The BGP profile is included under NSX Advanced Load Balancer’s virtual routing and forwarding (VRF) settings.
BGP configuration is tenant-specific and the profile. Accordingly, sub-options appear in a suitable tenant vrfcontext. The following commands configure the BGP profile.
[admin:controller]: > configure vrfcontext vrf1 [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> local_as 100 [admin:controller]: vrfcontext:bgp_profile> no ibgp [admin:controller]: vrfcontext:bgp_profile> peers New object being created [admin:controller]: vrfcontext:bgp_profile:peers> remote_as 700 [admin:controller]: vrfcontext:bgp_profile:peers> peer_ip 100.66.0.3 [admin:controller]: vrfcontext:bgp_profile:peers> subnet 100.66.0.0/24 [admin:controller]: vrfcontext:bgp_profile:peers> peer_ip6 fd00::250:56ff:feba:ec8e [admin:controller]: vrfcontext:bgp_profile:peers> subnet6 fd00::/64 [admin:controller]: vrfcontext:bgp_profile:peers> md5_secret avi123 [admin:controller]: vrfcontext:bgp_profile:peers> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-0a66af1b-00fb-4d2f-bfe1-c169e420db0f | | name | vrf1 | | bgp_profile | | | local_as | 100 | | ibgp | False | | peers[1] | | | remote_as | 700 | | peer_ip | 100.66.0.3 | | subnet | 100.66.0.0/24 | | md5_secret | <sensitive> | | bfd | True | | advertise_vip | True | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | ebgp_multihop | 0 | | peer_ip6 | fd00::250:56ff:feba:ec8e | | subnet6 | fd00::/64 | | shutdown | False | | keepalive_interval | 60 | | hold_time | 180 | | send_community | True | | shutdown | False | | system_default | True | | lldp_enable | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+ [admin:controller]: >
This profile enables iBGP with peer BGP router 10.115.0.1/16 in local AS 100. The BGP connection is secured using MD5 with shared secret “abcd.”
The following commands enable RHI for a virtual service (vs-1):
: > configure virtualservice vs-1 : virtualservice > enable_rhi : virtualservice > save : >
The following commands enable RHI for a source-NAT’ed floating IP address for a virtual service (vs-1):
: > configure virtualservice vs-1 : virtualservice > enable_rhi_snat : virtualservice > save : >
Ensure that the options Scale out ECMP and RHI are not enabled for a virtual service at the sametime.
In case of misconfiguration, on upgrading to version 22.1.4 or higher, the virtual service goes into an error state and display the following message:
We have encountered a problem during your request: Scale out ECMP and RHI cannot be enabled at the same time.
To fix this, run the script provided below:
import sys, os, django
import argparse
sys.path.append('/opt/avi/python/bin/portal')
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'portal.settings_local')
django.setup()
from avi.rest.pb2model import protobuf2model
from avi.infrastructure.db_transaction import db_transaction
from api.models import VirtualService
@db_transaction
def fix_virtualservice_ecmp_rhi():
virtualservices = VirtualService.objects.all()
for vs in virtualservices:
vs_protobuf = vs.protobuf()
print("Processing VirtualService: %s ", vs_protobuf.name)
if vs_protobuf.scaleout_ecmp and vs_protobuf.enable_rhi:
print("Found vs: " + vs_protobuf.name + " with both ecmp and rhi set")
vs_protobuf.enable_rhi = False
protobuf2model(vs_protobuf, None, True, run_default_function=False)
if __name__ == '__main__':
fix_virtualservice_ecmp_rhi()
This deactivates the option enable_rhi. In case you want to use RHI, toggle off the option Scale out ECMP in theStep 4: Advanced tab of the virtual services screen.
The following command can be used to view the virtual service’s configuration:
: > show virtualservice
Two configuration knobs have been added to configure the per-peer, namely, advertisement-interval and connect_timer in Quagga BGP:
-
advertisement_interval: -
Minimum time between advertisement runs. The default value is 5 seconds.
-
connect_timer: -
Time due for connect timer. The default value is 10 seconds.
Usage is illustrated in this CLI sequence:
[admin:controller]:> configure vrfcontext management Multiple objects found for this query. [0]: vrfcontext-52d6cf4f-55fa-4f32-b774-9ed53f736902#management in tenant admin, Cloud AWS-Cloud [1]: vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333#management in tenant admin, Cloud Default-Cloud Select one: 1 Updating an existing object. Currently, the object is: +----------------+-------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------+ | uuid | vrfcontext-9ff610a4-98fa-4798-8ad9-498174fef333 | | name | management | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------+-------------------------------------------------+ [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> peers New object being created [admin:controller]: vrfcontext:bgp_profile:peers> advertisement_interval 10 Overwriting the previously entered value for advertisement_interval [admin:controller]: vrfcontext:bgp_profile:peers> connect_timer 20 Overwriting the previously entered value for connect_timer [admin:controller]: vrfcontext:bgp_profile:peers> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save
Configuration knobs have been added to configure the keepalive_interval and hold timer on a global and per-peer basis:
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile
Overwriting the previously entered value for keepalive_interval:
[admin:controller]: vrfcontext:bgp_profile> keepalive_interval 30
Overwriting the previously entered value for hold_time:
[admin:controller]: vrfcontext:bgp_profile> hold_time 90 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save [admin:controller]:>
The above commands configure the keepalive/ hold timers on a global basis, but those values can be overridden for a given peer using the following per-peer commands. Both the global and per-peer knobs have default values of 60 seconds for the keepalive timer and 180 seconds for the hold timer.
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> peers index 1
Overwriting the previously entered value for keepalive_interval:
[admin:controller]: vrfcontext:bgp_profile:peers> keepalive_interval 10
Overwriting the previously entered value for hold_time:
[admin:controller]: vrfcontext:bgp_profile:peers> hold_time 30 [admin:controller]: vrfcontext:bgp_profile:peers> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save
Example
The following is an example of router configuration when the BGP peer is FRR:
You need to find the interface information of the SE, which is peering with the router.
[admin-ctlr1]: > show serviceengine 10.79.170.52 interface summary | grep ip_addr | ip_addr | fe80:1::250:56ff:fe91:1bed | | ip_addr | 10.64.59.48 | | ip_addr | fe80:2::250:56ff:fe91:b2 | | ip_addr | 10.115.10.45 |
Here 10.115.10.45 matches the subnet in the peer configuration in vrfcontext->bgp_profileobject.
In the FRR router, the CLI is as follows:
# vtysh Hello, this is FRRouting (version 7.2.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. frr1# configure t frr1(config)# router bgp 100 frr1(config-router)# neighbor 10.115.10.45 remote-as 100 frr1(config-router)# neighbor 10.115.10.45 password abcd frr1(config-router)# end frr1#
You need to perform this for all the SEs that will be peering.
show serviceengine < > route Filter
The following is the CLI command to use show serviceengine <SE_ip> route:
[admin:controller]: > show serviceengine 10.19.100.1 route filter configured_routes Show routes configured using controller dynamic_routes Show routes learned through routing protocols host_routes Show routes learned from host vrf_ref Only this Vrf
If no VRF is provided in the filters, the command output can show routes from global vrf which is present in the system, by default.
Enable Gratuitous ARP
You can enable gratuitous ARP for the virtual service allocated through BGP. This feature is enabled at the Service Engine group level as shown:
[admin:controller]: > configure serviceenginegroup se_group_test [admin:controller]: serviceenginegroup> enable_gratarp_permanent
The BFD parameters are user-configurable using the CLI. For more information, see High Frequency BFD.
