f5-declarative-onboarding
f5-declarative-onboarding copied to clipboard
F5Networks
BGP - RouteMap and children components usage
Environment
- Declarative Onboarding Version: 1.40
- BIG-IP Version: 15.x
Summary
Two items looking into regarding ipv6 as the RouteMap section is required for the DO. From the documentation I have the following questions:
- For the regex in RoutingAsPath the example DO has the following. For two bigip’s in HA these would be the same? “*” and “$” are different meanings the regex matching is the start or end and are used for the PERMIT and DENY RouteMap. What should I be using in the regex?
"exampleRoutingAsPath1": {
"class": "RoutingAsPath",
"entries": [
{
"name": 10,
"regex": "^165001 *"
}
]
},
"exampleRoutingAsPath2": {
"class": "RoutingAsPath",
"entries": [
{
"name": 20,
"regex": "^165005$"
}
]
},
"exampleRouteMap1": {
"class": "RouteMap",
"entries": [
{
"name": "33",
"action": "permit",
"match": {
"asPath": "exampleRoutingAsPath1",
"ipv4": {
"address": {
"prefixList": "exampleRoutingPrefixList1"
}
}
}
}
],
"routeDomain": "exampleRouteDomain"
},
"exampleRouteMap2": {
"class": "RouteMap",
"entries": [
{
"name": "44",
"action": "deny",
"match": {
"asPath": "exampleRoutingAsPath2",
"ipv4": {
"address": {
"prefixList": "exampleRoutingPrefixList2"
}
}
}
}
],
"routeDomain": "exampleRouteDomain"
},
- For ipv6 being added to “neighbours” I would need to add a RouteMap entry for ipv6 and change from ipv4 to “all” for the addressFamilies?
"exampleRouteMap1": {
"class": "RouteMap",
"entries": [
{
"name": "33",
"action": "permit",
"match": {
"asPath": "exampleRoutingAsPath1",
"ipv4": {
"address": {
"prefixList": "exampleRoutingPrefixList1"
}
},
"ipv6": {
"address": {
"prefixList": "exampleRoutingPrefixList1"
}
}
}
}
],
"routeDomain": "exampleRouteDomain"
}
Set internetProtocol setting to “all” from ipv4 to cover both and add the ipv6 into neighbors:
"exampleRoutingBGP": {
"class": "RoutingBGP",
"localAS": 65010,
"addressFamilies": [
{
"internetProtocol": "all",
"redistributionList": [
{
"routingProtocol": "kernel",
"routeMap": "exampleRouteMap1"
},
{
"routingProtocol": "static",
"routeMap": "exampleRouteMap2"
}
]
}
],
"gracefulRestart": {
"gracefulResetEnabled": true,
"restartTime": 120,
"stalePathTime": 60
},
"holdTime": 35,
"keepAlive": 10,
"neighbors": [
{
"address": "192.0.2.1",
"peerGroup": "Neighbor"
},
{
"address": "192.0.2.2",
"peerGroup": "Neighbor"
},
{
"address": "<ipv6>",
"peerGroup": "Neighbor"
}
],
"peerGroups": [
{
"name": "Neighbor",
"addressFamilies": [
{
"internetProtocol": "ipv4",
"routeMap": {
"in": "exampleRouteMap1",
"out": "exampleRouteMap2"
},
"softReconfigurationInboundEnabled": true
},
{
"internetProtocol": "ipv6",
"routeMap": {
"in": "exampleRouteMap1",
"out": "exampleRouteMap2"
},
"softReconfigurationInboundEnabled": true
}
],
"remoteAS": 65020
}
],
"routeDomain": "exampleRouteDomain",
"routerId": "192.0.2.4"
}
RoutingPrefixList required for ipv6?
"exampleRoutingPrefixList2": {
"class": "RoutingPrefixList",
"entries": [
{
"name": 40,
"action": "deny",
"prefix": "::/0",
"prefixLengthRange": 0
}
],
"routeDomain": "exampleRouteDomain"
Expected Behavior
Expectation is BGP uses ipv4 and ipv6 but not sure if the RouteMap is configured correctly for the RoutingAsPath, RoutingPrefixList and the peerGroups.
As a side note I noticed I can remove the routeMap from addressFamilies thus bypassing the RouteMap and its children configs RoutingAsPath and RoutingPrefixList.
Is this ok to do as I cannot remove the code from DO as it eventually times-out with a 400 when missing even when not referenced?
Bypass all the RouteMap, RoutingPrefixList and RoutingAsPath components:
"exampleRoutingBGP": {
"class": "RoutingBGP",
"localAS": 65010,
"addressFamilies": [
{
"internetProtocol": "all",
"redistributionList": [
{
"routingProtocol": "kernel",
},
{
"routingProtocol": "static",
}
]
}
],
"gracefulRestart": {
"gracefulResetEnabled": true,
"restartTime": 120,
"stalePathTime": 60
},
"holdTime": 35,
"keepAlive": 10,
"neighbors": [
{
"address": "192.0.2.1",
"ebgpMultihop": 2,
"peerGroup": "Neighbor"
},
{
"address": "192.0.2.2",
"ebgpMultihop": 3,
"peerGroup": "Neighbor"
},
{
"address": "2001:56b:9:100::2",
"peerGroup": "Neighbor"
}
],
"peerGroups": [
{
"name": "Neighbor",
"addressFamilies": [
{
"internetProtocol": "ipv4",
"softReconfigurationInboundEnabled": true
},
{
"internetProtocol": "ipv6",
"softReconfigurationInboundEnabled": true
}
],
"remoteAS": 65020
}
],
"routeDomain": "exampleRouteDomain",
"routerId": "192.0.2.4"
}
Actual Behavior
A clear and concise description of what actually happens. Please include any applicable error output.
Thank you for your feedback. Do you have an example of the tmsh configuration you are trying to achieve with the DO declaration? I am not a BGP expert, but I can assist with recreating a desired configuration.
Hi, The DO works as shared (1st DO file) but I have to use extra components I do not need due to it being expected to be present. Without the RouteMap, RoutingPrefixList and RoutingAsPath being present the DO post errors with 400.
The ask is can they be removed from the DO declaration if not used?
TMSH BGP commands example used: create net routing bgp mybgp { address-family { ipv4 { redistribute add { kernel { } static { } } } ipv6 { redistribute add { kernel { } static { } } } } local-as 64513 route-domain 0 } modify net routing bgp mybgp { address-family { ipv4 { } } neighbor add { 1.1.1.5 { ebgp-multihop 5 address-family { ipv4 { } }remote-as 64513 } } }