BGP Routing and RHI Functionality in NetScaler

BGP Routing and RHI Functionality in NetScaler

book

Article ID: CTX140032

calendar_today

Updated On:

Description

This article provides information about BGP routing in NetScaler and some of the sample BGP configurations. It gives a brief overview of the RHI functionality.

Route Health Injection (RHI)

The primary purpose of dynamic routing in NetScaler is to communicate the state or health of VIPs to the upstream routers. The state of a VIP depends on the vservers, and services which are bound to that VIP. The advertisement of a VIP through RHI is tied to the states of the vservers associated to the VIP. The state of the vservers is dependent on the service states. The information about the states at the service level is not available to RHI.

Enabling VIP Advertisement

Set the –hostRoute option to ENABLED for host route injection to enable the VIP. By default, host route advertisement is DISABLED.

This can be done either while adding a new IP address or using the set ns ip command on an existing IP address (NetScaler adds this IP address as a result of creating vserver).

> add lb vserver test HTTP 173.10.11.21 80

> set ns ip 173.10.11.21 -hostRoute ENABLED

> add ns ip 173.10.11.22 255.255.255.255 -type VIP -hostRoute ENABLED

Setting RHI Monitoring Level

After the hostRoute option is enabled and based on the state of the vservers bound to a VIP, the NetScaler kernel injects the host route into ZebOS NSM. The –vserverRHILevel switch in add ns ip and set ns ip commands control the relationship between the state of vservers and the VIP host route that is sent to Network Services Module (NSM).

The three options available for this switch are as follows:

  • ALL_VSERVERS – A host route is injected to NSM only if all the vservers associated to the VIP are UP.
  • ONE_VSERVER – A host route is injected to NSM only if any one of the vservers associated to the VIP is UP
  • NONE – A host route is injected to NSM irrespective of the state of the vservers associated to the VIP

Note: By default, the –vserverRHILevel is set to ONE_VSERVER.

Setting Next Hop

By default, the next-hop of a kernel route is set to the MIP address. The –hostRtGw option in add ns ip or set ns ip commands modified preceding behavior.

> add ns ip 173.10.11.24 255.255.255.255 -type VIP -hostRoute ENABLED -hostRtGw 0.0.0.0
> set ns ip 173.10.11.21 -hostRoute ENABLED -hostRtGw 0.0.0.0

Note: It is recommended to use 0.0.0.0. NetScaler will continue to advertise the VIP even if the NetScaler Gateway is down and also to avoid any possible state change when an MIP goes down.

Re-distribution

A host route injected into ZebOS in the following manner will be marked as a Kernel Route in NSM FIB.

> vtysh
ns#show ip route 
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, I - Intranet
       * - candidate default

NetScaler Gateway of last resort is 10.102.33.2 to network 0.0.0.0.

S*      0.0.0.0/0 [1/0] via 10.102.33.2, vlan0
C       10.102.33.0/24 is directly connected, vlan0
C       127.0.0.0/8 is directly connected, lo0
K       173.10.11.21/32 via 193.10.1.1
K       173.10.11.22/32 via 193.10.1.1
K       173.10.11.23/32 via 193.10.1.1

After the VIPs are present in NSM as kernel routes, they can be redistributed to the desired protocol from vtysh using the redistribute kernel command.

Redistribute kernel sends the k routes from NSM to the BGP process and advertises to the neighbors.
(config-router)#redistribute kernel

Redistribute static sends the static routes from the NSM to the BGP process and advertise to the neighbors.
(config-router)#redistribute static

BGP Configuration

Complete the following steps:

  1. Run the following command from the NetScaler CLI.
    > enable ns feature bgp

  2. Run the following command to establish BGP peer over SNIPs.
    > enable ns mode USNIP

  3. Add the necessary SNIPs to run BGP.
    > add ns ip <ip-address> <netmask> –type SNIP –dynamicrouting enabled

  4. Prepare the IP addresses to run BGP. BGP can run from NSIP and SNIP.

  5. Create VLANs and bind BGP enabled subnets to VLANs.
    > add vlan <vlan-id>
    > bind vlan <vlan-id> -ipAddress <ip-address> <netmask> [-ifNum <if-number> [-tagged]]
    This causes a VLAN interface to be created in ZebOS NSM with the IP address bound to it. This helps NSM to detect interface state changes fast which results in reduced routing convergence times. This step is not needed if BGP runs only over NSIP.
    For example,

    set ns ip 1.1.1.1   -dynamicrouting enabled
  add vlan 200
bind vlan 200 -ipaddress 1.1.1.1 255.255.255.0
 
Nscli>
Vtysh
ns#Show running-config
interface vlan200
ip address 1.1.1.1/24

  6. Enable –hostRoute option to enable the VIPs for advertisement.
    By default, the NetScaler Gateway is set to an MIP address. It is recommended to set this to 0.0.0.0. NetScaler will continue to advertise the VIP even if the NetScaler gateway is down. When setting this to 0.0.0.0 helps to avoid any possible state change when a MIP goes down.
    > set ns ip <ip-address> –hostRoute ENABLED –hostRtGw <gw-ip>

  7. Use ns route-install bgp command from vtyshIf to download the routes BGP learnt to NetScaler kernel.
    This enables BGP learnt routes to be used for forwarding. This Step is not needed if you want to use NetScaler to forward the data based on static routes.
    config)#ns route-install bgp

  8. Run the following command to learn default routes through BGP to use them for forwarding.
    config)#ns route-install default

  9. Enable BGP routing from global configuration mode in vtysh.
    ns(config)#router bgp <as-number>
    This command will set the NetScaler in router-config mode in vtysh.

  10. Run the following command to configure neighbors.
    ns(config-router)#neighbor <ip-address> remote-as <as-number>

    To establish EBGP sessions with routers not residing on immediately connected subnets, enable ebgp-multihop for those neighbors.
    ns(config-router)#neighbor <ip-address> ebgp-multihop [<ttl>]

    By default, BGP peerings are established over the interface that is close to the neighbor; the exit interface for the connection. NetScaler keeps all IP addresses floating by default. It is recommended to manually specify the interface to be used for establishing TCP connections. This can be specified through the update-source option in neighbor command. Only VLAN interfaces exposed to ZebOS can be specified.
    ns(config-router)#neighbor <ip-address> update-source <vlan-if>

  11. Redistribute kernel routes.
    ns(config-router)#redistribute kernel [route-map <map-tag>]
    This makes the all the kernel routes in NSM for advertisement by BGP. Route-maps can be used to control redistribution.
    BGP is a policy based routing protocol. A variety of policies can be configured using ‘distribute-list’, ‘prefix-list’ and ‘as-path access-list’ commands.
    HA deployments running BGP are recommended to be configured in INC mode.
    In INC mode, both the active and standby NetScaler maintains peerings or adjacencies with their neighbors. The secondary machine just maintains the neighbor relationship; it does not advertise any routes. So, as soon as the failover happens, the routes can be exchanged which results in faster convergence time.

Configuration – nscli

enable ns feature LB CS SSLVPN SSL BGP
enable ns mode L3 USNIP
add ns ip 193.0.1.1 255.255.255.255 -type VIP -snmp DISABLED -hostRoute ENABLED -hostRtGw 0.0.0.0 -vserverRHILevel NONE
add ns ip 193.0.2.1 255.255.255.255 -type VIP -snmp DISABLED -hostRoute ENABLED -hostRtGw 0.0.0.0 -vserverRHILevel ONE_VSERVER
add ns ip 201.0.4.2 255.255.255.0 -vServer DISABLED -dynamicRouting ENABLED
add vlan 4
bind vlan 4 -ifnum 1/3
bind vlan 4 -IPAddress 201.0.4.2 255.255.255.0

BGP Configuration - vtysh

ns#show running-configuration
interface vlan0
ip address 10.102.33.55/24
!
interface vlan4
ip address 201.0.4.2/24
!
router bgp 41
redistribute kernel route-map redist-kernel
neighbor 201.0.4.1 remote-as 3
ns route-install bgp
!
access-list 1 deny 0.0.0.0
!
route-map redist-kernel permit 10
match ip address 2
!
End

Sample configs with local preference, MED and AS-path are as follows:

  • Configuring local preference with route-maps:

    route-map local permit 10
set local-preference 471
router bgp 65535
neighbor 3.3.3.62 remote-as 65533
neighbor 3.3.3.62 route-map local in à Local preference 471 applied for incoming routes from this neighbor

  • Configuring default local preference:

    router bgp 65535
bgp default local-preference 300

  • Configuring AS-path prepending:

    route-map asprepend permit 10
set as-path prepend 32
router bgp 65535
neighbor 3.3.3.62 route-map asprepend out à prepends AS path for outgoing routes

  • Configuring MED:

    MED is also known as metric. It can also be set using route-maps:

    access-list 20 permit any
route-map setmed permit 10
match ip address 20
set metric 20
router bgp 65535
neighbor 3.3.3.62 route-map setmed out à Sets metric of 20 to outgoing routes.

    Netscaler which receives metric or MED from different ASNs, should use “bgp always-compare-med” configuration to enable best route selection based on MED.

    router bgp 65535
bgp always-compare-med

Issue/Introduction

This article provides information about BGP routing in NetScaler and on some of the sample BGP configurations. It gives a brief overview of the RHI functionality.
Powered by Wolken Software