BGP Over 2 vlans to 2 Network switch
Hi, im testing a new design for ltm, when’re big ip will have 2 transit vlans to switch a and switch b and then i ll establish bgp over it. Switch will advertise default to Big ip and big ip will advertise vip and snat to switch. I use snat for vip since traffic should not drip when a switch fails. The way im advertising snat is by creating them as virtual server forward ip type with loose close and initiation enabled, and vip is configured as standard type with this snat. These will be advertised to bgp from kernal. I enabled connection mirroring for this vip, disabled autolast hop globally and vlan keyed connections. My expectation is connection to vip don’t drip when a switch fails or during big ip failover . And with bgp I disabled graceful restart and enabled bfd. This works with what I did so far. My question if if there is something I should think about before implementing in production or any that I can do make this better. Is my approach to advertise snat as forwadip vs correct ? I want to do similar approach with gtm as well and I’m thinking if I should create a non floating self ip like loopback for listener and snat to backend vip?
Regular expression format in user_alert.conf
I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine. Here's my user_alert.conf (sanitized of course) alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" { exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }" } And one of the logs I'm trying to match on: 2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASE If I then run imish and shut down a neighbor that should match that regex, the device I'm on stays active. Any thoughts on what else I can try?
How to config BGP peering for F5 in HA-pair?
Hi I've setup F5 BGP peering with router and have problem due to we can't use floating IP as IP BGP neighbor address https://support.f5.com/csp/article/K62454350 . So we need to use self IP as IP BGP neighbor address. Problem is It's make router can't decide which path is correct when they send response traffic to F5. F5 active unit or standby unit. Router can't know status on F5. I try to add prepend on BGP which is standby unit and it's fine. but when standby unit takeover . it's failed again. Is there a way to deploy BGP with F5 HA-pair? Thank youOutbound iRule / BGP routing
Hey sirs, I would like to ask a question about the order of precedence/execute of a connection that consumes a forwarding virtual server/routing table. Currently, we have a forwarding any:0 virtual server, which load balances internet outgoing traffic through a pool_default_gateway that has the IP of 3 routers from different ISP associated with it, including some irules that make the SNAT decision based on LAN-segment. We are planning to include the F5 pair in the BGP neighbors of each ASN ISP and receive the default route and advertise the Virtual Server public IP. Does anyone know if the F5 when reads the dynamic routing table obtained via BGP, the traffic that is handled by the virtual servers of forwarding any:0, including those that are manipulated via iRule can show any kind of intermittence? thanks in advanceLTM BGP announce virtual server IP from active and standby vCMP guest.
Hi we are trying to setup an active/standby routed setup. For this, we are using BGP. F5-1-----F5-2 | | SW-1-----SW-2 BGP is configured between F5-1 and SW-1, and F5-2 and SW-2. connection between SW-1 and SW-2 is l2. Everything is configured, however, the virtual server IP addresses are only announced by the active Guest. config on both devices: ip prefix-list VS-pl seq 10 permit /31 ge 32 ! route-map export_to_bgp_v4 permit 10 match ip address prefix-list VS-pl ! router bgp redistribute kernel redistribute static neighbor route-map export_to_bgp_v4 out on the standby, the statement is: neighbor route-map export_to_bgp_v4 out I would like both vCMP guests to announce the subnet, so I can use local pref to define the preferred path in my routing table. (eg: if the active is announcing the subnet, use this. otherwise, there is an immediate alternative available; the standby) when I do a sh ip bgp neighbors advertised-routes on the active Guest (F5-1), I see the F5 announcing the subnet. When I issue the same command on the standby (F5-2), I don't see the subnet of my virtual servers. This is due to the fact that my standby (F5-2), does not have this in it's kernel routing table. Am I doing something wrong here? The reason why I ask is that I don't want 4 bgp sessions, just the square and now, when a failover happens, I have downtime, as the standby has to announce the virtual server IPs to it's neigbour. Thanks in advance for any help! With kind regards Sybren
BGP - Conditional announcement of directly connected networks
Hi, Is there any functionality to conditionally announce directly connected networks similarly to how you can use a route-map to conditionally announce a default route or how you can use RHI to conditionally announce kernel-routes? My goal is to only announce connected routes on the active unit, but using redistribute connected announces the connected networks on all devices, while redistribute connected route-map conditionalRoutemap doesn't work (ie. the networks are not announced anywhere).
Active-active and RHI (BGP) failover
Hello, I successfully managed to set up the functionality I am looking for but I am lacking the speedy failover that is required. Two F5 LTMs (VE edition), in an active-active configuration, i.e. two traffic groups. One primary on each LTM. Each LTM is connected with BGP to separate routers. I am running eBGP LTM<->router and iBGP router<->router. Each LTM communicates with a its respective router over a link net (LTM endpoint as self IP, no floating self IPs due to L3 separation of the two LTMs) Each LTM is situated on separate L3 segments and all VIPs are announced successfully via RHI. Traffic groups fail over based on a gateway failsafe that icmp monitors an interface on its router. It all works beautifully in every failure scenario I have tested so far but, failover takes around 10-20 seconds. I have tweaked lots of parameters in the LTMs but none of them improve the situation. Is there a way to come down to less than a five second failover time? R1-----R2 | | F5 F5
