Forum Discussion
NSX-T and F5 HA using BGP
- May 25, 2022
Hello,
This configuration is entirely supported and used at many service provider accounts, including my own.
For the BGP peers you will want to peer with the self-IP, not with the floating self-IP. This will indeed allow for two active peers and they will receive routes from both BIP-IP's. The way you control traffic is indeed with the floating self-IP, you just need to set the outbound (or inbound on the routers) next-hop as the floating self-IP using a quick route-map. Here is a quick example config:
router bgp xxxx
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
neighbor x.x.x.x remote-as xxxxx
neighbor x.x.x.x description xxxxx
neighbor x.x.x.x route-map blue-to-bgp outroute-map blue-to-bgp permit 100
set metric 100
set ip next-hop x.x.x.x primary <--Floating Self-IP
Hello,
This configuration is entirely supported and used at many service provider accounts, including my own.
For the BGP peers you will want to peer with the self-IP, not with the floating self-IP. This will indeed allow for two active peers and they will receive routes from both BIP-IP's. The way you control traffic is indeed with the floating self-IP, you just need to set the outbound (or inbound on the routers) next-hop as the floating self-IP using a quick route-map. Here is a quick example config:
router bgp xxxx
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
neighbor x.x.x.x remote-as xxxxx
neighbor x.x.x.x description xxxxx
neighbor x.x.x.x route-map blue-to-bgp out
route-map blue-to-bgp permit 100
set metric 100
set ip next-hop x.x.x.x primary <--Floating Self-IP
- FFiveMay 26, 2022Altocumulus
This is the exact configuration I used for the lab we are running. It works fine for our purposes, my question was more of if there was a different way to not have to use this and just rely on the failover of the units.
Unfortunately, due to the nature of our design, virtual server and kernel route redistribution doesn't seem like an option at this point, or at least from my current knowledge standpoint. The routes I would need to redistribute as Kernel routes exist in the F5 as the Self IPs (Float and Non), which are the gateways to our web application servers, but regardless. This configuration is valid, and it works for our design, which we are also following and looking closer at the NSX-T and F5 document provided by Eric Chen.
I really appreciate all of your time.
- Frederick_WitteMay 26, 2022Employee
That's great to hear you're using the configuration and it is working as intended.
I've not had any issues in the past using VIP/kernel distribution with this exact design as the next hop will always be that of the active unit from the perspective BGP peers.
Should you have any trouble please do not hesitate to reach out, always happy to jump on a call with a customer and work through these types of congiruations.
Best,
Fred
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com