Product Documentation

Configuring BGP

Jul 07, 2016

The NetScaler appliance supports BGP (RFC 4271). The features of BGP on the NetScaler are:

The NetScaler advertises routes to BGP peers.
The NetScaler injects host routes to virtual IP addresses (VIPs), as determined by the health of the underlying virtual servers.
The NetScaler generates configuration files for running BGP on the secondary node after failover in an HA configuration.
This protocol supports IPv6 route exchanges.
As-Override Support in Border Gateway Protocol

After enabling BGP, you need to configure advertisement of BGP routes. For troubleshooting, you can limit BGP propagation. You can display BGP settings to verify the configuration.

Prerequisites for IPv6 BGP

Before you begin configuring IPv6 BGP, do the following:

Make sure that you understand the IPv6 BGP protocol.
Install the IPv6PT license on the NetScaler appliance.
After installing the IPv6PT license, enable the IPv6 feature.

Enabling and Disabling BGP

Updated: 2013-09-05

To enable or disable BGP, you must use either the command line interface or the configuration utility. When BGP is enabled, the NetScaler appliance starts the BGP process. When BGP is disabled, the appliance stops the BGP process.

To enable or disable BGP routing by using the command line interface

At the command prompt, type one of the following commands:

enable ns feature BGP
disable ns feature BGP

To enable or disable BGP routing by using the configuration utility

Navigate to System > Settings, in Modes and Features group, click Change advanced features.
Select or clear the BGP Routing option.

Advertising IPv4 Routes

Updated: 2013-08-30

You can configure the NetScaler appliance to advertise host routes to VIPs and to advertise routes to downstream networks.

To configure BGP to advertise IPv4 routes by using the VTYSH command line

At the command prompt, type the following commands, in the order shown:

Command	Specifies
VTYSH	Display VTYSH command prompt.
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter. Possible values: 1 to 4,294,967,295.
Neighbor < IPv4 address> remote-as < as-number>	Update the IPv4 BGP neighbor table with the link local IPv4 address of the neighbor in the specified autonomous system.
Address-family ipv4	Enter address family configuration mode.
Neighbor < IPv4 address> activate	Exchange prefixes for the IPv4 router family between the peer and the local node by using the link local address.
redistribute kernel	Redistribute kernel routes.
redistribute static	Redistribute static routes.

Example

 
>VTYSH 
NS# configure terminal 
NS(config)# router BGP 5 
NS(config-router)# Neighbor a1bc::102 remote-as 100 
NS(config-router)# Address-family ipv4 
NS(config-router-af)# Neighbor 10.102.29.170 activate 
NS(config-router)# redistribute kernel 
NS(config-router)# redistribute static

Advertising IPv6 BGP Routes

Updated: 2013-08-30

Border Gateway Protocol (BGP) enables an upstream router to load balance traffic between two identical virtual servers hosted on two standalone NetScaler appliances. Route advertising enables an upstream router to track network entities located behind the NetScaler.

To configure BGP to advertise IPv6 routes by using the VTYSH command line

At the command prompt, type the following commands, in the order shown:

Command	Specifies
VTYSH	Display VTYSH command prompt.
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter. Possible values: 1 to 4,294,967,295.
Neighbor < IPv6 address> remote-as < as-number>	Update the IPv6 BGP neighbor table with the link local IPv6 address of the neighbor in the specified autonomous system.
Address-family ipv6	Enter address family configuration mode.
Neighbor < IPv6 address> activate	Exchange prefixes for the IPv6 router family between the peer and the local node by using the link local address.
redistribute kernel	Redistribute kernel routes.
redistribute static	Redistribute static routes.

Example

 
>VTYSH 
NS# configure terminal 
NS(config)# router BGP 5 
NS(config-router)# Neighbor a1bc::102 remote-as 100 
NS(config-router)# Address-family ipv6 
NS(config-router-af)# Neighbor a1bc::102 activate 
NS(config-router)# redistribute kernel 
NS(config-router)# redistribute static

Verifying the BGP Configuration

Updated: 2013-08-30

You can use VTYSH to display BGP settings.

To view the BGP settings using the VTYSH command line

At the command prompt, type:

 
VTYSH 
You are now in the VTYSH command prompt. An output similar to the following appears: 
NS170# 
At the VTYSH command prompt, type: 
NS170# sh ip BGP 
NS170# sh BGP 
NS170# sh ip BGP neighbors 
NS170# sh ip BGP summary 
NS170# sh ip BGP route-map <map-tag>

As-Override Support in Border Gateway Protocol

As a part of BGP loop prevention functionality, if a router receives a BGP packet containing the router’s Autonomous System Number (ASN) in the Autonomous Systems (AS) path, the router drops the packet. The assumption is that the packet originated from the router and has reached the place from where it originated.

If an enterprise has several sites with a same ASN, BGP loop prevention causes the sites with an identical ASN to not get linked by another ASN. Routing updates (BGP packets) are dropped when another site receives them.

To solve this issue, BGP AS-Override functionality has been added to the ZebOS BGP routing module of the NetScaler.

With AS-Override enabled for a peer device, when the NetScaler appliance receives a BGP packet for forwarding to the peer, and the ASN of the packet matches that of the peer, the appliance replaces the ASN of the BGP packet with its own ASN number before forwarding the packet.

You can enable AS-Override for a specific neighbor or a group of neighbors (peer group) by using the vtysh command line.

To configure BGP AS-Override for a IPv4 neighbor by using the VTYSH command line

Command	Specifies
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter.
Neighbor < IPv4 address> remote-as < as-number>	Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system.
Neighbor <IPv4 address> as-override	Enable BGP as-override for the specified neighbor.

> VTYSH NS# configure terminal  
NS(config)# router BGP 200 
NS(config-router)# Neighbor 192.0.2.100 remote-as 100 
NS(config-router)# Neighbor 10.102.29.100 as-override

To configure BGP AS-Override for a IPv4 BGP peer group by using the VTYSH command line

Command	Specifies
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter.
Neighbor <peer group name> peer-group	Create a BGP peer group.
Neighbot <IPv4 address> peer-group <peer group name>	Associate neighbors to the specified peer group.
Neighbor <peer group name> remote-as < as-number>	Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system.
Neighbor <peer group name> as-override	Enable BGP as-override for all the neighbors that are associated with the specified peer group.

> VTYSH NS# configure terminal  
NS(config)# router BGP 200 
NS(config-router)# neighbor external-peers-1 peer-group 
NS(config-router)# neighbor 192.0.2.101 peer-group external-peers-1 
NS(config-router)# neighbor 192.0.2.102 peer-group external-peers-1 
NS(config-router)# neighbor 192.0.2.103 peer-group external-peers-1 
NS(config-router)# Neighbor external-peers-1 remote-as 100 
NS(config-router)# Neighbor external-peers-1 as-override

To configure BGP AS-Override for an IPv6 neighbor by using the VTYSH command line

Command	Specifies
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter.
Neighbor < IPv6 address> remote-as < as-number>	Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system.
Neighbor <IPv6 address> as-override	Enable BGP as-override for the specified neighbor.
Address-family ipv6	Enter address family configuration mode.
Neighbor < IPv6 address> activate	Exchange prefixes for the IPv6 router family between the specified neighbor and the NetScaler by using the link local address.
Neighbor <IPv6 address> as-override	Enable BGP as-override for the specified neighbor.

> VTYSH NS# configure terminal  
NS(config)# router BGP 200 
NS(config-router)# Neighbor a1bc::102 remote-as 100 
NS(config-router)# Neighbor a1bc::102 as-override 
NS(config-router)# Address-family ipv6  
NS(config-router-af)# Neighbor a1bc::102 activate  
NS(config-router)# Neighbor a1bc::102 as-override

To configure BGP AS-Override for IPv6 peer group by using the VTYSH command line

Command	Specifies
configure terminal	Enter global configuration mode.
router BGP < ASnumber>	BGP autonomous system. < ASnumber> is a required parameter.
Neighbor <peer group name> peer-group	Create a BGP peer group.
Neighbor <IPv6 address> peer-group <peer group name>	Associate a neighbor with the specified peer group.
Neighbor <peer group name> remote-as < as-number>	Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system.
Neighbor <peer group name> as-override	Enable BGP as-override for all the neighbors that are associated with the specified peer group.
Address-family ipv6	Enter address family configuration mode.
Neighbor <peer group name> activate	Exchange prefixes for the IPv6 router family between the neighbors of the specified peer group and the NetScaler by using the link local address.
Neighbor <peer group name> as-override
	Enable BGP as-override for all the neighbors that are associated with the specified peer group.

> VTYSH NS# configure terminal  
NS(config)# router BGP 200 
NS(config-router)# neighbor external-peers-2 peer-group 
NS(config-router)# neighbor 2001::1 peer-group external-peers-2 
NS(config-router)# neighbor 2001::2 peer-group external-peers-2 
NS(config-router)# Neighbor external-peers-2 remote-as 100 
NS(config-router)# Neighbor external-peers-2 as-override 
NS(config-router)# Address-family ipv6  
NS(config-router-af)# Neighbor external-peers-2 activate  
NS(config-router)# Neighbor external-peers-2 as-override

Graceful Restart

In a non-INC high availability (HA) setup in which a routing protocol is configured, after a failover, routing protocols are converged and routes between the new primary node and the adjacent neighbor routers are learned. Route learning take some time to complete. During this time, forwarding of packets is delayed, network performance might get disrupted, and packets might get dropped.
Graceful restart enables an HA setup during a failover to direct its adjacent routers to not remove the old primary node’s learned routes from their routing databases. Using the old primary node’s routing information, the new primary node and the adjacent routers immediately start forwarding packets, without disrupting network performance.

Configuring Graceful Restart for BGP

To configure graceful restart for BGP by using the VTYSH command line, at the command prompt, type the following commands, in the order shown:


Command	Example	Command Description
VTYSH	VTYSH	Enters VTYSH command prompt.
configure terminal	NS# configure terminal	Enters global configuration mode.
router-id <ID>	NS(config)# router-id 1.1.1.1	A router identifier for the NetScaler appliance. This identifier is set for all the dynamic routing protocols. The same identifier must be specified on the other node in a high availability setup for graceful restart to work properly.
router bgp <AS-number>	NS(config)# router bgp 1	Enters BGP configuration mode.
bgp graceful-restart	NS(config)# bgp graceful-restart	Enables graceful restart on the BGP routing process.
bgp graceful-restart restart-time <1-1800>	NS(config-router)# bgp graceful-restart restart-time 170	Specifies the grace period, in seconds, that the helper routers waits for a TCP connection from the new primary node after a failover. For this amount of time, the helper routers preserve the routes.
bgp graceful-restart stalepath-time <1-1800>	NS(config-router)# bgp graceful-restart stalepath-time 180	Specifies the time, in seconds, that the NetScaler appliance in helper mode retains the stale routes for restarting neighbor routers. The default value is 360 seconds.
neighbor <IPv4 address of the peer router> remote-as <AS-number>	NS(config-router)# neighbor 192.0.2.30 remote-as 2	Establishes BGP peering with the specified neighbor router device.
neighbor <IPv4 address of the peer router> capability graceful-restart	NS(config-router)# neighbor 192.0.2.30 capability graceful-restart	Enables graceful restart with the specified neighbor.
redistribute kernel	NS(config-router)# redistribute kernel	Redistributes kernel routes.

Configuring Graceful Restart for IPv6 BGP

Graceful restart enables an HA setup during a failover to direct its adjacent routers to not remove the old primary node’s learned routes from their routing databases. Using the old primary node’s routing information, the new primary node and the adjacent routers immediately start forwarding packets, without disrupting network performance.

To configure graceful restart for IPv6 BGP by using the VTYSH command line, at the command prompt, type the following commands, in the order shown:


Command	Example	Command Description
VTYSH	VTYSH	Enters VTYSH command prompt.
configure terminal	NS# configure terminal	Enters global configuration mode.
router-id <id>	NS(config)# router-id 1.1.1.1	Sets a router identifier for the NetScaler appliance. This identifier is set for all the dynamic routing protocols. The same ID must be specified in the other node in a high availability setup for graceful restart to work properly.
router bgp <AS-number>	NS(config)# router bgp 1	Enters configuration mode for BGP protocol.
bgp graceful-restart	NS(config)# bgp graceful-restart	Enables graceful restart on the BGP routing process.
bgp graceful-restart restart-time <1-1800>	NS(config-router)# bgp graceful-restart restart-time 170	Specifies the grace period, in seconds, that the helper routers waits for a TCP connection from the new primary node after a failover. For this amount of time, the helper routers preserve the routes. The default value is 360 seconds.
bgp graceful-restart stalepath-time <1-1800>	NS(config-router)# bgp graceful-restart stalepath-time 180	Specifies the time, in seconds, that the NetScaler appliance in helper mode retains the stale routes for restarting neighbor routers. The default value is 360 seconds.
neighbor <IPv6 address> remote-as <AS-number>	NS(config-router)# neighbor 2001:db8::10 remote-as 2	Establishes BGP peering with the specified neighbor router device.
address-family ipv6	NS(config-router)#address-family ipv6	Enters address family configuration mode.
neighbor <IPv6 address of the neighbor> activate	NS(config-router-af)#neighbor 2001:db8::10 activate	Enables the exchange of address family routes with the specified neighbor router device.
neighbor <IPv6 address of the neighbor> capability graceful-restart	NS(config-router-af)#neighbor 2001:db8::10 capability graceful-restart	Enables graceful restart with the specified neighbor router device.
redistribute kernel	NS(config-router-af)#redistribute kernel	Redistributes kernel routes.
exit-address-family	NS(config-router-af)#exit-address-family	Exits address family configuration mode.

Send your feedback on this article

Support: https://www.citrix.com/support

Feedback and forums: https://discussions.citrix.com