This section explains the BGP learning and advertisement support in NSX Advanced Load Balancer.
The BGP learning and advertisement supports:
Learning routes from a set of peers.
Learning default route from a set of peers.
Advertising learned routes to a set of peers.
Advertising NSX Advanced Load Balancer Service Engine as default router to a set of peers.
This feature is not supported for IPv6.
Learning and advertisement are not supported alongside Configuring BGP Graceful Restart.
Learning Backend Routes and Advertising the same to the Frontend
Learning Default Route from the Frontend and Advertising itself as Default Route to Backend
The following is the diagrammatic representation of learning default route from the frontend and advertising itself as the default route to the backend:
Key Considerations
The following are the constraints with learning and advertising NSX Advanced Load Balancer BGP:
This feature is only available using CLI.
The advertisement option is supported only when routing is enabled (Default Gateway (IP Routing on NSX Advanced Load Balancer SE) on NSX Advanced Load Balancer SE). Routing is supported only with Legacy-HA mode. Only active SE will advertise the routes.
Configurable route attributes, such as AS path prepend, IP communities, local preference, will not be applied on learned routes.
The filters to learning routes and advertising of learned routes are not allowed.
A label used in peer must be present in one routing option.
The peers are grouped to exchange routes based on the associated label.
From a peer, you can either learn routes or learn the default route, but not both.
The assumption for instance is that when you learn routes from back end peers, there will be no default route.
You will not be advertising NSX Advanced Load Balancer Service Engine as the default route to any peer belonging to a group from which you are learning the default route.
You will not be advertising the default route to any peer in the group to which you are advertising the learned routes.
The routes learned through BGP will not be used for placement decisions. The Controller will not use the routes learned by Service Engines through BGP to evaluate reachability to the pool servers.
Learning Routes
By default, the SE does not learn routes. To enable route learning in SEs, enable the learn_routes option. The learned routes are not used by the Controller to decide server reachability and pool/ VS placement.
If there is only learned routes for pool server reachability, you need to set a virtual service as ign_pool_net_reach for the VS to be placed. The virtual service will be placed even if SE does not learn any routes.
You can find out the routes learned from BGP using the CLI as follows:
[admin:ctlrA]: > show serviceengine 100.65.0.101 route filter vrf_ref global +-----------------+--------------+-----------+--------------+----------------------------+ | IP Destination | Gateway | Interface | Interface IP | Route Flags | +-----------------+--------------+-----------+--------------+----------------------------+ +-----------------+--------------+-----------+--------------+----------------------------+ VRF 1 +-----------------+--------------+-----------+--------------+----------------------------+ | 0.0.0.0/0 | 100.66.1.254 | eth4 | 100.66.1.11 | Up, Static, Gateway, GWUp | | 1.1.1.0/24 | 100.66.0.38 | eth3 | 100.66.0.22 | Up, Learned, Gateway, GWUp | | 2.2.2.0/24 | 100.66.0.1 | eth3 | 100.66.0.31 | Up, Static, Gateway, GWUp | | 100.66.0.0/24 | 0.0.0.0 | eth3 | 100.66.0.15 | Up, GWUp | | 100.66.0.200/32 | 0.0.0.0 | eth3 | 100.66.0.100 | Up, GWUp | | 100.66.0.201/32 | 0.0.0.0 | eth3 | 100.66.0.101 | Up, GWUp | | 100.66.1.0/24 | 0.0.0.0 | eth4 | 100.66.1.18 | Up, GWUp | +-----------------+--------------+-----------+--------------+----------------------------+
The above output indicates,
Route with route flag as
Learnedmeans a route learned through BGP.Static can mean a route programmed through static route configuration in VRF or through DHCP.
Rest are VIPs or interface routes.
Configuring Learning and Advertisement
The following is the sample configuration sequence with one frontend peer and one backend peer:
[admin:ctlr-bgp]: > configure vrfcontext global Updating an existing object. Currently, the object is: +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-f1d049c8-306e-45eb-8fe3-1f6abb8e19ef | | name | global | | bgp_profile | | | local_as | 66000 | | ibgp | False | | peers[1] | | | remote_as | 1 | | peer_ip | 100.64.1.64 | | subnet | 100.64.1.0/24 | | md5_secret | <sensitive> | | bfd | True | | advertise_vip | True | | advertise_snat_ip | False | | advertisement_interval | 5 | | connect_timer | 10 | | ebgp_multihop | 255 | | shutdown | False | | label | frontend | | peers[2] | | | remote_as | 65000 | | peer_ip | 100.64.2.65 | | subnet | 100.64.2.0/24 | | md5_secret | <sensitive> | | bfd | True | | advertise_vip | False | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | ebgp_multihop | 255 | | shutdown | False | | label | backend | | keepalive_interval | 60 | | hold_time | 180 | | send_community | True | | local_preference | 400 | | num_as_path_prepend | 3 | | routing_options[1] | | | label | backend | | learn_routes | True | | advertise_default_route | True | | max_learn_limit | 100 | | routing_options[2] | | | label | frontend | | learn_only_default_route | True | | learn_routes | False | | advertise_learned_route | True | | max_learn_limit | 50 | | shutdown | False | | system_default | True | | lldp_enable | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
The above example shows a configuration where the default route is learned from the frontend, advertises the default route to the backend, learns routes from the backend and advertises the learned routes to the frontend.
The following is the Service Engine route outputs to illustrate the learning and advertisement feature:
[admin:controller-bgp]: > [admin:controller-bgp]: > show serviceengine Avi-se-mrcps route +-----------------+-------------+-----------+---------------+---------------------------+ | IP Destination | Gateway | Interface | Interface IP | Route Flags | +-----------------+-------------+-----------+---------------+---------------------------+ +-----------------+-------------+-----------+---------------+---------------------------+ VRF 0 +-----------------+-------------+-----------+---------------+---------------------------+ | 4.4.4.0/24 | 100.64.1.64 | eth3 | 100.64.1.24 | Up, Learned, Gateway, GWUp| | 5.5.5.1/32 | 0.0.0.0 | eth3 | 5.5.5.1 | Up, GWUp | | 6.6.6.0/24 | 100.64.2.65 | eth2 | 100.64.2.56 | Up, Learned, Gateway, GWUp| | 7.7.7.1/32 | 0.0.0.0 | eth3 | 7.7.7.1 | Up, GWUp | | 100.64.1.0/24 | 0.0.0.0 | eth3 | 100.64.1.24 | Up, GWUp | | 100.64.1.104/32 | 0.0.0.0 | eth3 | 100.64.1.104 | Up, GWUp | | 100.64.1.105/32 | 0.0.0.0 | eth3 | 100.64.1.105 | Up, GWUp | | 100.64.1.106/32 | 0.0.0.0 | eth3 | 100.64.2.106 | Up, GWUp | | 100.64.1.108/32 | 0.0.0.0 | eth3 | 100.64.1.108 | Up, GWUp | | 100.64.2.0/24 | 0.0.0.0 | eth2 | 100.64.2.56 | Up, GWUp | +-----------------+-------------+-----------+---------------+---------------------------+ [admin:admin-ctrl-bgp]: >
Advertising directly connected Backend Networks to Frontend
The following is the diagrammatic representation of advertising directly connected backend networks to the frontend:
The CLI for this feature is as follows:
[admin:ctlr1]: > configure networkservice ns1 [admin:ctlr1]: networkservice> se_group_ref Default-Group [admin:ctlr1]: networkservice> vrf_ref global [admin:ctlr1]: networkservice> service_type routing_service [admin:ctlr1]: networkservice> routing_service [admin:ctlr1]: networkservice:routing_service> advertise_backend_networks [admin:ctlr1]: networkservice:routing_service> enable_routing [admin:ctlr1]: networkservice:routing_service> save [admin:ctlr1]: networkservice> save +--------------------------------+-----------------------------------------------------+ | Field | Value | +--------------------------------+-----------------------------------------------------+ | uuid | networkservice-f2b6b1d4-d985-4a88-b74e-8799b85f0716 | | name | ns1 | | se_group_ref | Default-Group | | vrf_ref | global | | service_type | ROUTING_SERVICE | | routing_service | | | enable_routing | True | | routing_by_linux_ipstack | False | | enable_vmac | False | | enable_vip_on_all_interfaces | True | | advertise_backend_networks | True | | graceful_restart | False | | enable_auto_gateway | False | | tenant_ref | admin | | cloud_ref | Default-Cloud | +--------------------------------+-----------------------------------------------------+
