This article provides information about BGP routing in NetScaler and some of the sample BGP configurations. It gives a brief overview of the RHI functionality. ### Route Health Injection (RHI) The primary purpose of dynamic routing in NetScaler is to communicate the state or health of VIPs to the upstream routers. The state of a VIP depends on the vservers, and services which are bound to that VIP. The advertisement of a VIP through RHI is tied to the states of the vservers associated to the VIP. The state of the vservers is dependent on the service states. The information about the states at the service level is not available to RHI. #### Enabling VIP Advertisement Set the **–hostRoute** option to **ENABLED** for host route injection to enable the VIP. By default, host route advertisement is **DISABLED**. This can be done either while adding a new IP address or using the **set ns ip** command on an existing IP address (NetScaler adds this IP address as a result of creatingvserver). **> add lb vserver test HTTP 173.10.11.21 80** **> set ns ip 173.10.11.21 -hostRoute ENABLED** **> add ns ip 173.10.11.22 255.255.255.255 -type VIP -hostRoute ENABLED** #### Setting RHI Monitoring Level After the **hostRoute** option is enabled and based on the state of the vservers bound to a VIP, the NetScaler kernel injects the host route into ZebOS NSM. The **–vserverRHILevel** switch in **add ns ip** and **set ns ip** commands control the relationship between the state of vservers and the VIP host route that is sent to Network Services Module (NSM). The three options available for this switch are as follows: * ALL_VSERVERS – A host route is injected to NSM only if all the vservers associated to the VIP are UP. * ONE_VSERVER – A host route is injected to NSM only if any one of the vservers associated to the VIP is UP * NONE – A host route is injected to NSM irrespective of the state of the vservers associated to the VIP **Note** : By default, the **–vserverRHILevel** is set to ONE_VSERVER. #### Setting Next Hop By default, the next-hop of a kernel route is set to the MIP address. The **–hostRtGw** option in **add ns ip** or **set ns ip** commands modified preceding behavior. **> add ns ip 173.10.11.24 255.255.255.255 -type VIP -hostRoute ENABLED -hostRtGw 0.0.0.0 > set ns ip 173.10.11.21 -hostRoute ENABLED -hostRtGw 0.0.0.0** **Note** : It is recommended to use **0.0.0.0**. NetScaler will continue to advertise the VIP even if the NetScaler Gateway is down and also to avoid any possible state change when an MIP goes down. #### Re-distribution A host route injected into ZebOS in the following manner will be marked as a **Kernel Route** in NSM FIB. **> vtysh ns#show ip route** Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, I - Intranet * - candidate default NetScaler Gateway of last resort is 10.102.33.2 to network 0.0.0.0. S* 0.0.0.0/0 [1/0] via 10.102.33.2, vlan0C 10.102.33.0/24 is directly connected, vlan0C 127.0.0.0/8 is directly connected, lo0K 173.10.11.21/32 via 193.10.1.1K 173.10.11.22/32 via 193.10.1.1K 173.10.11.23/32 via 193.10.1.1 After the VIPs are present in NSM as kernel routes, they can be redistributed to the desired protocol from vtysh using the **redistribute kernel** command. Redistribute kernel sends the k routes from NSM to the BGP process and advertises to the neighbors**. (config-router)#redistribute kernel** Redistribute static sends the static routes from the NSM to the BGP process and advertise to the neighbors. **(config-router)#redistribute static** ### BGP Configuration Complete the following steps: 1. Run the following command from the NetScaler CLI. **> enable ns feature bgp** 2. Run the following command to establish BGP peer over SNIPs. **> enable ns mode USNIP** 3. Add the necessary SNIPs to run BGP. **> add ns ip –type SNIP –dynamicrouting enabled** 4. Prepare the IP addresses to run BGP. BGP can run from NSIP and SNIP. 5. Create VLANs and bind BGP enabled subnets to VLANs. **> add vlan > bind vlan -ipAddress [-ifNum [-tagged]]** This causes a VLAN interface to be created in ZebOS NSM with the IP address bound to it. This helps NSM to detect interface state changes fast which results in reduced routing convergence times. This step is not needed if BGP runs only over NSIP. For example, set ns ip 1.1.1.1 -dynamicrouting enabled add vlan 200bind vlan 200 -ipaddress 1.1.1.1 255.255.255.0 Nscli>Vtyshns#Show running-configinterface vlan200ip address 1.1.1.1/24 6. Enable **–hostRoute** option to enable the VIPs for advertisement. By default, the NetScaler Gateway is set to an MIP address. It is recommended to set this to 0.0.0.0. NetScaler will continue to advertise the VIP even if the NetScaler gateway is down. When setting this to 0.0.0.0 helps to avoid any possible state change when a MIP goes down. **> set ns ip –hostRoute ENABLED –hostRtGw ** 7. Use **ns route-install bgp** command from vtyshIf to download the routes BGP learnt to NetScaler kernel. This enables BGP learnt routes to be used for forwarding. This Step is not needed if you want to use NetScaler to forward the data based on static routes. **config)#ns route-install bgp** 8. Run the following command to learn default routes through BGP to use them for forwarding. **config)#ns route-install default** 9. Enable BGP routing from global configuration mode in vtysh. **ns(config)#router bgp ** This command will set the NetScaler in **router-config** mode in vtysh. 10. Run the following command to configure neighbors. **ns(config-router)#neighbor remote-as ** To establish EBGP sessions with routers not residing on immediately connected subnets, enable **ebgp-multihop** for those neighbors. **ns(config-router)#neighbor ebgp-multihop []** By default, BGP peerings are established over the interface that is close to the neighbor; the exit interface for the connection. NetScaler keeps all IP addresses floating by default. It is recommended to manually specify the interface to be used for establishing TCP connections. This can be specified through the **update-source** option in **neighbor** command. Only VLAN interfaces exposed to ZebOS can be specified. **ns(config-router)#neighbor update-source ** 11. Redistribute kernel routes. **ns(config-router)#redistribute kernel [route-map ]** This makes the all the kernel routes in NSM for advertisement by BGP. Route-maps can be used to control redistribution. BGP is a policy based routing protocol. A variety of policies can be configured using ‘distribute-list’, ‘prefix-list’ and ‘as-path access-list’ commands. HA deployments running BGP are recommended to be configured in INC mode. In INC mode, both the active and standby NetScaler maintains peerings or adjacencies with their neighbors. The secondary machine just maintains the neighbor relationship; it does not advertise any routes. So, as soon as the failover happens, the routes can be exchanged which results in faster convergence time. #### Configuration – nscli enable ns feature LB CS SSLVPN SSL BGPenable ns mode L3 USNIPadd ns ip 193.0.1.1 255.255.255.255 -type VIP -snmp DISABLED -hostRoute ENABLED -hostRtGw 0.0.0.0 -vserverRHILevel NONEadd ns ip 193.0.2.1 255.255.255.255 -type VIP -snmp DISABLED -hostRoute ENABLED -hostRtGw 0.0.0.0 -vserverRHILevel ONE_VSERVERadd ns ip 201.0.4.2 255.255.255.0 -vServer DISABLED -dynamicRouting ENABLEDadd vlan 4bind vlan 4 -ifnum 1/3bind vlan 4 -IPAddress 201.0.4.2 255.255.255.0 #### BGP Configuration - vtysh ns#show running-configurationinterface vlan0ip address 10.102.33.55/24!interface vlan4ip address 201.0.4.2/24!router bgp 41redistribute kernel route-map redist-kernelneighbor 201.0.4.1 remote-as 3ns route-install bgp!access-list 1 deny 0.0.0.0!route-map redist-kernel permit 10match ip address 2!End #### **Sample configs with local preference, MED and AS-path are as follows:** * **Configuring local preference with route-maps:** route-map local permit 10set local-preference 471router bgp 65535neighbor 3.3.3.62 remote-as 65533neighbor 3.3.3.62 route-map local in à Local preference 471 applied for incoming routes from this neighbor * **Configuring default local preference:** router bgp 65535bgp default local-preference 300 * **Configuring AS-path prepending:** route-map asprepend permit 10set as-path prepend 32router bgp 65535neighbor 3.3.3.62 route-map asprepend out à prepends AS path for outgoing routes * **Configuring MED:** MED is also known as metric. It can also be set using route-maps: access-list 20 permit anyroute-map setmed permit 10match ip address 20set metric 20router bgp 65535neighbor 3.3.3.62 route-map setmed out à Sets metric of 20 to outgoing routes. Netscaler which receives metric or MED from different ASNs, should use “bgp always-compare-med” configuration to enable best route selection based on MED. router bgp 65535bgp always-compare-med