Configuring BGP
The NetScaler appliance supports BGP (RFC 4271). The features of BGP on the NetScaler are:
- The NetScaler advertises routes to BGP peers.
- The NetScaler injects host routes to virtual IP addresses (VIPs), as determined by the health of the underlying virtual servers.
- The NetScaler generates configuration files for running BGP on the secondary node after failover in an HA configuration.
- This protocol supports IPv6 route exchanges.
- As-Override Support in Border Gateway Protocol
After enabling BGP, you need to configure advertisement of BGP routes. For troubleshooting, you can limit BGP propagation. You can display BGP settings to verify the configuration.
Enabling and Disabling BGP
To enable or disable BGP, you must use either the NetScaler command line or the NetScaler GUI. When BGP is enabled, the NetScaler appliance starts the BGP process. When BGP is disabled, the appliance stops the BGP process.
To enable or disable BGP routing by using the NetScaler command line:
At the command prompt, type one of the following commands:
-
enable ns feature BGP
-
disable ns feature BGP
To enable or disable BGP routing by using the NetScaler GUI:
- Navigate to System > Settings, in Modes and Features group, click Change advanced features.
- Select or clear the BGP Routing option.
Advertising IPv4 Routes
You can configure the NetScaler appliance to advertise host routes to VIPs and to advertise routes to downstream networks.
To configure BGP to advertise IPv4 routes by using the VTYSH command line:
At the command prompt, type the following commands, in the order shown:
| Command | Specifies |
|---|---|
| VTYSH | Display VTYSH command prompt. |
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. Possible values: 1 to 4,294,967,295. |
| Neighbor < IPv4 address> remote-as < as-number> | Update the IPv4 BGP neighbor table with the link local IPv4 address of the neighbor in the specified autonomous system. |
| Address-family ipv4 | Enter address family configuration mode. |
| Neighbor < IPv4 address> activate | Exchange prefixes for the IPv4 router family between the peer and the local node by using the link local address. |
| redistribute kernel | Redistribute kernel routes. |
| redistribute static | Redistribute static routes. |
Example:
>VTYSH
NS# configure terminal
NS(config)# router BGP 5
NS(config-router)# Neighbor 10.102.29.170 remote-as 100
NS(config-router)# Address-family ipv4
NS(config-router-af)# Neighbor 10.102.29.170 activate
NS(config-router)# redistribute kernel
NS(config-router)# redistribute static
<!--NeedCopy-->
Prerequisites for IPv6 BGP
Before you begin configuring IPv6 BGP, do the following:
- Make sure that you understand the IPv6 BGP protocol.
- Enable the IPv6 feature.
Advertising IPv6 BGP Routes
Border Gateway Protocol (BGP) enables an upstream router to load balance traffic between two identical virtual servers hosted on two standalone NetScaler appliances. Route advertising enables an upstream router to track network entities located behind the NetScaler.
To configure BGP to advertise IPv6 routes by using the VTYSH command line:
At the command prompt, type the following commands, in the order shown:
| Command | Specifies |
|---|---|
| VTYSH | Display VTYSH command prompt. |
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. Possible values: 1 to 4,294,967,295. |
| Neighbor < IPv6 address> remote-as < as-number> | Update the IPv6 BGP neighbor table with the link local IPv6 address of the neighbor in the specified autonomous system. |
| Address-family ipv6 | Enter address family configuration mode. |
| Neighbor < IPv6 address> activate | Exchange prefixes for the IPv6 router family between the peer and the local node by using the link local address. |
| redistribute kernel | Redistribute kernel routes. |
| redistribute static | Redistribute static routes. |
Example:
>VTYSH
NS# configure terminal
NS(config)# router BGP 5
NS(config-router)# Neighbor a1bc::102 remote-as 100
NS(config-router)# Address-family ipv6
NS(config-router-af)# Neighbor a1bc::102 activate
NS(config-router)# redistribute kernel
NS(config-router)# redistribute static
<!--NeedCopy-->
Verifying the BGP Configuration
You can use VTYSH to display BGP settings.
To view the BGP settings using the VTYSH command line
At the command prompt, type:
VTYSH
You are now in the VTYSH command prompt. An output similar to the following appears:
NS170#
At the VTYSH command prompt, type:
NS170# sh ip BGP
NS170# sh BGP
NS170# sh ip BGP neighbors
NS170# sh ip BGP summary
NS170# sh ip BGP route-map <map-tag>
<!--NeedCopy-->
As-Override Support in Border Gateway Protocol
As a part of BGP loop prevention functionality, if a router receives a BGP packet containing the router’s Autonomous System Number (ASN) in the Autonomous Systems (AS) path, the router drops the packet. The assumption is that the packet originated from the router and has reached the place from where it originated.
If an enterprise has several sites with a same ASN, BGP loop prevention causes the sites with an identical ASN to not get linked by another ASN. Routing updates (BGP packets) are dropped when another site receives them.
To solve this issue, BGP AS-Override functionality has been added to the ZebOS BGP routing module of the NetScaler.
With AS-Override enabled for a peer device, when the NetScaler appliance receives a BGP packet for forwarding to the peer, and the ASN of the packet matches that of the peer, the appliance replaces the ASN of the BGP packet with its own ASN number before forwarding the packet.
You can enable AS-Override for a specific neighbor or a group of neighbors (peer group) by using the VTYSH command line.
To configure BGP AS-Override for a IPv4 neighbor by using the VTYSH command line:
| Command | Specifies |
|---|---|
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. |
| Neighbor < IPv4 address> remote-as < as-number> | Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system. |
| Neighbor <IPv4 address> as-override | Enable BGP as-override for the specified neighbor. |
> VTYSH NS# configure terminal
NS(config)# router BGP 5
NS(config-router)# Neighbor 192.0.2.100 remote-as 100
NS(config-router)# Neighbor 10.102.29.100 as-override
<!--NeedCopy-->
To configure BGP AS-Override for a IPv4 BGP peer group by using the VTYSH command line:
| Command | Specifies |
|---|---|
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. |
| Neighbor <peer group name> peer-group | Create a BGP peer group. |
| Neighbot <IPv4 address> peer-group <peer group name> | Associate neighbors to the specified peer group. |
| Neighbor <peer group name> remote-as < as-number> | Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system. |
| Neighbor <peer group name> as-override | Enable BGP as-override for all the neighbors that are associated with the specified peer group. |
> VTYSH NS# configure terminal
NS(config)# router bgp 5
NS(config-router)# neighbor external-peers-1 peer-group
NS(config-router)# neighbor 192.0.2.101 peer-group external-peers-1
NS(config-router)# neighbor 192.0.2.102 peer-group external-peers-1
NS(config-router)# neighbor 192.0.2.103 peer-group external-peers-1
NS(config-router)# Neighbor external-peers-1 remote-as 100
NS(config-router)# Neighbor external-peers-1 as-override
<!--NeedCopy-->
To configure BGP AS-Override for an IPv6 neighbor by using the VTYSH command line:
| Command | Specifies |
|---|---|
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. |
| Neighbor < IPv6 address> remote-as < as-number> | Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system. |
| Neighbor <IPv6 address> as-override | Enable BGP as-override for the specified neighbor. |
| Address-family ipv6 | Enter address family configuration mode. |
| Neighbor < IPv6 address> activate | Exchange prefixes for the IPv6 router family between the specified neighbor and the NetScaler by using the link local address. |
| Neighbor <IPv6 address> as-override | Enable BGP as-override for the specified neighbor. |
> VTYSH NS# configure terminal
NS(config)# router bgp 5
NS(config-router)# Neighbor a1bc::102 remote-as 100
NS(config-router)# Neighbor a1bc::102 as-override
NS(config-router)# Address-family ipv6
NS(config-router-af)# Neighbor a1bc::102 activate
NS(config-router)# Neighbor a1bc::102 as-override
<!--NeedCopy-->
To configure BGP AS-Override for IPv6 peer group by using the VTYSH command line:
| Command | Specifies |
|---|---|
| configure terminal | Enter global configuration mode. |
| router BGP < ASnumber> | BGP autonomous system. < ASnumber> is a required parameter. |
| Neighbor <peer group name> peer-group | Create a BGP peer group. |
| Neighbor <IPv6 address> peer-group <peer group name> | Associate a neighbor with the specified peer group. |
| Neighbor <peer group name> remote-as < as-number> | Update the IPv4 BGP neighbor table with the IPv4 address of the neighbor in the specified autonomous system. |
| Neighbor <peer group name> as-override | Enable BGP as-override for all the neighbors that are associated with the specified peer group. |
| Address-family ipv6 | Enter address family configuration mode. |
| Neighbor <peer group name> activate | Exchange prefixes for the IPv6 router family between the neighbors of the specified peer group and the NetScaler by using the link local address. |
| Neighbor <peer group name> as-override | Enable BGP as-override for all the neighbors that are associated with the specified peer group. |
> VTYSH NS# configure terminal
NS(config)# router bgp 5
NS(config-router)# neighbor external-peers-2 peer-group
NS(config-router)# neighbor 2001::1 peer-group external-peers-2
NS(config-router)# neighbor 2001::2 peer-group external-peers-2
NS(config-router)# Neighbor external-peers-2 remote-as 100
NS(config-router)# Neighbor external-peers-2 as-override
NS(config-router)# Address-family ipv6
NS(config-router-af)# Neighbor external-peers-2 activate
NS(config-router)# Neighbor external-peers-2 as-override
<!--NeedCopy-->
Graceful Restart
In a non-INC high availability (HA) setup in which a routing protocol is configured, after a failover, routing protocols are converged and routes between the new primary node and the adjacent neighbor routers are learned. Route learning take some time to complete. During this time, forwarding of packets is delayed, network performance might get disrupted, and packets might get dropped. Graceful restart enables an HA setup during a failover to direct its adjacent routers to not remove the old primary node’s learned routes from their routing databases. Using the old primary node’s routing information, the new primary node and the adjacent routers immediately start forwarding packets, without disrupting network performance.
Configuring Graceful Restart for BGP
To configure graceful restart for BGP by using the VTYSH command line, at the command prompt, type the following commands, in the order shown:
| Command | Example | Command Description |
|---|---|---|
| VTYSH | VTYSH | Enters VTYSH command prompt. |
| configure terminal | NS# configure terminal | Enters global configuration mode. |
| router-id <ID> | NS(config)# router-id 1.1.1.1 | A router identifier for the NetScaler appliance. This identifier is set for all the dynamic routing protocols. The same identifier must be specified on the other node in a high availability setup for graceful restart to work properly. |
| router bgp <AS-number> | NS(config)# router bgp 5 | Enters BGP configuration mode. |
| bgp graceful-restart | NS(config)# bgp graceful-restart | Enables graceful restart on the BGP routing process. |
| bgp graceful-restart restart-time <1-1800> | NS(config-router)# bgp graceful-restart restart-time 170 | Specifies the grace period, in seconds, that the helper routers waits for a TCP connection from the new primary node after a failover. For this amount of time, the helper routers preserve the routes. |
| bgp graceful-restart stalepath-time <1-1800> | NS(config-router)# bgp graceful-restart stalepath-time 180 | Specifies the time, in seconds, that the NetScaler appliance in helper mode retains the stale routes for restarting neighbor routers. The default value is 360 seconds. |
| neighbor <IPv4 address of the peer router> remote-as <AS-number> | NS(config-router)# neighbor 192.0.2.30 remote-as 2 | Establishes BGP peering with the specified neighbor router device. |
| neighbor <IPv4 address of the peer router> capability graceful-restart | NS(config-router)# neighbor 192.0.2.30 capability graceful-restart | Enables graceful restart with the specified neighbor. |
| redistribute kernel | NS(config-router)# redistribute kernel | Redistributes kernel routes. |
Configuring Graceful Restart for IPv6 BGP
In a non-INC high availability (HA) setup in which a routing protocol is configured, after a failover, routing protocols are converged and routes between the new primary node and the adjacent neighbor routers are learned. Route learning take some time to complete. During this time, forwarding of packets is delayed, network performance might get disrupted, and packets might get dropped.
Graceful restart enables an HA setup during a failover to direct its adjacent routers to not remove the old primary node’s learned routes from their routing databases. Using the old primary node’s routing information, the new primary node and the adjacent routers immediately start forwarding packets, without disrupting network performance.
To configure graceful restart for IPv6 BGP by using the VTYSH command line, at the command prompt, type the following commands, in the order shown:
| Command | Example | Command Description |
|---|---|---|
| VTYSH | VTYSH | Enters VTYSH command prompt. |
| configure terminal | NS# configure terminal | Enters global configuration mode. |
| router-id <id> | NS(config)# router-id 1.1.1.1 | Sets a router identifier for the NetScaler appliance. This identifier is set for all the dynamic routing protocols. The same ID must be specified in the other node in a high availability setup for graceful restart to work properly. |
| router bgp <AS-number> | NS(config)# router bgp 5 | Enters configuration mode for BGP protocol. |
| bgp graceful-restart | NS(config)# bgp graceful-restart | Enables graceful restart on the BGP routing process. |
| bgp graceful-restart restart-time <1-1800> | NS(config-router)# bgp graceful-restart restart-time 170 | Specifies the grace period, in seconds, that the helper routers waits for a TCP connection from the new primary node after a failover. For this amount of time, the helper routers preserve the routes. The default value is 360 seconds. |
| bgp graceful-restart stalepath-time <1-1800> | NS(config-router)# bgp graceful-restart stalepath-time 180 | Specifies the time, in seconds, that the NetScaler appliance in helper mode retains the stale routes for restarting neighbor routers. The default value is 360 seconds. |
| neighbor <IPv6 address> remote-as <AS-number> | NS(config-router)# neighbor 2001:db8::10 remote-as 2 | Establishes BGP peering with the specified neighbor router device. |
| address-family ipv6 | NS(config-router)#address-family ipv6 | Enters address family configuration mode. |
| neighbor <IPv6 address of the neighbor> activate | NS(config-router-af)#neighbor 2001:db8::10 activate | Enables the exchange of address family routes with the specified neighbor router device. |
| neighbor <IPv6 address of the neighbor> capability graceful-restart | NS(config-router-af)#neighbor 2001:db8::10 capability graceful-restart | Enables graceful restart with the specified neighbor router device. |
| redistribute kernel | NS(config-router-af)#redistribute kernel | Redistributes kernel routes. |
| exit-address-family | NS(config-router-af)#exit-address-family | Exits address family configuration mode. |