6.4. Deploying SSL Orchestrator as a BGP Peer

6.4.1. What it is

Beyond the more established ways of moving traffic through the SSL Orchestrator, there are number of other advanced methods that can be employed. Among these is the use of Border Gateway Protocol (BGP4 and BGP4+) to provide dynamic routing. An example use case would be to use BGP from a “gateway” device to dynamically route to (or around) an SSL Orchestrator appliance. This could be to used in a simple failover scenario, or to provision some types of traffic through (or around) SSL Orchestrator in some form of policy-based routing configuration.

../../_images/image983.png

Figure 98: SSL Orchestrator BGP Peering Scenarios


6.4.2. Implementing SSL Orchestrator as a BGP Peer

F5 BIG-IP as a BGP peer requires the Advanced Routing Module (BIG-IP ARM) license. Beyond that, the BGP devices become neighbors or “peers” after successfully establishing a TCP connection on port 179. The peers negotiate connection parameters and exchange routing updates. Internal Border Gateway Protocol (iBGP) is used when BGP runs between two peers in the same autonomous system (AS). External Border gateway Protocol (eBGP) is used when BGP runs between peers in different autonomous systems.

For detailed instructions on establishing BGP peering to BIG-IP, please see the following:

https://support.f5.com/csp/article/K54334475