Forum Discussion

Altocumulus

May 20, 2022

NSX-T and F5 HA using BGP

Hi All, I am working on a lab to get F5 LTM VE high availability pair working with NSX-T T0 router using BGP The routing domain all works find, I am able to establish the BGP neighborship and I see...

application delivery

bgp

high-availability

Frederick_Witte
May 25, 2022
Hello,

This configuration is entirely supported and used at many service provider accounts, including my own.

For the BGP peers you will want to peer with the self-IP, not with the floating self-IP. This will indeed allow for two active peers and they will receive routes from both BIP-IP's. The way you control traffic is indeed with the floating self-IP, you just need to set the outbound (or inbound on the routers) next-hop as the floating self-IP using a quick route-map. Here is a quick example config:

router bgp xxxx
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
neighbor x.x.x.x remote-as xxxxx
neighbor x.x.x.x description xxxxx
neighbor x.x.x.x route-map blue-to-bgp out

route-map blue-to-bgp permit 100
set metric 100
set ip next-hop x.x.x.x primary <--Floating Self-IP

Brandon_

Employee

May 25, 2022

F5's BGP implementation relies on kernel routes for Active/Standby configuration. You need to redistribute the kernel routes to be advertised in to BGP. This covers Virtual Addresses, SNATs, etc that you can assign to a floating traffic-group.

The kernel routes will only be available on the Active device and thereby only advertised from that device. The difference with a floating self-IP and a non floating self-IP is:

If no floating self-IP is defined, the next-hop address will be the active device's local Self-IP. This will change in the event of a failover.

If a floating self-IP is defined, the next-hop address will be that of the floating Self-IP and won't change in a failover.

If you are originating routes yourself by redistributing static routes defined on the BIG-IP those are not failover objects and both devices will advertise.

This lab we did a couple years ago walks through some of these details.

https://clouddocs.f5.com/training/community/adc/html/class5/module1/module1.html

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

NSX-T and F5 HA using BGP

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Automate scp transfers using password

Enhance your Application Security using Client-side signals

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS