Forum Discussion

brett_01_135751's avatar
brett_01_135751
Icon for Nimbostratus rankNimbostratus
Mar 15, 2014

f5 and bgp

So some background first:

 

I'm doing a POC/lab test at the moment and this is what I am trying to achieve:

 

Pair of load balanced DNS Servers sitting behind a single ipv4 address with a health monitor that checks dns is responding, if DNS is down (on both servers) withdraw an announcement for a /24 to an eBGP peering session, if either of the DNS servers start responding re-announce the prefix, the announcement should be the /24 that encloses the /32 of the virtual server.

 

This is what I have managed to get up and running so far:

 

I have the virtual server and the real dns servers up and running and I can send DNS queries and get an answer. I have a health monitor setup that sends a DNS query to the pool servers. In the settings of the virtual address in question I have set "advertise route when any virtual server is available" and have ticked the advertise route box.

 

I have a BGP peering session up and running (configured within imish.) with the following config:

 

router bgp 100 bgp graceful-restart restart-time 120 neighbor 199.0.0.254 remote-as 200 neighbor 199.0.0.254 capability graceful-restart

 

I can confirm the peering is up but no prefixes are being announced.

 

BGP neighbor is 199.0.0.254, remote AS 200, local AS 100, external link BGP version 4, remote router ID 192.168.1.15 BGP state = Established, up for 1d16h55m Last read 1d16h55m, hold time is 90, keepalive interval is 30 seconds 0 accepted prefixes 0 announced prefixes

 

So how do i do the last step of announcing the prefix 222.222.222.0/24 when the pool of servers behind the virtual server at 222.222.222.222 are accepting and DNS queries (and withdrawing when they are not)

 

application delivery
deployment
LTM

5 Replies

Sort By
  • brett_01_135751's avatar
    brett_01_135751
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2014

    So small update I made some progress:

     

    I added the following routing config to the f5:

     

    access-list 10 permit 222.222.222.0 0.255.255.255

     

    route-map bgpmap1 permit 10 match ip address bgpout1

     

    router bgp 100 redistribute kernel route-map bgpmap1

     

    This caused a prefix to get announced and accepted but it is only a /32 and I need it to be the whole enclosing /24 any idea how I would achieve that anyone?

     

    Oh and in other news im glad to say the /32 prefix does indeed get withdrawn if the DNS servers stop answering queries.

     

    Brett

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 16, 2014

    The LTM may not advertise the /24 if it doesn't have it in the routing table. The virtual server is just a host IP address. If you put a null route in for the /24, that'll put the network in your routing table and should then advertise it.

     

  • brett_01_135751's avatar
    brett_01_135751
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2014

    Ok Thanks for your answer, I'm not really sure how I would add this NULL route in a way that it would get removed when the DNS servers are not answering queries. I understand of course that I can add a static route to the f5 but unless I am mis-understanding something somewhere if I do this and then the DNS servers are both unavailable the /32 will get withdrawn but the /24 will remain which means I will still pull in traffic for my DNS servers which are not available to answer the queries.

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 16, 2014

    In Cisco routers, it's called a null route because your next hop is null0. Unsure exactly how to do it in LTM, but it may be creating a reject route. Check out this link:

     

    http://support.f5.com/kb/en-us/solutions/public/13000/800/sol13833.html

     

    Try building a route to the /24 in the LTM and set the resource to reject. See if this works.

     

  • brett_01_135751's avatar
    brett_01_135751
    Icon for Nimbostratus rankNimbostratus
    Mar 17, 2014

    So for everybody elses benefit with the help of one of my colleagues I did find the answer to this:

     

    I added:

     

    aggregate-address 222.222.222.0/24 summary-only

     

    to the zebos config on the f5 Now when the DNS servers are working the /24 (instead of the /32) is advertised and when they stop working the /24 gets withdrawn.

     

    The next stage that I need to to go to now is to add a second virtual server (within the same /24) also running a pair of DNS servers (for a different zone).

     

    Then my logic needs to be if either of these virtual servers stop responding to DNS queries withdraw the whole /24. As the config stands at the moment both real_servers behind both virtual servers would need to go down before the route was withdrawn.

     

    Any pointers are appreciated.