07-Feb-2022 03:07
Hi,
I have an Big-IP LTM in which I need to create a procedure to set a VIP "route advertisement" setting to "disabled" whenever a pool goes down. I think that this can be achieved by an iRule.
Does anyone have any example close to this? I think I got the first part of the irule identifying the pool going down:
when LB_FAILED { pool <pool name>
But I have trouble to properly finishing it by properly referencing the VIP and the "route advertisement" setting to modify it to "disabled"
Thank you in advance.
Albert.
Solved! Go to Solution.
08-Feb-2022 05:28
What you could do is create a gateway monitor and give it an Alias Address of the gwy. Assign that to the pool as a second monitor that is the default pool of the virtual server the vip address is assigned to. That way, when the gwy fails, it marks the pool members down which in turn will retact the advertisment of the route.
07-Feb-2022 09:59
How are your Route Advertisement settings configured? Depending on the how the Availability Calculation and Route Advertisement is set, when the pool has no available members the routes are retracted.
07-Feb-2022 10:56
Hi Jim,
Thank you for your post.
The Big-IP LTM VM is integrated into the network through two Firewalls:
* There is a static default route pointing to a FW in a DMZ, which is the incoming interface of all user's traffic.
* There is another firewall on another interface, through which a BGP session is established to a PE located beyond it.
I redistribute the VIP to BGP to this PE through a redistribute kernel & a route map.
Now, the network manager requests me to cease advertising the VIP through BGP as soon as the default route fails: I created a pool to properly monitor the default gateway, so that this pool gets down when the gwy stops replying icmps.
What I would need is to define some function (irule, iapp maybe) to disable the "route advertisement" flag when the pool gets down, or triggering some BGP reconfiguration to remove the VIP advertisement.
Regards.
07-Feb-2022 12:00 - edited 07-Feb-2022 12:00
Is the pool that monitors the GWY the default pool of the virtual server that is using the VIP that is being advertised? Also, is there a single or multiple pool members?
07-Feb-2022 23:55
The pool monitoring the gateway is not the Virtual Server default pool: This pool is unassociated.
The default gateway IP address is the only member of this pool.
08-Feb-2022 01:03
But I also posted a reply to James: I guess I shoud use BFD for that purpose.
Thank you.
08-Feb-2022 05:28
What you could do is create a gateway monitor and give it an Alias Address of the gwy. Assign that to the pool as a second monitor that is the default pool of the virtual server the vip address is assigned to. That way, when the gwy fails, it marks the pool members down which in turn will retact the advertisment of the route.
08-Feb-2022 08:16
Hi Jim, thanks for your suggestion. It works!
Let me post what I did as if it could be useful for anyone:
And that’s all.
Now, when I disrupt the IP connectivity to my default gateway IP address (192.168.1.1), all pools, virtual servers and VIPs go down and BGP stops advertising such VIPs to the PE’s. Conversely, when the connectivity to the def gwy is resumed, everything comes back to normal.
07-Feb-2022 23:15 - edited 08-Feb-2022 20:08
The network manager requests me to cease advertising the VIP through BGP as soon as the default route fails: I created a pool to properly monitor the default gateway, so that this pool gets down when the gwy stops replying icmps. MyMileStoneCard
08-Feb-2022 01:00
Hi James,
Thank you for your post.
From your answer I understand that using pools for purposes not related to Virtual Servers, like signaling the availability of external IP addresses to cooperate with routing protocols, is not the right way to use them.
In that case, I guess BFD should be the right tool to use.
Regards.
08-Feb-2022 05:32 - edited 08-Feb-2022 05:33
Another way, you could write a custom script to monitor the LTM logs looking for the gwy pool to have no member available then run the TMSH commond to set the advertisment to disabled. Remember to also write a command to re-enable the advertisment when members become available.