
    neighbor x.x.x.x route-map blue-to-bgp out

    route-map blue-to-bgp permit 100
    set metric 100
    set ip next-hop x.x.x.x primary <--Floating Self-IP

     

Eric_Chen's avatar
Eric_Chen
Icon for Employee rankEmployee
May 25, 2022

When you setup Advanced Routing on a BIG-IP it will tend to run indepedent of the status of the device unless you enable Route Health Injection to use the state of virtual-address to indicate whether the device should advertise out.  

The following has an example of how to setup a /32 address to only advertise on the active device:

There's a couple of different ways you could approach this either by advertising specific VIPs or trying to modify your BGP config to summarize routes.  Hopefully this will get you pointed in the right direction and others can chime-in.  In this example I'm assuming that each device is configured to do its own BGP advertisements and not use the floating self-ip.  I'm not familiar with how it would work if you used a floating IP (and not sure that would work???).

A while back I wrote an article about active/active in AWS with BGP.  You could try and modify the steps to use "traffic-group-1" instead of "none" in the examples from the article to setup an active/standby setup: https://community.f5.com/t5/technical-articles/aws-transit-gateway-connect-gre-bgp/ta-p/281647

Looking around I also found the following resource that goes into exhaustive details of setting up NSX with BIG-IP with both static / dynamic / active/standby and active/active: https://www.f5.com/pdf/deployment-guides/f5-vmware-nsx-t-deployment-guide.pdf