Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP® Network and System Management Guide: Appendix C - Configuring Advanced Routing Modules
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


C

Configuring Advanced Routing Modules


Introducing the advanced routing modules

As described in Chapter 9, Configuring Routes , the BIG-IP® system has two routing tables: the kernel table for routing BIG-IP system management traffic, and a Traffic Management Microkernel (TMM) table for routing application traffic. Normally, the TMM routing table contains static routes that you specify, using the Routes screen of the Configuration utility.

In addition to adding static entries to the TMM routing table, however, you can configure the BIG-IP system to add entries to the TMM routing table dynamically, that is, without user intervention. You can do this by licensing the optional ZebOS® set of advanced routing modules and then configuring them on the BIG-IP system. The advanced routing modules consist of industry-standard dynamic routing protocols that enable the BIG-IP system to establish relationships with other routers on a network for the purpose of sharing route information on a regular basis.

An optional feature of the BIG-IP system, the advanced routing modules support these protocols:

  • Border Gateway Protocol (BGP)
    A dynamic routing protocol for external networks.
  • Routing Information Protocol (RIP)
    A dynamic routing protocol for internal networks, based on a distance-vector algorithm (number of hops).
  • Open Shortest Path First (OSPF)
    A dynamic routing protocol for internal networks, based on a link-state algorithm. OSPF is generally considered to be more suitable than RIP for large-scale, complex internal networks.

Using any of these advanced routing modules, the BIG-IP system can:

  • Dynamically add routes for destination nodes to the TMM routing table
  • Advertise and redistribute BIG-IP system routes to routers on an internal or external network
Note

To enable the Advanced Routing Modules feature, you may need to purchase an additional license key. For more information, contact F5 Networks.

For background information on configuring the dynamic routing protocols, see the ZebOS version 5.4 Routing Module documentation, available on AskF5SM (http://tech.f5.com).

Important considerations for active/standby configurations

For dynamic routing to function in active/standby configurations, be sure to consider the following:

Configuration procedure overview

Regardless of the specific advanced routing module you want to configure, the procedure for configuring an advanced routing module on a BIG-IP system is similar. In general, you must complete a few basic tasks:

Dynamically updating the TMM routing table

On any UNIX-based router, including the BIG-IP system, an advanced routing module acquires knowledge of a new route from other routers and presents the route to the ZebOS NSM daemon as a candidate for insertion into the kernel routing table. The NSM daemon then decides whether or not to insert the route into the kernel table, based on criteria such as the information stored in the ZebOS configuration file and the current state of the kernel routing table.

On the BIG-IP system, routes required for application traffic need entries in the separate TMM routing table also. Thus, the BIG-IP system needs a way to add dynamically-learned routes into the TMM routing table, where routing entries for all TMM application traffic are stored. To accomplish this, the BIG-IP system includes a daemon named tmrouted. The tmrouted daemon watches for dynamic routes that the NSM daemon inserts into the kernel routing table. When detecting such changes, the tmrouted daemon:

  • Adds those routes to the TMM routing table.
  • Removes any existing dynamically-learned routes from the TMM routing table that are no longer present in the kernel routing table.

Figure C.1 shows how the tmrouted daemon updates the TMM routing table.

 

Figure C.1 Process for adding routes to the TMM routing table

Advertising BIG-IP system routes

In addition to the advanced routing modules being able to dynamically add learned routes to the TMM routing table, the modules can also advertise BIG-IP routes to other routers. There are two types of BIG-IP system IP addresses that an advanced routing module can advertise to other devices on the network:

  • Local destination IP addresses
    An example of a local destination address is a virtual address. You advertise these addresses in a two-step process. First, you use the Configuration utility to add a route advertisement entry into the bigip.conf file. Then, you use the ZebOS VTY shell to add an entry into the ZebOS.conf file. For more information, see Advertising local destination addresses on this page, and Redistributing IP addresses to other routers .
  • Next-hop addresses
    An example of a next-hop address is a floating IP address shared by two units of a redundant system. You advertise these addresses using the ZebOS VTY shell to add an entry into the ZebOS.conf file. For more information, see Advertising next-hop addresses .

Advertising local destination addresses

When you want an advanced routing module to advertise a route for a local destination IP address, such as a virtual address, you configure the BIG-IP system to insert a route for that IP address into the kernel routing table. This allows the ZebOS NSM daemon to redistribute that address to other routers on the network. Local routes that you might want to advertise are routes to virtual addresses.

Figure C.2 shows the process that the BIG-IP system uses to advertise a virtual address.

 

Figure C.2 Advertising a virtual address on the BIG-IP system

To advertise the route for a local destination address, you use the Configuration utility to add an entry for the IP address into the bigip.conf file on the BIG-IP system. For example, the following entry in the bigip.conf file advertises the route for virtual address 10.10.10.1:

Figure C.3 Sample bigip.conf entry for advertising a route
virtual address 10.10.10.1 {
   route advertisement enable
   mask 255.255.255.255
}

If the advertised IP address becomes unavailable or failover occurs, the advertised route disappears from the kernel routing table.

Once you have advertised a local destination address, you can then configure the ZebOS.conf file to redistribute that address to other routers. For more information, see Redistributing IP addresses to other routers .

To advertise a virtual address

  1. On the Main tab of the navigation pane, expand Local Traffic, and click Virtual Servers.
    The Virtual Servers screen opens.
  2. On the menu bar, click Virtual Address List.
    This displays the list of virtual addresses.
  3. In the Address column, click the IP address that you want to advertise.
    This opens the Virtual Addresses screen.
  4. For the Route Advertisement setting, check the box.
    This enables route advertisement for this virtual address.
  5. From the Advertise Routes list, select a value or retain the default value (Always).
  6. Click Update.

Advertising next-hop addresses

In some cases, you will want to advertise not only destination addresses, but also next-hop addresses. An example of a next-hop route to advertise is the floating self IP address that two units of an active/standby system share. This ensures that:

  • The two units advertise identical routes to neighbors.
  • Each unit can respond to Address Resolution Protocol (ARP) requests so that devices can redirect traffic to the peer unit when failover occurs.

To advertise next-hop addresses, you configure the ZebOS.conf file. For more information, see Configuring the ZebOS.conf file .

Starting an advanced routing module

The first step in configuring an advanced routing module is to start the module. When you start a routing module, the BIG-IP system creates a default ZebOS.conf file in the /config directory.

This procedure applies to all of the routing modules.

To start an advanced routing module

At the BIG-IP system prompt, type the zebos command and specify a routing module, using this syntax:

zebos enable [bgp | rip | ospf]

This command starts the specified module, and creates the default ZebOS.conf file.

Configuring the ZebOS.conf file

After starting an advanced routing module and creating the default ZebOS.conf file, you can customize the file according to the advanced routing module you are implementing. The ZebOS.conf file has a separate section for each dynamic routing protocol. You configure the ZebOS.conf file using the VTY shell.

Once you have configured the ZebOS.conf file and restarted the module, the TMM routing table can receive route information dynamically, and the NSM daemon can share BIG-IP route information that you have advertised, such as virtual addresses, with other routers on the network.

Before configuring the appropriate section of the ZebOS.conf file, we recommend that you familiarize yourself with the default ZebOS.conf file. Then you can change the entries to specify your particular network information, such as interface names, router ID, and so on.

If you have an active/standby redundant-system configuration, there are additional issues to consider when you customize the ZebOS.conf file. For more information, see Important considerations for active/standby configurations .

Note

On a redundant system, you do not need to configure a routing module differently on the two units of a redundant system, except for specifying unique information such as the router ID for each unit. Other than this unique information, the two ZebOS.conf files can (and should) be identical.

Redistributing IP addresses to other routers

One of the customizations you typically make to the ZebOS.conf file is to redistribute BIG-IP system routing information to other devices on the network. You can redistribute both local destination addresses and next-hop addresses.

Figure C.4 shows a sample entry in the OSPF section of the ZebOS.conf file. This entry causes the NSM daemon to redistribute the route that was previously advertised in Figure C.3 .

Figure C.4 Sample ZebOS.conf entry for redistributing advertised routes
router ospf
   network 10.10.10.1/24 area 0
   redistribute kernel

When adding this entry into the ZebOS.conf configuration file, you can optionally specify a route-map reference that specifies the route map to use for filtering routes prior to redistribution. Figure C.5 shows a sample entry in the ZebOS.conf file for route filtering.

Figure C.5 Sample ZebOS.conf entry for filtering advertised routes
redistributed connected route-map external-out out

 

When configuring an advanced routing module on the two units of an active/standby system, you should always configure the ZebOS.conf file to advertise the shared, floating IP address, using the route-map feature of an advanced routing module. This ensures that:

  • The two units advertise identical routes to neighbors.
  • Each unit can respond to ARP requests so that devices can redirect traffic to the peer unit when failover occurs.

The following sections contain configuration information that is specific to each of the advanced routing modules (BGP, RIP, and OSPF). Note that each section shows a line in the sample ZebOS.conf file that advertises the shared, floating IP address of a redundant system as the next-hop address.

Configuring the BGP advanced routing module

A good way to understand the configuration of the ZebOS.conf file for implementing the BGP module is to examine some sample file entries. Figure C.7 shows an example of the BGP section of the ZebOS.conf file, configured on one unit of an active/standby system.
The ZebOS.conf file on the peer unit is identical, except for the router ID.

This example is based on these assumptions:

  • The unit with this ZebOS.conf file has a self IP address of 192.168.151.1.
  • The peer unit (not shown) has a self IP address of 192.168.151.2.
  • The floating self IP address that is shared between the two units is 192.168.151.3.

Note that the line numbers shown in the example are not part of the actual ZebOS.conf file, but are included in the figure to identify each line for the explanation that follows.

 

1  interface external
2  !
3  interface internal
4  !
5  interface lo0
6  !
7  interface admin
8  !
9  router bgp 1000
10 bgp router-id 192.168.151.1
11 neighbor ext-routers peer-group
12 neighbor ext-routers remote-as 66
13 neighbor ext-routers route-map external-out out
14 neighbor 192.168.151.253 peer-group ext-routers
15 neighbor 192.168.151.254 peer-group ext-routers
16 !
17 route-map external-out permit 10
18   set ip next-hop 192.168.151.3

 

Figure C.6 Configuration of the BGP module on an active/standby system

The explanation of each line in the figure is as follows:

  • Line 9: Creates a single BGP instance with the local autonomous system number (ASN) 1000.
  • Line 10: Identifies the BGP router ID for this unit as IP address 192.168.151.1.
  • Line 11: Configures a peer group named next-routers
  • Line 12: Configures an ASN of 66 for the remote peers in the peer group ext-routers.
  • Line 13: Using the route map external-out, filters all routes advertised to the peers in the peer group ext-routers.
  • Line 14: Assigns the external router 192.168.151.253 to the peer group ext-routers.
  • Line 15: Assigns the external router 192.168.151.254 to the peer group ext-routers.
  • Line 17: Creates the route map external-out
  • Line 18: Configures the route map external-out to set the next-hop address of all routes to be the external floating self IP address of the redundant pair (IP address 192.168.151.3).

Editing the configuration file for the BGP module

Once you have familiarized yourself with the BGP section of the ZebOS.conf file, you can customize the file. To simplify this task, the BIG-IP system includes the vtysh command. This command starts the VTY command line shell.

Tip


Always use the vtysh utility to configure the ZebOS.conf file, instead of editing the file directly. The vtysh utility provides error-checking and command completion, two features that help to ensure correct configuration of the ZebOS.conf file.
Important

You cannot customize the ZebOS.conf file until you have used the zebos enable command. For more information, see To start an advanced routing module .

To customize the BGP configuration

  1. Start the VTY shell by typing this command at the BIG-IP system prompt:
  2. vtysh
  3. Put the shell into enable mode:
  4. enable

    The screen prompt changes to a pound sign (#), indicating that the shell is in enable mode.

  5. Enter configure mode:
  6. configure terminal
  7. Type the following command, where <as> is the autonomous system number for the unit you are configuring:
  8. router bgp <as>
  9. Using the following command, define the neighbor in the configuration, where <ip> is the IP address of the neighbor, and <remote-as> is the neighbor's autonomous system number:
  10. neighbor <ip> remote-as <remote-as>
  11. Use other vtysh commands to complete the BGP configuration. For detailed syntax information, see the VTY Shell Command Reference guide, available on http://tech.f5.com.
  12. Exit the VTY shell, by typing end and then quit.

After editing the ZebOS.conf file, you must restart the BGP module. For more information, see Loading advanced routing module configuration data .

Additional information for configuring the BGP module

For more information about configuring specific BGP functionality, refer to the following information included in the ZebOS® Advanced Routing Suite Configuration Guide:

  • Enabling BGP (routers in the same autonomous system)
  • Enabling BGP (routers in a different autonomous system)
  • Route-Map
  • Route Reflector
  • Confederations
  • BGP authentication

Tip


The ZebOS® Advanced Routing Suite Configuration Guide is available on http://tech.f5.com.

Configuring the RIP advanced routing module

A good way to understand the configuration of the ZebOS.conf file for implementing the RIP module is to examine some sample file entries. Figure C.7 shows an example of the RIP section of the ZebOS.conf file, configured for one unit of an active/standby system. The ZebOS.conf file on the peer unit is identical, except for the router ID.

This example is based on these assumptions:

  • The unit with this ZebOS.conf file has a self IP address of 10.1.1.1.
  • The peer unit (not shown) has a self IP address of 10.1.1.2.
  • The floating self IP address that is shared between the two units is 10.1.1.3.

Note that the line numbers shown in the example are not part of the actual ZebOS.conf file, but are included in the figure to identify each line for the explanation that follows.

Figure C.7 shows a typical RIP configuration file for an active/standby configuration.

1  interface external
2  !
3  interface internal
4  !
5  interface lo0
6  !
7  interface admin
8  !
9  router rip
10   network 10.1.1.0/24
11   redistribute connected route-map internal-out out
12 !
13 route-map internal-out permit 10
14   set ip next-hop 10.1.1.3

Figure C.7 Configuration of the RIP module on an active/standby system

The explanation of each pertinent line in the figure is as follows:

  • Line 9: Creates a RIP router instance.
  • Line 10: Configures RIP routing on the internal network (10.1.1.0/24).
  • Line 1: Configures redistribution of routes to the directly-connected network to RIP, with filtering through the route map internal-out.
  • Line 13: Creates the route map internal-out.
  • Line 14: Configures the route map internal-out to set the next-hop address of all routes to be the internal floating self IP address of the redundant pair (IP address 10.1.1.3).
Important

The sample configuration in Figure C.7 works correctly when RIP is enabled on a single VLAN only. If RIP is enabled on multiple VLANs, the advertised route to each redundant-system unit is the unit's static self IP address instead of the shared, floating self IP address. This can cause routers to send packets to a unit that is in standby mode, thereby resulting in silently-dropped packets.

Editing the configuration file for the RIP module

Once you have familiarized yourself with the RIP section of the ZebOS.conf file, you can customize the file. To simplify this task, the BIG-IP system includes the vtysh command. This command starts the VTY command line shell.

Tip


Always use the vtysh utility to configure the ZebOS.conf file instead of editing the file directly. The vtysh utility provides error-checking and command completion, two features that help to ensure correct configuration of the ZebOS.conf file.
Important

You cannot customize the ZebOS.conf file until you have used the zebos enable command. For more information, see To start an advanced routing module .

To customize the RIP configuration

  1. Start the VTY shell by typing this command at the BIG-IP system prompt:
  2. vtysh
  3. Put the shell into enable mode:
  4. enable

    Note: The screen prompt changes to a pound sign (#), indicating that the shell is in enable mode.

  5. Type this command:
  6. configure terminal
  7. Type the following command to define the RIP process and enter router mode:
  8. router rip
  9. Associate the RIP process with each network, using the network command, where <ip/24> represents a network:
  10. network <ip/24>
  11. Use other vtysh commands to complete the RIP configuration. For detailed syntax information, see the VTY Shell Command Reference guide, available on http://tech.f5.com.
  12. Exit the VTY shell, by typing end and then quit.

Additional information for configuring the RIP module

For more information about configuring specific RIP functionality, refer to the following information in the ZebOS® Advanced Routing Suite Configuration Guide:

  • Enabling RIP
  • Specifying the RIP version
  • RIPv2 authentication (single key)
  • RIPv2 text authentication (multiple keys)
  • RIPv2 md5 authentication (multiple keys)

Tip


The ZebOS® Advanced Routing Suite Configuration Guide is available on http://tech.f5.com.

Configuring the OSPF advanced routing module

A good way to understand the configuration of the ZebOS.conf file for implementing the OSPF module is to examine some sample file entries. Figure C.8 shows an example of the OSPF portion of the ZebOS.conf file.

Figure C.8 Sample OSPF configuration in the ZebOS.conf file
log file /var/log/zebos/zebos.log
!
interface external
 ip ospf priority 0
!
interface internal
!
interface lo0
!
interface admin
!
router ospf
 ospf router-id 10.1.16.1
 redistribute connected
 network 10.1.16.0/24 area 0

 

Important

Dynamic routing using the OSPF advanced routing module is not supported on redundant-system configurations. To implement dynamic routing on a redundant system, for an internal network, use the RIP module instead.

Editing the configuration file for OSPF

Once you have familiarized yourself with the OSPF section of the ZebOS.conf file, you can customize the file. To simplify this task, the BIG-IP system includes the vtysh command. This command starts the VTY command line shell.

Tip


Always use the vtysh utility to configure the ZebOS.conf file instead of editing the file directly. The vtysh utility provides error-checking and command completion, two features that help to ensure correct configuration of the ZebOS.conf file.
Important

You cannot customize the ZebOS.conf file until you have used the zebos enable command. For more information, see To start an advanced routing module .

To customize the OSPF configuration

  1. Start vtysh by typing this command at the BIG-IP system prompt:
  2. vtysh
  3. Put the shell into enable mode:
  4. enable

    Note: The screen prompt changes to a pound sign (#), indicating that the shell is in enable mode.

  5. Type this command:
  6. configure terminal
  7. Switch to interface mode by specifying the interface you want to configure, where <if> is the interface name:
  8. interface <if>
  9. Type exit to exit interface mode and return to configure mode.
  10. Use the following command to configure the routing process and define the process ID, where <pid> is the process ID. The process ID must be a unique, positive integer identifying the routing process:
  11. router ospf <pid>
  12. Use the network command to define the network on the interface on which OSPF runs and the area ID of the interface. In this case <aid> is the area ID, and <ip/24> is the network:
  13. network <ip/24> area <aid>
  14. Use other vtysh commands to complete the OSPF configuration. For detailed syntax information, see the VTY Shell Command Reference guide, available on http://tech.f5.com.
  15. Exit the VTY shell by typing end and then quit.

Additional information for configuring the OSPF module

For more information about configuring specific OSPF functionality, see the following information in the ZebOS® Advanced Routing Suite Configuration Guide, version 5.4:

  • Enabling OSPF on an interface
  • Setting priority
  • Configuring an Area Border Router
  • Redistributing routes into OSPF
  • OSPF cost
  • Configuring virtual links
  • OSPF authentication

Tip


The ZebOS® Advanced Routing Suite Configuration Guide is available on http://tech.f5.com.

Excluding the ZebOS.conf file from ConfigSync

If you have a redundant system, you must configure the BigDB.dat file to exclude the ZebOS.conf file from configuration synchronization. You configure the BigDB.dat file by using the bigpipe db command.

The reason for excluding the ZebOS.conf file from configuration synchronization is that each ZebOS.conf file on a router (such as the BIG-IP system) needs to retain unique information for that router, such as the router ID.

For background information on configuration synchronization, see Chapter 14, Setting up a Redundant System .

To exclude a file from configuration synchronization

You can exclude files from configuration synchronization by using the bigpipe db command, specifying the configuration key Configsync.Excludes and the name of the file to be excluded. For example:

bigpipe db Configsync.Excludes zebos.conf

Loading advanced routing module configuration data

After you enable a routing module and edit the relevant section of the configuration file, you must load the new configuration. You do this by restarting the routing module. To restart the routing module, type the following command:

zebos restart

Additional advanced routing module commands

Once you have created a /config/ZebOS.conf file for the advanced routing modules you want to use, you can use the bigstart utility as follows.

To restart an enabled routing module

An advanced routing module can be enabled but not started. To start any routing module that is enabled but not started, use the following command. If a routing module is already running (started) when you use the bigstart startup command, the module remains running and does not restart.

bigstart startup zebosd

To stop a routing module

You can use the following command to gracefully stop all running ZebOS routing modules:

bigstart shutdown zebosd

To view a list of routing modules that are currently running

To display a list of currently running ZebOS routing modules, type the following command:

bigstart status zebosd




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)