The following commands configure the BGP profile. The BGP profile is included under NSX Advanced Load Balancer’s virtual routing and forwarding (VRF) settings.

BGP configuration is tenant-specific and the profile. Accordingly, sub-options appear in a suitable tenant vrfcontext.

: > configure vrfcontext management
Multiple objects found for this query.
        [0]: vrfcontext-52d6cf4f-55fa-4f32-b774-9ed53f736902#management in tenant admin, Cloud AWS-Cloud
        [1]: vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333#management in tenant admin, Cloud Default-Cloud
Select one: 1
Updating an existing object. Currently, the object is:
+----------------+-------------------------------------------------+
| Field          | Value                                           |
+----------------+-------------------------------------------------+
| uuid           | vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333 |
| name           | management                                      |
| system_default | True                                            |
| tenant_ref     | admin                                           |
| cloud_ref      | Default-Cloud                                   |
+----------------+-------------------------------------------------+
: vrfcontext > bgp_profile
: vrfcontext:bgp_profile > local_as 100
: vrfcontext:bgp_profile > ibgp
: vrfcontext:bgp_profile > peers peer_ip 10.115.0.1 subnet 10.115.0.0/16 md5_secret abcd
: vrfcontext:bgp_profile:peers > save
: vrfcontext:bgp_profile > save
: vrfcontext > save
: >

This profile enables iBGP with peer BGP router 10.115.0.1/16 in local AS 100. The BGP connection is secured using MD5 with shared secret “abcd.”

The following commands enable RHI for a virtual service (vs-1):

: > configure virtualservice vs-1
: virtualservice > enable_rhi
: virtualservice > save
: >

The following commands enable RHI for a source-NAT’ed floating IP address for a virtual service (vs-1):

: > configure virtualservice vs-1
: virtualservice > enable_rhi_snat
: virtualservice > save
: >

The following command can be used to view the virtual service’s configuration:

: > show virtualservice

Two configuration knobs have been added to configure the per-peer “advertisement-interval” and “connect” timer in Quagga BGP:

advertisement_interval: Minimum time between advertisement runs, default = 5 seconds connect_timer: Time due for connect timer, default = 10 seconds

Usage is illustrated in this CLI sequence:

[admin:controller]:> configure vrfcontext management
Multiple objects found for this query.
	[0]: vrfcontext-52d6cf4f-55fa-4f32-b774-9ed53f736902#management in tenant admin, Cloud AWS-Cloud
	[1]: vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333#management in tenant admin, Cloud Default-Cloud
Select one: 1
Updating an existing object. Currently, the object is:
+----------------+-------------------------------------------------+
| Field          | Value                                           |
+----------------+-------------------------------------------------+
| uuid           | vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333 |
| name           | management                                      |
| system_default | True                                            |
| tenant_ref     | admin                                           |
| cloud_ref      | Default-Cloud                                   |
+----------------+-------------------------------------------------+
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> peers
New object being created
[admin:controller]: vrfcontext:bgp_profile:peers> advertisement_interval 10
Overwriting the previously entered value for advertisement_interval
[admin:controller]: vrfcontext:bgp_profile:peers> connect_timer 20
Overwriting the previously entered value for connect_timer
[admin:controller]: vrfcontext:bgp_profile:peers> save
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save

Configuration knobs have been added to configure the keepalive interval and hold timer on a global and per-peer basis:

[admin:controller]: > configure vrfcontext global
[admin: controller]: vrfcontext> bgp_profile

Overwriting the previously entered value for keepalive_interval:

[admin: controller]: vrfcontext:bgp_profile> keepalive_interval 30

Overwriting the previously entered value for hold_time:

[admin: controller]: vrfcontext:bgp_profile> hold_time 90
[admin: controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
[admin:controller]:>

The above commands configure the keepalive/hold timers on a global basis, but those values can be overridden for a given peer using the following per-peer commands. Both the global and per-peer knobs have default values of 60 seconds for the keepalive timer and 180 seconds for the hold timer.

[admin:controller]: > configure vrfcontext global
[admin: controller]: vrfcontext> bgp_profile
[admin: controller]: vrfcontext:bgp_profile> peers index 1

Overwriting the previously entered value for keepalive_interval:

[admin: controller]: vrfcontext:bgp_profile:peers> keepalive_interval 10

Overwriting the previously entered value for hold_time:

[admin: controller]: vrfcontext:bgp_profile:peers> hold_time 30
[admin:controller]: vrfcontext:bgp_profile:peers> save
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save

Example

The following is an example of router configuration when the BGP peer is FRR:

You need to find the interface information of the SE, which is peering with the router.

[admin-ctlr1]: > show serviceengine 10.79.170.52 interface summary | grep ip_addr
|     ip_addr          | fe80:1::250:56ff:fe91:1bed   |
|     ip_addr          | 10.64.59.48                  |
|     ip_addr          | fe80:2::250:56ff:fe91:b2     |
|     ip_addr          | 10.115.10.45                 | 

Here 10.115.10.45 matches the subnet in the peer configuration in vrfcontext->bgp_profile object.

In the FRR router, the CLI is as follows:

# vtysh
Hello, this is FRRouting (version 7.2.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

frr1# configure t
frr1(config)# router bgp 100
frr1(config-router)# neighbor 10.115.10.45 remote-as 100
frr1(config-router)# neighbor 10.115.10.45 password abcd
frr1(config-router)# end
frr1#

You need to perform this for all the SEs that will be peering.

‘show serviceengine < > route’ Filter

The following is the CLI command to use show serviceengine <SE_ip> route:

[admin:controller]: > show serviceengine 10.19.100.1 route filter
configured_routes   Show routes configured using controller
dynamic_routes      Show routes learned through routing protocols
host_routes         Show routes learned from host
vrf_ref             Only this Vrf
Note:

If no VRF is provided in the filters, the command output can show routes from global vrf which is present in the system, by default.

Enable Gratuitous ARP

You can enable gratuitous ARP for the virtual service allocated through BGP. This feature is enabled at the Service Engine group level as shown:

[admin:controller]: > configure serviceenginegroup se_group_test
[admin:controller]: serviceenginegroup> enable_gratarp_permanent

With NSX Advanced Load Balancer release 20.1.1, the BFD parameters are user-configurable using the CLI. For more information, see Configuring High Frequency BFD.