Regular expression format in user_alert.conf
I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine. Here's my user_alert.conf (sanitized of course) alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" { exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }" } And one of the logs I'm trying to match on: 2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASE If I then runimish and shut down a neighbor that should match that regex, the device I'm on stays active. Any thoughts on what else I can try?46Views0likes1CommentHow to config BGP peering for F5 in HA-pair?
Hi I've setup F5 BGP peering with router and have problem due to we can't use floating IP as IP BGP neighbor address https://support.f5.com/csp/article/K62454350 . So we need to use self IP as IP BGP neighbor address. Problem is It's make router can't decide which path is correct when they send response traffic to F5. F5 active unit or standby unit. Router can't know status on F5. I try to add prepend on BGP which is standby unit and it's fine. but when standby unit takeover . it's failed again. Is there a way to deploy BGP with F5 HA-pair? Thank you2.7KViews0likes2CommentsOutbound iRule / BGP routing
Hey sirs, I would like to ask a question about the order of precedence/execute of a connection that consumes a forwarding virtual server/routing table. Currently, we have a forwarding any:0 virtual server, which load balances internet outgoing traffic through a pool_default_gateway that has the IP of 3 routers from different ISP associated with it, including some irules that make the SNAT decision based on LAN-segment. We are planning to include the F5 pair in the BGP neighbors of each ASN ISP and receive the default route and advertise the Virtual Server public IP. Does anyone know if the F5 when reads the dynamic routing table obtained via BGP, the traffic that is handled by the virtual servers of forwarding any:0, including those that are manipulated via iRule can show any kind of intermittence? thanks in advance543Views1like4CommentsLTM BGP announce virtual server IP from active and standby vCMP guest.
Hi we are trying to setup an active/standby routed setup. For this, we are using BGP. F5-1-----F5-2 | | SW-1-----SW-2 BGP is configured between F5-1 and SW-1, and F5-2 and SW-2. connection between SW-1 and SW-2 is l2. Everything is configured, however, the virtual server IP addresses are only announced by the active Guest. config on both devices: ip prefix-list VS-pl seq 10 permit /31 ge 32 ! route-map export_to_bgp_v4 permit 10 match ip address prefix-list VS-pl ! router bgp redistribute kernel redistribute static neighbor route-map export_to_bgp_v4 out on the standby, the statement is: neighbor route-map export_to_bgp_v4 out I would like both vCMP guests to announce the subnet, so I can use local pref to define the preferred path in my routing table. (eg: if the active is announcing the subnet, use this. otherwise, there is an immediate alternative available; the standby) when I do a sh ip bgp neighbors advertised-routes on the active Guest (F5-1), I see the F5 announcing the subnet. When I issue the same command on the standby (F5-2), I don't see the subnet of my virtual servers. This is due to the fact that my standby (F5-2), does not have this in it's kernel routing table. Am I doing something wrong here? The reason why I ask is that I don't want 4 bgp sessions, just the square and now, when a failover happens, I have downtime, as the standby has to announce the virtual server IPs to it's neigbour. Thanks in advance for any help! With kind regards Sybren346Views0likes0CommentsBGP - Conditional announcement of directly connected networks
Hi, Is there any functionality to conditionally announce directly connected networks similarly to how you can use a route-map to conditionally announce a default route or how you can use RHI to conditionally announce kernel-routes? My goal is to only announce connected routes on the active unit, but using redistribute connected announces the connected networks on all devices, while redistribute connected route-map conditionalRoutemap doesn't work (ie. the networks are not announced anywhere).594Views0likes4CommentsActive-active and RHI (BGP) failover
Hello, I successfully managed to set up the functionality I am looking for but I am lacking the speedy failover that is required. Two F5 LTMs (VE edition), in an active-active configuration, i.e. two traffic groups. One primary on each LTM. Each LTM is connected with BGP to separate routers. I am running eBGP LTM<->router and iBGP router<->router. Each LTM communicates with a its respective router over a link net (LTM endpoint as self IP, no floating self IPs due to L3 separation of the two LTMs) Each LTM is situated on separate L3 segments and all VIPs are announced successfully via RHI. Traffic groups fail over based on a gateway failsafe that icmp monitors an interface on its router. It all works beautifully in every failure scenario I have tested so far but, failover takes around 10-20 seconds. I have tweaked lots of parameters in the LTMs but none of them improve the situation. Is there a way to come down to less than a five second failover time? R1-----R2 | | F5 F51.4KViews0likes4CommentsBGP stops advertising after upgrade
Hello , we have an LTM VE in a HA cluster . We have defined a couple of route domain (RD) and have enabled BGP/BFD for these route domains . There is a BGP routing configuration present (imish -r RD) . In this configuration peer devices are defined , and by putting RHI (route health injection) we advertise our virtual servers towards these bgp peers . The current setup is running on version 13.1.1.5 and is working since long time without any issue. AS v13 is going end of life we tried to upgrade recently to v14.1.5.2 . The upgrade itself went smooth . New version was activated , all pools and virtual servers were present as before. Initially all looked ok . When we checked out BGP peer (show ip bgp summary) we could see that the peering was established , again this looked ok . But when checking the advertised routes , no routes were being advertised . "sh ip bgp neighbour x.x.x.x advertised-routes" --> showed no routes present , whereas before we had about 10 virtual servers being announced in v13 I'm aware of articlehttps://cdn.f5.com/product/bugtracker/ID1031425.htmlconcerning BGP advertising . But this is the case when you receive a route , and try to advertise it then from F5 (back to front advertising) . In our case F5 is end device , and just announcing these virtual servers. So we are not receiving any BGP update and then sending these routes on . IN the end we needed to rollback to v13 again , by booting from partition with old version . Once this was done all started working again including BGP . Any idea what could be issue here ? (i've pasted our BGP config here below , it's quite basic) we use a routemap for blocking incoming updates (DENY-ALL) and with routemap "KERNEL2BGP" we control which virtual servers we can advertise . (each ip we want to announce it mentioned in this routemap) router bgp F5-AS bgp router-id F5-selfIP bgp always-compare-med bgp log-neighbor-changes bgp graceful-restart restart-time 120 redistribute kernel route-map KERNEL2BGP neighbor peer-IP remote-as "remote-as-nr" neighbor peer-IP description "xxx" neighbor peer-IP update-source selfip-address neighbor peer-IP password "xxx" neighbor peer-IP timers 3 9 neighbor peer-IP fall-over bfd neighbor peer-IP next-hop-self neighbor peer-IP soft-reconfiguration inbound neighbor peer-IP route-map DENY-ALL inSolved1.1KViews0likes6CommentsNSX-T and F5 HA using BGP
Hi All, I am working on a lab to get F5 LTM VE high availability pair working with NSX-T T0 router using BGP The routing domain all works find, I am able to establish the BGP neighborship and I see the T0 routes, and the T0 sees my routes. What I am trying to find information on, is on what the best practice is for the Active/Standby F5 HA pair to be BGP paired to the Active/active T0. As is, the NSX-T T0 router sees routes being advertised from both F5, even the standby unit. I ran into a problem where the Standby unit was receiving traffic as it was a valid route in the table of the NSX-T0 and to resolve the issue I created a BGP Floating self ip and configured it as the next-hop ip address for the NSX-T0. This way the active F5 always processes the traffic. I am wondering if this is the intended way to do such a design or if there is a better way to do this, a standardize way to do this. Here is an ASCII representation of the design: +-------------------------------+ | | | CAMPUS NETWORK | | | +-----+---------------------+---+ | | eBGP eBGP | | +-----+---------------------+---+ | Active Active | | +-----+ +-----+ | | |EDGE1| NSX-T |EDGE2| | | +-+---+ T0 +---+-+ | | |.1 .2| | +----+----------------------+---+ | | | | | | eBGP eBGP | | | NEXT-HOP | | FLOAT-IP | |.3 .5 .4| +-+--+ +---+-+ |F5-1+------HA-------+F5-2 | +----+ +-----+ Active PassiveSolved3.1KViews0likes8CommentsiControl or script to get dynamic route from F5
Hi I currently use F5 with dynamic routing (Learn BGP dynamic route from neighbor router). Problem is sometimes router can't send me route and all dynamic route is gone. (we got downtimes and there is no alert to us) Do we have iControl script or any script command to get route list from F5 ? I only know tmsh command to get dynamic route. So there will be alert to us when routing have a problem. Thank you431Views0likes1Comment