How to: Configure Routing and Forwarding¶
Overview of VRF¶
The BIG-IP Next can isolate network traffic for a particular application. It can add routes for destinations that are not located on a directly connected network and drop all traffic sent to a specific destination.
The Virtual Routing and Forwarding (VRF) improves network functionality by allowing traffic segregation and reutilization of IP addresses on the network, provided the IP addresses reside in different VRFs. Use static routes for flexible routing behavior of the network. Only one default route domain is allowed. Do not add a VLAN in two different route domains, a validation error is displayed if same VLAN is added in two route domains.
You cannot have the same self IP in the two VLANs in the same route domain, with in the route domain, the self IP must be unique.
Overview of DNS net resolver route¶
The DNS net resolver route is a cache used by BIG-IP Next to perform DNS resolution, it caches DNS responses so that it can respond to subsequent DNS queries.
The respective Time-To-Live (TTL) determines the validity of the cached DNS responses and the cache removes the oldest entries to make space for new entries when the cache size is breached. Additionally, the DNS resolver does not perform prefetch to keep entries in the cache or prevent them from expiring.
When you configure the DNS net resolver with a forward zone, the DNS net resolver sends DNS queries that match the forward zone to one server from the list of configured servers for resolution. The BIG-IP Next balances the requests between the list of servers you set up. It does not let you change this algorithm. When no forward zone is configured, the DNS net resolver randomly picks a root hints server to resolve DNS queries. If the root hints server takes too long to respond, the DNS net resolver continues DNS resolution recursively through the list of root hints servers until the query is resolved.
Overview of static routes¶
Use static routes for destinations that are not located on the directly-connected network.
Before adding a route, if the IP addresses in the route pertain to any route domains, verify that the relevant route domains are present on the BIG-IP Next.
The BIG-IP Next can forward packets to a specific network device (like a router or a server), or it can drop packets altogether. This depends on the settings you choose.
Overview of dynamic routes¶
The BIG-IP Next advanced routing supports the Border Gateway Protocol (BGP) protocol for external networks that supports the IPv4 and IPv6 addressing formats. The BGP Route Health Injection (RHI) is used in network routing to influence the selection of routes advertised through BGP based on their health status. In traditional BGP routing, routes are advertised based on reachability and preference metrics, such as Autonomous System (AS) path length, and local preference. The BGP RHI checks for the availability of a virtual IP address, if it is available, then the RHI injects the virtual IP address in the BGP message.
The BGP RHI is particularly useful in scenarios where there are multiple paths to the same destination, such as multi-homed networks or networks with redundant links. It helps optimize routing decisions to ensure that traffic is routed over the most stable and performant paths, thus improving overall network reliability and performance. The BGP uses a mechanism called peering, administrators designate specific routers as BGP peers. Peers represent devices at the edge or boundary of an autonomous system.
BGP peers perform the following functions:
Route Discovery - BGP peers exchange routing information with neighboring BGP peers through Network Layer Reachability Information (NLRI) and path attributes. NLRI contains connection information about neighbors. Path attributes include information such as delay, hop count, and transmission cost. After exchanging information, each BGP peer can create a graph of network connectivity around it.
Route Storage – During the discovery process, each BGP router collects route advertisement information and stores it in the form of a routing table. It uses routing tables for path selection and is updated periodically. For example, a BGP router receives keep-alive messages from neighboring routers every 30 seconds. It will update the saved route accordingly.
Path Selection - BGP routers use stored information to improve traffic routing. The most important factor in route selection is the shortest path, which is determined using a saved route map. When a destination can be reached through multiple paths, BGP selects the best path by evaluating the other path attributes in turn.
Use the following topics to manage routing and forwarding¶
Note: After creating required routes, create an application that routes through the added IP address. For more information, refer Create an application service
Prerequisites¶
You must have Administrator or Instance Manager user credentials to manage instances.
You must have an instance added in the BIG-IP Next Central Manager, for more information, refer to How to: Create a BIG-IP Next instance in a VMware vSphere environment from Central Manager, How to: Create a BIG-IP Next instance on VELOS system from Central Manager, or How to: Create a BIG-IP Next instance on rSeries system from Central Manager.
Parameter details (for example, server names or addresses) that the instance requires.
Add a non-default VRF¶
Use this procedure to add a non-default VRFs:
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The Default VRF is available by default.
Click Add to add a new VRF.
In the Name field, specify the name of the VRF.
From the VLANs drop-down, select the VLANs to associate with the VRF.
Note: Refer to Manage BIG-IP Next instance properties to create new VLANs.
Click Save. The Routing & Forwarding tab displays the list of VRFs.
Refer to Manage VRF to update a default or non-default VRF.
Manage VRF¶
Use this procedure to update a default or non-default VRF.
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The list of VRFs display.
Click on the VRF name. The VRF properties display.
Note: In the default VRF, the toggle for Default VRF is unavailable for edit. Also, you cannot modify the VLANs from the VLANs drop-down in default VRF. Navigate to Networking & Proxy settings, select VLANs tab, click Edit and uncheck the Default VRF option against the respective VLAN to remove it from the default VRF. For more information, refer Manage BIG-IP Next instance properties.
From the VLANs drop-down, select the VLANs to associate with the VRF.
Note: Refer to Manage BIG-IP Next instance properties to create new VLANs.
Manage DNS Net Resolver, Static Routes, and Dynamic Routes, refer to Manage DNS net resolver, Manage static routes, Manage dynamic routes, or Manage RHI.
Note: The Dynamic Routes section is only available in default VRF.
Click Save.
Manage DNS net resolver¶
Use this procedure to manage DNS resolvers.
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The list of VRFs display.
Click on the VRF name. The VRF properties display.
If DNS Net Resolver is enabled, click on the name of the DNS resolver. If the DNS Net Resolver is disabled, toggle it to enable and click Start Adding to add DNS resolvers.
In the Name field, specify the name of the DNS resolver.
In the Description field, specify the description for the DNS resolver.
In the Answer Default Zones field, when enabled, the system answers DNS queries for the default zones localhost, reverse 127.0.0.1 and ::1, and AS112. When disabled, the system passes along the DNS queries for the default zones.
In the Forward Zones section, specify the forward zones in FQDN format with their corresponding IP addresses and service ports of a recursive nameserver that answers DNS queries when the response cannot be found in the DNS resolver cache. You can specify multiple nameservers for a forward zone. The BIG-IP Next sends DNS queries that match the name of the forward zone to the list of configured nameservers.
In the Message Cache Size field, specify the number of bytes allocated for the message cache. The default value is 1MB.
In the Nameserver Cache Count field, specify the maximum number of DNS nameservers to cache.
In the Nameserver TTL field, specify the time to live in seconds for DNS nameservers in the cache. The default value is 900 seconds.
In the Negative Cache Size field, specify the number of bytes allocated for the negative cache. The default value is 1 MB.
In the Random Query Name Case field, when enabled, the BIG-IP Next randomizes character case in DNS queries issued to the root DNS servers.
In the Use IPv4 field, when enabled, the BIG-IP Next can use IPv4 to query back-end nameservers.
In the Use IPv6 field, when enabled, the BIG-IP Next can use IPv6 to query back-end nameservers.
In the Use TCP field, when enabled, the BIG-IP Next answers and issues UDP-formatted queries.
In the Use UDP field, when enabled, the BIG-IP Next answers and issues TCP-formatted queries.
Click Save.
Manage static routes¶
Use this procedure to manage static routes.
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The list of VRFs display.
Click on the VRF name. The VRF properties display.
If Static Routes is enabled, click on the name of the route. If the Static Routes is disabled, toggle it to enable and click Start Adding to add static routes.
In the Name field, specify the name of the route.
In the Destination field, select the IPv4 or IPv6 address prefix.
In the IPv4/IPv6 Address Prefix field, enter the destination IP address for the route followed by a slash and CIDR mask, or IP address 0.0.0.0 for the default route.
In the Resource field, specify the method through which the BIG-IP Next forwards the packets. The following options are available:
Route Gateway: Select this option when you want the next hop in the route to be a network IP address. This choice works well when the destination is a pool member on the same internal network as this gateway address. The Gateway and IPv4/IPv6 Address fields are available when Route Gateway option is selected.
Route Interface: Select this option if you want the route packet to pass through the interface of the next hoop.
Route Reject: Select this option when you want the BIG-IP Next to reject packets sent to the specified destination.
Click Save.
Manage dynamic routes¶
Use this procedure to manage dynamic routes (BGP):
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The list of VRFs display.
Click on the default VRF name. The VRF properties display.
If Dynamic Routes is enabled, click on the name of the route. If the Dynamic Routes is disabled, toggle it to enable and click Start Adding to add dynamic routes.
In the Name field, specify the name of the route.
In the BGP raw configuration blob field, specify the router configuration.
In the Array of neighbor passwords section, specify the IP address and neighbor password details
Click on Save.
Note: In BIG-IP Next v20.3.0, BGP is not compatible with High Availability (HA) mode on VELOS but is supported in Standalone mode.
Manage Route Health Injection (RHI)¶
Use this procedure to manage Route Health Injection (RHI) in dynamic routes:
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.
Click on the instance name. The instance properties display.
Select the Routing & Forwarding tab. The list of VRFs display.
Click on the default VRF name. The VRF properties display.
Enable Dynamic Routes field. The Enable Route Health Injection (RHI) field is displayed with dynamic route properties.
Note: Enabling Dynamic Routes automatically enables the Enable Route Health Injection (RHI) field. When an application is deployed, the RHI for the virtual address is set to Any by default. If you want to change the RHI for a particular virtual address, then add the virtual address in Manage RHI and set it to the required RHI value.
Click Manage RHI. A panel displays list of IP addresses. If no address is available, then click Start Adding to add virtual addresses.
In the Name field, specify the name of the route.
In the Virtual IP Addresses section, specify the IP address.
In the RHI section, select the type of route advertisement, the following options are available:
Any (default): The virtual address is up when any (at least one) L4-clientside is up.
Always: Always advertises the route for the virtual address, regardless of availability status.
Never: Do not advertise the route for the virtual address, regardless of the availability status.
All: The virtual address is up when all L4-clientsides are up.
Click Save.
Verify routing advertisement¶
Use this procedure to verify routing advertising on BIP-IP Next based on RHI value selection:
Access the BIP-IP Next instance through SSH.
Run
kubectl get pods
. Once all pod details are available, users must log into the TMM pod to accessf5dr
.Run this command to get into f5dr mode by accessing the TMM pod.
kubectl exec -it <tmm_pod name> -c f5-fsm-f5dr – imish
Use imish command to enter the imi shell terminal, and use the enable or en command for accessing debug mode.
Verify the BGP configuration and view currently advertised routes on the BIG-IP Next by using the command show ip route to confirm routes to the virtual as entry K from the list.
Note: Dynamic routing debugging is supported for VE, VELOS and iSeries.
Following is an example routing advertisement scenario:
Consider the following configuration:
An RHI is created with virtual address (192.10.2.88) with the RHI value set to ALL.
There are four applications, each listening on the same IP but with different ports:
192.10.2.88:30
192.10.2.88:31
192.10.2.88:32
192.10.2.88:33
Each application has two pool members configured on the L4 server side.
One application L4 server side is down, with both pool members in a down state.
For the other three applications, the L4 server side is up, with either one or both the pool members active.
This configuration creates four L4 stacks (L4 client and L4 server sides) pointing to the same virtual address (192.10.2.88). Out of these four stacks, one is down, while the other three remain up.
The route will not be advertised because the RHI value is set to ALL for the virtual address, and all four stacks are not in up state.