How to config BGP peering for F5 in HA-pair?
Hi I've setup F5 BGP peering with router and have problem due to we can't use floating IP as IP BGP neighbor address https://support.f5.com/csp/article/K62454350 . So we need to use self IP as IP BGP neighbor address. Problem is It's make router can't decide which path is correct when they send response traffic to F5. F5 active unit or standby unit. Router can't know status on F5. I try to add prepend on BGP which is standby unit and it's fine. but when standby unit takeover . it's failed again. Is there a way to deploy BGP with F5 HA-pair? Thank you
Active-active and RHI (BGP) failover
Hello, I successfully managed to set up the functionality I am looking for but I am lacking the speedy failover that is required. Two F5 LTMs (VE edition), in an active-active configuration, i.e. two traffic groups. One primary on each LTM. Each LTM is connected with BGP to separate routers. I am running eBGP LTM<->router and iBGP router<->router. Each LTM communicates with a its respective router over a link net (LTM endpoint as self IP, no floating self IPs due to L3 separation of the two LTMs) Each LTM is situated on separate L3 segments and all VIPs are announced successfully via RHI. Traffic groups fail over based on a gateway failsafe that icmp monitors an interface on its router. It all works beautifully in every failure scenario I have tested so far but, failover takes around 10-20 seconds. I have tweaked lots of parameters in the LTMs but none of them improve the situation. Is there a way to come down to less than a five second failover time? R1-----R2 | | F5 F5
Creating F5 VIP with on IP range not part of interface Subnet
Hi Team, I'm working on scenario where we need application require automatic failover between datacenters. We have F5 LTM in each DC if F5 or application fails we need traffic to automatically failover to secondary Data Centre. GTM is not an option here due to various issues. I'm thinking of using BGP route injection to advertise VIP from each DC and to prefer primary DC. so my question is can we create a VIP using a separate IP pool other than F5 interface IP network? reason is F5 VIP created on both DCs will have same IP addresses. Anyone can see an issue with this approach?
BGP AS-PATH prepending
We facing a challange with BGP. Situation : 2 x F5 Viprion chassis in HA setup. Each chassis has a dedicated VLAN configured to connect towards the Internet. When adding the networks to be advertised to the bgp neighbor we also use the as-local-count (1 for the active node, 4 for the standby node) as the prefered route. When the standby node becomes active we would like that the as-local-count becomes 1 and for the other node, who's become standby with an as-local-count value of 4. Question, Is this possible to configure this within the ZebOS routing module? or any have an idea how to configure this? From a BGP configuration perspective on a router there is way to use a trigger were you can set the as-local-count value. There is only a BGP command referance available which not showing the possiblities with the BGP. Kind regards, ErwinBGP - Conditional announcement of directly connected networks
Hi, Is there any functionality to conditionally announce directly connected networks similarly to how you can use a route-map to conditionally announce a default route or how you can use RHI to conditionally announce kernel-routes? My goal is to only announce connected routes on the active unit, but using redistribute connected announces the connected networks on all devices, while redistribute connected route-map conditionalRoutemap doesn't work (ie. the networks are not announced anywhere).Outbound iRule / BGP routing
Hey sirs, I would like to ask a question about the order of precedence/execute of a connection that consumes a forwarding virtual server/routing table. Currently, we have a forwarding any:0 virtual server, which load balances internet outgoing traffic through a pool_default_gateway that has the IP of 3 routers from different ISP associated with it, including some irules that make the SNAT decision based on LAN-segment. We are planning to include the F5 pair in the BGP neighbors of each ASN ISP and receive the default route and advertise the Virtual Server public IP. Does anyone know if the F5 when reads the dynamic routing table obtained via BGP, the traffic that is handled by the virtual servers of forwarding any:0, including those that are manipulated via iRule can show any kind of intermittence? thanks in advanceCalico cannot advertise routes to BIG-IP through BGP
Hi. I setup BIG-IP as a usual, but I got some unfamiliar error and I recognized Calico cannot advertise its routes to BIG-IP. In BIG-IP, I found error log like `Open Cap: IgnoringVendor specific capability, code 70 len 0` (code is either 69 or 70). BGP itself seems to be established because `sudo calicoctl node status` on kubernetes master node returns `[BIG-IP Internal IP] | global | up | 09:32:57 | Established` and `show ip bgp neighbors` on BIG-IP terminal returns `BGP state = Established, up for ...`. But on BIG-IP, there are also `BGP connection is non shared network` messages left. I tried to ping to kubernetes master node. It returned correct response. From master node to BIG-IP also returned correct. So, I have no idea why Calico cannot advertise routes. I used this procedure (https://support.f5.com/csp/article/K14436300). Our BIG-IP version is 14.1.0, and k8s-bigip-ctlr version is 1.10.0. Using kubernetes version 1.13.1 with Calico v3.7.5. Does anyone have an idea what I should try to do or confirm to?
Create net routing bgp issue, RCI for BGP and BFD (ZebOS to tmsh ROUTING)
Hello, I am trying to migrate a BGP configuration from ZebOS to tmsh tmsh to test the new functionality of 13.1.0 (Routing Configuration Integration (RCI) for BGP and BFD). I activate TMOS ROUTING by: tmsh modify sys db tmrouted.tmos.routing value enable. when I try to configure the TMOS BGP by: create net routing bgp TEST local-as 65540, I have this error message : [api-status-warning] net / routing / bgp is early_access 01071c3f: 3: Can not mix routing-protocol Legacy and TMOS mode for route-domain (/ Common / 0). Any idea please ???