Applies To:

Show Versions Show Versions

Manual Chapter: Configuring NVGRE Tunnels for HA-Paired Devices
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Configuring NVGRE Tunnels for HA-Paired Devices

Overview: Configuring NVGRE tunnels for HA-paired devices

You can set up Network Virtualization using Generic Routing Encapsulation (NVGRE) tunnels on an HA pair of BIG-IP® devices. For NVGRE, you are creating a tunnel interface that can process packets to and from both floating and non-floating self IP addresses. The Local Address field specifies the floating tunnel IP address, and the Secondary Address field specifies the non-floating tunnel IP address. Monitor traffic uses the non-floating tunnel IP address, while forwarded traffic uses the floating tunnel IP address.

When you specify a secondary address, ConfigSync is disabled for the tunnel.

After you configure the NVGRE tunnel, two sets of NVGRE flows are created. The floating tunnel IP address is the source of one set of flows, and the non-floating tunnel IP address is the source of the other set. The NVGRE flows that originate from the floating tunnel IP address are available only on the active device.

NVGRE tunnels configured for HA pair

NVGRE tunnels configured for HA pair

After failover, the forwarded traffic flows through the tunnel associated with the floating IP address, which is now active on the other device. Monitor traffic continues to flow through the tunnels associated with the non-floating IP addresses.

NVGRE tunnels configured for HA pair, after failover

NVGRE tunnels configured for HA pair, after failover

About Microsoft Hyper-V representation of tunnels

The Microsoft Hyper-V uses customer records to represent the associations of overlay addresses with remote tunnel endpoints. This information needs to be statically configured for each overlay address:

  • Customer IP address (overlay address)
  • Customer MAC address
  • Provider IP address (underlay/tunnel endpoint)
  • VSID (tunnel key)
  • Routing domain

One example of overlay addresses is self IP addresses assigned to NVGRE tunnel objects on the BIG-IP® system. If an address is configured as a floating self IP address, the tunnel local endpoint must also be a floating self IP address. This ensures that failover maintains the validity of the Hyper-V configuration. The traffic groups used for the overlay self IP addresses also need to be configured with a masquerading MAC address.

About configuration of NVGRE tunnels in an HA pair

In an HA configuration, the config sync operation applies, by default, to all tunnel objects on all devices, regardless of whether the tunnel local endpoints are set to floating self IP addresses. This behavior restricts NVGRE tunnels to using only floating self IP addresses, unless you specify a secondary address when you create the tunnel.

Creating an NVGRE tunnel in an HA configuration

The way you create an NVGRE tunnel for a pair of BIG-IP® devices in an HA configuration makes the tunnel available for both forwarded and monitor traffic.
  1. On the Main tab, click Network > Tunnels > Tunnel List > Create .
    The New Tunnel screen opens.
  2. In the Name field, type a unique name for the tunnel.
  3. From the Profile list, select nvgre.
    This setting tells the system which tunnel profile to use. The system-supplied NVGRE profile is adequate. To change the settings, you can create a new NVGRE profile, which then appears in this list.
  4. In the Key field, type the Virtual Subnet Identifier (VSID) to use for the NVGRE tunnel.
    This field appears above the Profile field when you select a profile that requires this setting.
  5. In the Local Address field, type the local endpoint IP address.
    This should be a floating self IP address.
  6. In the Secondary Address field, select Specify, and type the non-floating local IP address of the tunnel, for use with locally initiated traffic, such as monitor traffic.
  7. For the Remote Address list, retain the default selection, Any.
  8. For the Mode list, retain the default selection, Bidirectional.
  9. From the Traffic Group list, select the traffic group that includes the local IP address for the tunnel.
  10. Click Finished.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)