Applies To:

Show Versions Show Versions

Manual Chapter: Configuring Routes and Route Domains
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

10 
The BIG-IP® system must communicate with other routers, servers, and firewalls in a networked environment. Before you put the BIG-IP system into production, we recommend that you carefully review the router and server configurations in your network. By doing so, you can properly configure routing on the BIG-IP system, and you can adjust the routing configurations on other network devices to include various BIG-IP system IP addresses. Depending on how you configure routing, the BIG-IP system can forward packets to a specified network device (such as a next-hop router or a destination server), or the system can drop packets altogether.
If you want to segment application traffic on the network, you can use the route domains feature. Route domains provide the capability to segment network traffic and define separate routing paths for different network objects and applications. Using a route domain ID, you can define a distinct default route and a set of standard routes for each route domain on the BIG-IP system. For more information, see Configuring route domains.
Due to its IP routing (Layer 3) capabilities and its need to process both user application traffic (for load balancing and health monitoring) and administrative traffic, the BIG-IP system contains two routing tables:
Linux kernel routing table
This table stores and retrieves information about management routes. Management routes are routes that the BIG-IP system uses to forward traffic through the special management (MGMT) interface.
TMM routing tables
This table stores and retrieves IP routing information about TMM switch routes. TMM switch routes are routes that the BIG-IP system uses to forward traffic through the TMM switch interfaces instead of through the management interface.
The remainder of this chapter describes how to work with both of these tables. Specifically, the chapter describes how to:
The purpose of the TMM routing table is to store essential routing information for traffic passing through the TMM system. The BIG-IP system creates a routing table automatically when you configure its local interfaces. Once the routing table is created, there are two ways to maintain it:
You can use one or more dynamic routing protocols to automatically update the routing table on a regular basis. These entries are known as dynamic route entries.
Typically, a routing table on the BIG-IP system contains a combination of static and dynamic entries. The remainder of this chapter describes how to add and maintain static entries. For information on configuring dynamic routing, see Chapter 11, Configuring Advanced Routing Modules.
You can use the Configuration utility to add static routes to the TMM routing table. When you add an entry to the routing table, you specify a destination host or network, and a gateway through which traffic for that destination should pass to reach the destination address. You can also add an entry for a default route.
On a typical router, you define the gateway for each route as the address for a next-hop router. On the BIG-IP system, however, the gateway that you specify can be any of four different resource types: A next-hop router address, the name of a pool of routers, a VLAN name, or an instruction to reject the packet.
A next-hop router address
A next-hop router address is also known as a gateway address. A gateway address specifies a particular router that the BIG-IP system should use when forwarding packets to the destination host or network.
A name of a pool of routers
Rather than specifying a specific next-hop router, you can specify a pool of routers. Specifying a pool of routers as the resource type is most likely to be useful for outgoing traffic, when you want to load balance server responses across routers. Just as with a load balancing pool, the BIG-IP system uses the Round Robin load balancing method by default.
A VLAN name
Specifying a VLAN name indicates that the network you specify as a destination in a route entry is directly connected to the BIG-IP system. Therefore, the BIG-IP system can send an ARP request to any host in that network to obtain the MAC address of the destination host.
Reject
Setting the resource type to Reject causes the BIG-IP system to drop packets that are destined for the specified destination IP address.
Using the Configuration utility, you can easily manage the static routes defined in a BIG-IP systems TMM routing table. Specifically, you can:
Note: Only users with either the Administrator or Resource Administrator user role can create and manage routing entries on the BIG-IP system.
Using the Configuration utility, you can view the list of static entries that you have added to the routing table. Figure 10.1 shows an example of a list containing both default and standard route entries:
The first entry shows the default route for route domain 0 (the default route domain). This route uses a pool of routers as the resource.
The fourth entry shows a standard route in route domain 0 to a destination host, where the route uses a VLAN as the resource.
Note: If you are using the route domains feature, you have additional considerations when viewing a list of routes. For more information, see Configuring route domains.
The destination IP address
For the destination address, you can see either a default entry, a host destination, or a network address.
The netmask
This is the netmask of the destination address. No netmask appears for the default route.
The resource type
The resource type appears as either Gateway, Pool, VLAN, or Reject.
The resource name
The resource name is either a next-hop-router (gateway) address, a pool name, or a VLAN name.
On the Main tab of the navigation pane, expand Network and click Routes. The Configuration utility displays the list of static entries.
Note: You can also view a list of static route entries using either the bigpipe utility or tmsh. For more information, see the Bigpipe Utility Reference Guide or the Traffic Management Shell (tmsh) Reference Guide.
You use the Configuration utility to add static entries to the TMM routing table. A static entry that you add can be either the default TMM route or a non-default TMM route.
Important: We highly recommend that you define a default TMM route. Otherwise, certain types of administrative traffic that would normally use a TMM switch interface might instead use the management interface.
Use the following procedure to add an entry to the TMM routing table. For more detailed information, see Table 10.1, as well as the sections that follow that table.
For information on verifying the existence of a pool, see To verify the existence of a pool of routers. Before specifying a VLAN as a gateway, verify that you have created the VLAN. For more information, see To verify the existence of a VLAN.
1.
On the Main tab of the navigation pane, expand Network, and click Routes.
The Routes screen opens.
Note: If the Add button is unavailable, you do not have permission to add a route. You must have an appropriate user role assigned to your user account.
3.
From the Type list, select Default Gateway or Route.
Note: Selecting Default Gateway disables the Destination and Netmask properties.
4.
If you selected Route in the previous step, specify two settings:
a)
In the Destination box, type a destination IP address.
b)
In the Netmask box, type the netmask for the IP address you typed in the Destination box.
5.
For the Resource property, select a resource from the list.
For detailed information on resources, see Specifying a resource.
6.
Click Finished.
Important: For more information on these settings, see Table 10.1. For information on route domains, see Configuring route domains.
Note: An alternate way to add static routes is to use either the bigpipe utility or tmsh. For more information, see the Bigpipe Utility Reference Guide or the Traffic Management Shell (tmsh) Reference Guide.
Table 10.1 lists and describes the properties that you configure when adding routing table entries. For detailed information on each property, see the sections that follow the table. For background information on static routing-table entries, see Understanding TMM routes.
Specifies the routing table entry as either a default route or a standard destination address. Possible values are Default Gateway and Route.
Route Domain ID
Specifies the ID number of the route domain to which the default route applies. This setting appears only when you select Default Gateway from the Type list.
Specifies an IP address for the Destination column of the routing table. You can configure this property only when you set the Type property to Route. When the Type property is set to Default Gateway, the destination is always shown in the routing table as 0.0.0.0.
0.0.0.0 (when Type is Default Gateway)
Specifies the netmask for a destination address. This value appears in the Genmask column of the routing table. You can configure this property only when you set the Type property to Route. When the Type property is set to Default Gateway, the netmask is always shown in the routing table as 0.0.0.0.
0.0.0.0 (when Type is Default Gateway)
Specifies the particular gateway IP address, pool, or VLAN that the BIG-IP system should use to forward a packet to the destination. Possible values are: Use Gateway, Use Pool, Use VLAN, or Reject.
Note that you typically select Use VLAN for non-default routes only.
Important: The information in the section Configuring TMM routes pertains to route domain 0, the default route domain. For information on defining a route for a non-default route domain, see Configuring route domains.
You use the Type property to specify the type of static route that you want to define in the routing table. A static route that you add to the TMM routing table can be either of two types: a non-default route or a default route. On the screen for creating a static route entry, a non-default route is simply called a route. A default entry is called a default gateway.
You add a route when you want to provide a route that either corresponds directly to the destination IP address of a packet, or specifies the network portion of the destination IP address of a packet.
You add a default gateway when you want to provide the route that the BIG-IP system should use for forwarding packets when no other entry in the routing table matches the destination IP address of the packet. You can define one default gateway for each route domain on the BIG-IP system. (For information on route domains, see Configuring route domains.
Important: The information in section Configuring TMM routes pertains to the default route for the TMM routing table only, and not for the default management route. For information on configuring the default management route, see Routing traffic through the management interface, and Chapter 2, Configuring the BIG-IP Platform and General Properties.
When you want to define a non-default route, you use the Destination property. If you are defining a default route, this property is unavailable.
Using the Destination property, you can specify either an individual destination IP address, to match the destination IP address of a packet, or the network portion of a destination IP address of a packet.
For example, if you want the BIG-IP system to be able to forward packets destined for IP address 192.0.2.225, you could specify one of the following addresses:
192.0.2.225
In this case, the BIG-IP system forwards any packet with the exact destination IP address of 192.0.2.225 to the gateway that you define in that routing table entry.
192.0.2.0
In this case, the BIG-IP system forwards to the gateway any packets with a destination IP address that includes the network ID 192.0.2.
You use the Netmask property when you want to define a non-default route. If you are defining a default route, this property is unavailable.
Using the Netmask property, you specify the netmask for the destination IP address that you defined with the Destination property. The purpose of the netmask is to indicate whether the IP address defined in the Destination property is a host address or a network address.
Any entry that you add to the TMM routing table includes either a next-hop router, a pool of routers, or a VLAN as the gateway, or resource, through which to send traffic. To specify a resource in a routing table entry, you use the Resource property. You can also instruct the BIG-IP system to reject packets for the specified destination IP address.
A common scenario when adding a route is to define the gateway as a pool of routers instead of a single next-hop router. For example, you can create a pool named router_pool, and specify the pool as the gateway for the default route. You can see this route in the first entry of Figure 10.1.
Before you specify a pool of routers as a gateway in the routing table, however, you must create the pool, using the same Configuration utility screens that you use for creating a pool of load balancing servers.
For more information on creating a pool, see the Configuration Guide for BIG-IP® Local Traffic Management. For background information on using a pool of routers as a gateway, see Understanding TMM routes.
On the Main tab of the navigation pane, expand Local Traffic, and click Pools. This displays the list of existing pools on the BIG-IP system. This list includes any load balancing pools and router pools that you have created.
Note: You can also retrieve this information using the command bigpipe pool. For more information, see the BIG-IP® bigpipe Reference Guide.
If you know that a server in a load balancing pool is on the same internal network as the BIG-IP systems next-hop router, you can add an entry that defines the servers IP address as the destination, and the next-hop router address as the gateway.
The gateway address in a routing entry can also be a VLAN name. You can select a VLAN name as a resource when the destination address you specify in the routing entry is a network address. Using a VLAN name as a resource implies that the specified network is directly connected to the BIG-IP system. In this case, the BIG-IP system can find the destination host simply by sending an ARP request to the hosts in the specified VLAN, thereby obtaining the destination hosts MAC address. Then, the BIG-IP system simply checks the VLANs Layer 2 forwarding table to determine the correct interface through which to forward the packet.
On the Main tab of the navigation pane, expand Network, and click VLANs. This displays the list of existing VLANs on the BIG-IP system.
Sometimes, you might want the BIG-IP system to drop any packets destined for the IP address specified as the destination in a routing entry. In this case, you simply select Reject as the value for the Resource setting when creating a route entry.
For a static entry in the routing table, you can modify the resource that you specified when you added the entry. You cannot modify the entry type (Default Gateway or Route), the destination address, or the netmask.
For information on verifying the existence of a pool, see To verify the existence of a pool of routers. Before specifying a VLAN as a gateway, verify that you have created the VLAN. For more information, see To verify the existence of a VLAN.
1.
On the Main tab of the navigation pane, expand Network, and click Routes.
This displays the list of static routes.
3.
For the Resource property, select a resource from the list.
For detailed information on resources, see Specifying a resource.
4.
Click Update.
Deleting entries from the routing table is necessary when the routers or destination hosts on your network change for any reason. For example, you might remove a specific host or router from the network, thereby invalidating a destination or gateway address in the routing table. You can easily delete static entries using the Configuration utility.
1.
On the Main tab of the navigation pane, expand Network and click Routes.
A list of the static entries in the routing table appears.
3.
Click Delete.
A confirmation message appears.
4.
Click Delete.
The BIG-IP system supports the ability to configure multiple route domains. A route domain is a BIG-IP system object that represents a particular network configuration. After creating a route domain, you can associate various BIG-IP system objects with the domain: unique VLANs, routing table entries such as a default gateway and static routes, self IP addresses, virtual servers, and pool members.
Route domains provide the capability to segment network traffic, and define separate routing paths for different network objects and applications. Because route domains segment the network traffic, they also provide the capability to have separate IP networks on the same unit, where each route domain uses the same IPv4 address space. Using routing domains, you can assign the same IP address or subnet to more than one device on a network, as long as each instance of the IP address resides in a separate routing domain.
As an option, you can configure the routing topology hierarchically so that routing table entries and route lookups can be nested. This provides flexible routing options on the BIG-IP system.
Note: If you are using Global Traffic Manager, you should be aware of the way that Global Traffic Manager interoperates with route domains. For more information, see Global Traffic Manager considerations.
Note: If you are using dynamic routing, you should be aware of the way that the advanced routing modules interoperate with route domains. For more information, see Advanced routing module considerations, and Chapter 11, Configuring Advanced Routing Modules.
The remainder of the section Configuring route domains describes how to create a route domain object and add static routes for the route domain. For a more comprehensive procedure that describes how to create all of the objects required for route domain implementation, see the guide titled BIG-IP® Local Traffic Manager: Implementations.
Each route domain has a unique integer ID. The address format required for a route domain is A.B.C.D%ID, where ID is the ID of the route domain in which any IP address in the route domain resides. The BIG-IP system includes a default route domain with an ID of 0.
When using the Configuration utility to add a route to a route domain, there are two cases in which you do not need to specify a route domain ID as part of an IP address:
When the IP address pertains to the default route domain.
For example, if you define a standard route in route domain 0 with the destination address 10.10.10.2, you do not need to append the notation %0 to the address.
When defining a default route for a route domain.
For example, if you want to define a default route for route domain 3, you do not need to append the notation %3 to the destination address of 0.0.0.0. You simply specify the route domain ID on the Add Route screen when you add the route. For the procedure on adding a route using the Configuration utility, see To add a standard route for a non-default route domain.
When you create and use a route domain other than the default route domain, the routes that appear in the routing table show the pertinent route domain ID in each IP address.
Note that a route can cross route domains; that is, a gateway address can reside in a different route domain from the destination IP address.
When you create a route domain, you can assign a parent ID to the route domain, using the Parent ID setting within the Configuration utility. The parent ID identifies another existing route domain on the system. Assigning a parent ID to a route domain is optional.
During a route table lookup, if the system cannot find a route in the current route domain, and the route domain has a parent ID assigned to it, the system then searches the routes in the parent route domain. If no route is found in the parent route domain, the system searches the parent route domains parent, and so on, until the system finds either a match or a parent ID with a value of None.
For example, suppose you create route domain 1 with a parent ID of O (the default route domain), and you include VLAN A in the route domain. If traffic needs to egress the BIG-IP system on route domain 1, the system looks within route domain 1 for a route for the specified destination. If no route is found, the system searches the routes in the specified parent route domain (in this case, route domain 0).
You can set the parent ID to the ID of any route domain that exists on the BIG-IP system, or you can specify the default Parent ID value, which is None. Continuing with our example, if you set the parent ID to None and the system looks within route domain 1 and cannot find a matching route, the system refrains from searching any other route domain (including route domain 0) to find a match. Setting the parent ID to None thus prevents the system from mistakenly using a route from another route domain.
A route can cross route domains. That is, when you add a static route to the TMM routing table, the static route entry can include different route domains. For example, you can add a route to the routing table where the destination is 10.0.0.0%20/8 (route domain 20) and the gateway is 172.27.84.29%32 (route domain 32).
A common configuration in which a route might cross route domains is when a Global Traffic Manager device sends traffic to a Local Traffic Manager device, and then the Local Traffic Manager device load balances the traffic. In this case, the external VLAN that receives the Global Traffic Manager traffic is assigned to the default route domain (a requirement for this configuration). Then, the internal VLANs on the Local Traffic Manager device are assigned to two non-default route domains (for example, route domains 1 and 2), to allow the use of duplicate IP addresses for servers in the load balancing pools.
The result is that a specific connection crosses either route domains 0 and 1, or route domains 0 and 2, depending on the location of the server to which the traffic is sent for processing.
To create a route domain, you must configure some settings. Table 10.2 lists and describes these settings. Following the table is the procedure for creating a route domain using the Configuration utility.
Important: For an example of a complete implementation of route domains, including the configuration of VLANs, self IP addresses, pool members, and virtual servers for each route domain, see the guide titled BIG-IP® Local Traffic Manager: Implementations.
Specifies the name of an existing route domain that you want the system to use to search for a route that matches the packets destination. The system searches the parent route domain when a search of the current route domain reveals no match.
1.
On the Main tab of the navigation pane, expand Network, and click Routes Domains.
Note: If the Create button is unavailable, you do not have permission to create a route domain.
3.
In the ID box, type an integer other than 0 for the route domain ID.
4.
In the Description box, type a brief description of the route domain.
5.
From the Parent ID list, specify a value. You must either:
Select an existing route domain.
Choose this option if you want the system to recursively search ancestor route domains to find a destination IP address.
6.
For the VLANs setting, in the Available box, select a VLAN to include in the route domain, and using the Move button (<<), move the VLAN to the Members box. Repeat this step for additional VLANs.
7.
Click Finished.
If you have created one or more route domains, you can define a default route for each route domain on the BIG-IP system. This results in multiple default routes being defined on the system. If you do not explicitly create any route domains, the default route that you define applies to route domain 0, the default route domain.
When adding a default route to a non-default route domain, you do not need to include the %<ID> notation as part of the destination IP address.
1.
On the Main tab of the navigation pane, expand Network, and click Routes.
The Routes screen opens.
Note: If the Add button is unavailable, you do not have permission to add a route. You must have an appropriate user role assigned to your user account.
3.
From the Type list, select Default Gateway.
4.
From the Route Domain ID list, select the ID of the relevant route domain.
5.
From the Resource list, select a resource:
If you select Use Gateway, type a gateway IP address, such as 10.10.10.1.
If you select Use Pool, select a pool name from the Pool list.
If you select Use VLAN, select a VLAN name from the VLAN list.
6.
Click Finished.
Figure 10.2 shows an example of using the Configuration utility to specify a default route for route domain 2.
If you have created one or more route domains, you can define standard (that is, non-default) routes for each route domain on the BIG-IP system. If you do not explicitly create any route domains, any standard route that you define pertains to route domain 0, the default route domain.
To add a standard route for a route domain other than 0, you must specify the relevant route domain ID in the destination address, using the %<ID> notation.
1.
On the Main tab of the navigation pane, expand Network, and click Routes.
The Routes screen opens.
Note: If the Add button is unavailable, you do not have permission to add a route. You must have an appropriate user role assigned to your user account.
3.
From the Type list, select Route.
4.
In the Destination box, type an IP address, including the %<ID> notation.
An example of a destination address for a route in route domain 2 is 10.10.10.12%2.
5.
In the Netmask box, type a network mask for the destination address.
6.
From the Resource list, select a resource:
If you select Use Gateway, type a gateway IP address, such as 10.10.10.1.
If you select Use Pool, select a pool name from the Pool list.
If you select Use VLAN, select a VLAN name from the VLAN list.
7.
Click Finished.
Figure 10.2 shows an example of using the Configuration utility to specify a standard route for route domain 2.
Continuing with our example, if you defined default routes for route domains 0 and 1, the resulting list of default and standard routes might appear as in the list shown in Figure 10.4. Note that route domain ID Default signifies route domain 0, which is the default route domain.
Like other network-related objects (self IP addresses, VLANs, and so on), route domains do not reside in administrative partitions.
Due to the previous statement, you can create a route domain only if you have the Administrator or Resource Administrator user role assigned to your account.
Routes can cross route domains. Thus, when you add a static route to the TMM routing table, the static route entry can include different route domains. For example, you can add a route to the routing table where the destination is 10.0.0.0%20/8 (route domain 20) and the gateway is 172.27.84.29%32 (route domain 32). A common configuration in which routes can cross route domains is when a Global Traffic Manager device is sending traffic to a Local Traffic Manager device and then load balancing the traffic. In this case, the external VLAN accepting the Global Traffic Manager traffic is in the default route domain (0), and then the traffic is segmented and forwarded to two other route domains, to allow duplicate IP addresses for the load balancing nodes.
If you are using either a Global Traffic Manager device on the network or the Global Traffic Manager product module on the BIG-IP system, you should not use route domains for gtmd- or big3d-related traffic. That is, when creating a route domain object and assigning one or more VLANs to that object, you should not assign any VLAN that processes traffic to or from the gtmd or big3d daemons.
An exception to this is the default route domain (route domain 0). Any VLAN assigned to route domain 0 successfully interoperates with Global Traffic Manager daemons.
If you are using the ZebOS® advanced routing modules, it is important to consider the following:
Route domains and the advanced routing modules (ZebOS)
Dynamic routing is supported on interfaces in the default route domain. The advanced routing modules cannot access interfaces, self IP and virtual addresses, and static routes in non-default route domains. A static route is considered as belonging to a non-default route domain if either the destination or the nexthop gateway address belongs to a route domain other than the default route domain.
Routes learned by way of dynamic routing protocols
All routes learned by way of dynamic routing protocols are inserted into the routing table for the default route domain only.
Advertising routes, virtual addresses, and self IP addresses
With respect to advertising routes, virtual addresses, or self IP addresses to other routers, the advanced routing modules advertise only those routes or addresses that are in the default route domain. As previously stated, the advanced routing modules are not aware of routes or addresses in other route domains.
After you have configured the TMM routing table on the BIG-IP system, you might want to consider some other routing issues. For example, it is customary to ensure that the routers on the network have information about the various IP addresses for the BIG-IP system, such as virtual server addresses, self IP addresses for VLANs, and so on. Fortunately, the BIG-IP system eases this task by sending gratuitous Address Resolution Protocol (ARP) messages to other routers on the network, to notify them of BIG-IP system IP addresses. For more information on ARP and the BIG-IP system, see Chapter 12, Configuring Address Resolution Protocol.
The beginning of this chapter explained that there are two types of entries in the BIG-IP system routing table: static entries and dynamic entries. The chapter then described how to add and delete static entries. If you want the system to add entries dynamically, you can use one of the advanced routing modules. For more information, see Chapter 11, Configuring Advanced Routing Modules.
When configuring routes on a BIG-IP system, it is helpful to understand the differences between management routes and TMM routes. This is because there are certain administrative tasks, such as a system installation, that you should perform only when the TMM is not running. In those cases, the BIG-IP system uses the default management route for processing that traffic.
Appendix C, Understanding Core System Services, which suggests some of the administrative tasks that you should perform only when the TMM service is stopped.
The guide titled BIG-IP® Systems: Getting Started Guide for procedures on configuring the management interface.
Also, verify that you have defined a default TMM route in the main TMM routing table. Defining a default TMM route prevents high volumes of administrative traffic generated by the BIG-IP system from using the management interface. For more information, see Adding static entries to the TMM routing table.
Part of managing routes on a network is making sure that destination servers on the network can route responses to the BIG-IP system. To do this, you should configure the default route on each load balancing server to forward responses to the BIG-IP system.
Configuring the default route on your destination servers is a typical network configuration task. A primary reason for configuring the default route on each server to forward responses to the BIG-IP system is to avoid interruption of service if you have a redundant system configuration and an active unit becomes unavailable. In this case, you want the default route entry on the servers in your load balancing pools to specify a floating self IP address that the two units of the redundant system share. By setting the default route of your destination servers to a floating self IP address, you ensure that if one unit becomes unavailable for any reason, the other unit can still process the responses.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)