LTM with BGP route advertisement

Yes the cisco gets the correct routes advertised. Synchronisation is turned off by default in that IOS version. Each Cisco uses next hop self. Here is the whole config.

 

 

node 1

 

 

router bgp 12345

 

bgp log-neighbor-changes

 

bgp graceful-restart restart-time 120

 

network 123.123.54.0/23

 

network 123.123.54.0/26

 

network 123.123.54.64/26

 

network 123.123.54.128/26

 

network 123.123.54.192/26

 

network 123.123.55.0/26

 

network 123.123.55.64/27

 

network 123.123.55.96/27

 

network 123.123.55.128/27

 

network 123.123.55.160/27

 

network 123.123.55.160/28

 

network 123.123.55.176/28

 

network 123.123.55.192/28

 

network 123.123.55.208/28

 

network 123.123.55.209/32

 

network 123.123.55.224/28

 

network 123.123.55.240/28

 

redistribute kernel

 

neighbor 123.123.55.241 remote-as 12345

 

neighbor 123.123.55.241 next-hop-self

 

neighbor 123.123.55.241 capability graceful-restart

 

neighbor 123.123.55.242 remote-as 12345

 

neighbor 123.123.55.242 capability graceful-restart

 

neighbor 123.123.55.244 remote-as 12345

 

neighbor 123.123.55.244 capability graceful-restart

 

!

 

ip route 70.72.6.200/30 123.123.55.241

 

ip route 70.231.161.80/30 123.123.55.242

 

!

 

 

node 2

 

 

router bgp 12345

 

bgp log-neighbor-changes

 

bgp graceful-restart restart-time 120

 

network 123.123.54.0/23

 

network 123.123.54.0/26

 

network 123.123.54.64/26

 

network 123.123.54.128/26

 

network 123.123.54.192/26

 

network 123.123.55.0/26

 

network 123.123.55.64/27

 

network 123.123.55.96/27

 

network 123.123.55.128/27

 

network 123.123.55.160/27

 

network 123.123.55.160/28

 

network 123.123.55.176/28

 

network 123.123.55.192/28

 

network 123.123.55.208/28

 

network 123.123.55.209/32

 

network 123.123.55.224/28

 

network 123.123.55.240/28

 

redistribute kernel

 

neighbor 123.123.55.241 remote-as 12345

 

neighbor 123.123.55.241 capability graceful-restart

 

neighbor 123.123.55.242 remote-as 12345

 

neighbor 123.123.55.242 capability graceful-restart

 

neighbor 123.123.55.243 remote-as 12345

 

neighbor 123.123.55.243 capability graceful-restart

 

!

 

ip route 70.72.6.200/30 123.123.55.241

 

ip route 70.231.161.80/30 123.123.55.242

 

 

cisco 1

 

 

router bgp 12345

 

bgp log-neighbor-changes

 

network 123.123.54.0 mask 255.255.254.0

 

network 123.123.54.0 mask 255.255.255.192

 

network 123.123.54.64 mask 255.255.255.192

 

network 123.123.54.128 mask 255.255.255.192

 

network 123.123.54.192 mask 255.255.255.192

 

network 123.123.55.0 mask 255.255.255.192

 

network 123.123.55.64 mask 255.255.255.224

 

network 123.123.55.96 mask 255.255.255.224

 

network 123.123.55.128 mask 255.255.255.224

 

network 123.123.55.160 mask 255.255.255.224

 

network 123.123.55.160 mask 255.255.255.240

 

network 123.123.55.176 mask 255.255.255.240

 

network 123.123.55.192 mask 255.255.255.240

 

network 123.123.55.208 mask 255.255.255.240

 

network 123.123.55.224 mask 255.255.255.240

 

network 123.123.55.240 mask 255.255.255.240

 

neighbor 70.72.6.201 remote-as 5656

 

neighbor 70.72.6.201 route-map prepend out

 

neighbor 70.72.6.201 filter-list 1 out

 

neighbor 123.123.55.242 remote-as 12345

 

neighbor 123.123.55.243 remote-as 12345

 

neighbor 123.123.55.243 next-hop-self

 

neighbor 123.123.55.244 remote-as 12345

 

!

 

ip forward-protocol nd

 

!

 

ip as-path access-list 1 permit ^$

 

!

 

no ip http server

 

no ip http secure-server

 

ip route 2.2.2.2 255.255.255.255 GigabitEthernet0/0

 

ip route 70.231.161.80 255.255.255.252 123.123.55.242

 

ip route 123.123.54.0 255.255.254.0 Null0

 

ip route 123.123.55.176 255.255.255.240 GigabitEthernet0/0

 

 

cisco 2

 

 

router bgp 12345

 

bgp log-neighbor-changes

 

bgp default local-preference 150

 

network 123.123.54.0 mask 255.255.254.0

 

network 123.123.54.0 mask 255.255.255.192

 

network 123.123.54.64 mask 255.255.255.192

 

network 123.123.54.128 mask 255.255.255.192

 

network 123.123.54.192 mask 255.255.255.192

 

network 123.123.55.0 mask 255.255.255.192

 

network 123.123.55.64 mask 255.255.255.224

 

network 123.123.55.96 mask 255.255.255.224

 

network 123.123.55.128 mask 255.255.255.224

 

network 123.123.55.160 mask 255.255.255.224

 

network 123.123.55.160 mask 255.255.255.240

 

network 123.123.55.176 mask 255.255.255.240

 

network 123.123.55.192 mask 255.255.255.240

 

network 123.123.55.208 mask 255.255.255.240

 

network 123.123.55.224 mask 255.255.255.240

 

network 123.123.55.240 mask 255.255.255.240

 

neighbor 70.231.161.81 remote-as 1111

 

neighbor 70.231.161.81 filter-list 1 out

 

neighbor 123.123.55.241 remote-as 12345

 

neighbor 123.123.55.243 remote-as 12345

 

neighbor 123.123.55.243 next-hop-self

 

neighbor 123.123.55.244 remote-as 12345

 

neighbor 123.123.55.244 next-hop-self

 

!

 

ip forward-protocol nd

 

!

 

ip as-path access-list 1 permit ^$

 

!

 

no ip http server

 

no ip http secure-server

 

ip route 1.1.1.1 255.255.255.255 GigabitEthernet0/0

 

ip route 70.72.6.200 255.255.255.252 123.123.55.241

 

ip route 123.123.54.0 255.255.254.0 Null0

 

ip route 123.123.55.176 255.255.255.240 GigabitEthernet0/0

 

 

cisco 1

 

 

snat address

 

 

show ip bgp 123.123.55.209

 

BGP routing table entry for 123.123.55.209/32, version 11073552

 

Paths: (2 available, best 2, table default)

 

Advertised to update-groups:

 

6

 

Refresh Epoch 1

 

Local

 

123.123.55.243 from 123.123.55.243 (192.168.1.3)

 

Origin IGP, localpref 100, valid, internal

 

rx pathid: 0, tx pathid: 0

 

Refresh Epoch 1

 

Local

 

123.123.55.244 from 123.123.55.244 (192.168.1.4)

 

Origin IGP, localpref 100, valid, internal, best

 

rx pathid: 0, tx pathid: 0x0

 

cisco 1

 

 

some virtual server

 

 

show ip bgp 123.123.55.210

 

BGP routing table entry for 123.123.55.210/32, version 11079429

 

Paths: (1 available, best 1, table default)

 

Advertised to update-groups:

 

6

 

Refresh Epoch 1

 

Local

 

123.123.55.243 from 123.123.55.243 (192.168.1.3)

 

Origin incomplete, localpref 100, valid, internal, best

 

rx pathid: 0, tx pathid: 0x0

 

 

the virtual server is correct announced but the snat address point to the standby device

 

Just for your own protection I assume you've masked any sensitive information? Some of the static routes look 'real'.

On node 2 you're missing 'neighbor 123.123.55.241 next-hop-self'

 

On cisco 1 you're missing 'neighbor 123.123.55.244 next-hop-self'

 

Any reason for that?

 

Sure, all addresses are masked and unfortunately the missing statement is just a copy & paste error :(

OK, here's some more questions;

 

 

1) Anything in the /var/log/zebos.log and /var/log/daemon.log files?

 

2) When you do a 'show ip route' on node 1 does it show node 2 as the best path for the .209 SNAT address?

 

3) Can you get any more detailed output from show ip bgp x.x.x.x command that might explain the preference for node 2?

 

 

4) This from the ARM manual: "When using BGP, RIP, or IS-IS, both units of the redundant system automatically advertise their shared, floating self IP address as the next hop for all advertised routes. This ensures that peer routers use the shared self IP address as the next hop for all routes advertised by the BIG-IP system." - You're output suggests this isn't the case? Is there no Floating IP?

Debug is enabled on both but /var/log/zebos.log contains no good informations, daemon log is also not very useful. Item 4 on your list helped me a lot. I was able to fix it. To solve the issue I created a floating self IP for the uplink interfaces on the bigip ips and changed the peering on the cisco boxes to only use the floating IP, after that it's working :)

 

 

Thanks for you effort and your time.

 

 

Best Frank

Phew, I was close to conceding defeat there. You're very welcome and hey, I've learned quite a bit on the way myself.