I have an Big-IP LTM in which I need to create a procedure to set a VIP "route advertisement" setting to "disabled" whenever a pool goes down. I think that this can be achieved by an iRule.
Does anyone have any example close to this? I think I got the first part of the irule identifying the pool going down:
when LB_FAILED { pool <pool name>
But I have trouble to properly finishing it by properly referencing the VIP and the "route advertisement" setting to modify it to "disabled"
What you could do is create a gateway monitor and give it an Alias Address of the gwy. Assign that to the pool as a second monitor that is the default pool of the virtual server the vip address is assigned to. That way, when the gwy fails, it marks the pool members down which in turn will retact the advertisment of the route.
How are your Route Advertisement settings configured? Depending on the how the Availability Calculation and Route Advertisement is set, when the pool has no available members the routes are retracted.
The Big-IP LTM VM is integrated into the network through two Firewalls: * There is a static default route pointing to a FW in a DMZ, which is the incoming interface of all user's traffic. * There is another firewall on another interface, through which a BGP session is established to a PE located beyond it. I redistribute the VIP to BGP to this PE through a redistribute kernel & a route map.
Now, the network manager requests me to cease advertising the VIP through BGP as soon as the default route fails: I created a pool to properly monitor the default gateway, so that this pool gets down when the gwy stops replying icmps.
What I would need is to define some function (irule, iapp maybe) to disable the "route advertisement" flag when the pool gets down, or triggering some BGP reconfiguration to remove the VIP advertisement.
Is the pool that monitors the GWY the default pool of the virtual server that is using the VIP that is being advertised? Also, is there a single or multiple pool members?
What you could do is create a gateway monitor and give it an Alias Address of the gwy. Assign that to the pool as a second monitor that is the default pool of the virtual server the vip address is assigned to. That way, when the gwy fails, it marks the pool members down which in turn will retact the advertisment of the route.
Let me post what I did as if it could be useful for anyone:
I created the monitor "test_def_gwy_firewall" including:
Type: “Gateway ICMP”
Parent monitor: gateway_icmp (default setting)
Alias Address: The default gateway ip address, example: 192.168.1.1
Alias service port: * (all ports).
I associated this new health monitor to ALL pools of ALL virtual servers sharing the VIP to be advertised, (in addition to their already existing health monitors). So that from now on, each Pool has not only its original health monitor, but also this new one.
I made sure that all 3 VIPS have the “route advertisement” to “selective, all, any” upon your choice. (Except “always” if you want to advertise this VIP through a routing protocol).
And that’s all.
Now, when I disrupt the IP connectivity to my default gateway IP address (192.168.1.1), all pools, virtual servers and VIPs go down and BGP stops advertising such VIPs to the PE’s. Conversely, when the connectivity to the def gwy is resumed, everything comes back to normal.
The network manager requests me to cease advertising the VIP through BGP as soon as the default route fails: I created a pool to properly monitor the default gateway, so that this pool gets down when the gwy stops replying icmps. MyMileStoneCard
From your answer I understand that using pools for purposes not related to Virtual Servers, like signaling the availability of external IP addresses to cooperate with routing protocols, is not the right way to use them. In that case, I guess BFD should be the right tool to use.
Another way, you could write a custom script to monitor the LTM logs looking for the gwy pool to have no member available then run the TMSH commond to set the advertisment to disabled. Remember to also write a command to re-enable the advertisment when members become available.
