F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Dynamic Routing with tmsh and iControl REST
  3. Configuring BGP and BFD with iControl REST
Manual Chapter : Configuring BGP and BFD with iControl REST

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Manual Chapter

Configuring BGP and BFD with iControl REST

Most of what you can do in
tmsh
 works in iControl® REST. If you are not familiar with iControl REST API, you can find more documentation in the iControl REST wiki.

Move ZebOS BGP and BFD routing configuration to iControl REST

Before moving your configuration to iControl REST, be sure to create the VLANs and Self-IP addresses you need to use.
You have to create a new deployment because migration compatibility is not yet available.
  1. Enable the
    sys db variable
     by adding a JSON object to the URI.
    For example, if you had two devices (
    10.144.130.174
     and
    10.144.128.231
    ) you would enter this command into a terminal that can reach both devices: 
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/sys/db/tmrouted.tmos.ro
uting/ -H "Content-Type: application/json" -X PUT -d 
'{"value": "enable"}'
    curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/sys/db/tmrouted.tmos.ro
uting/ -H "Content-Type: application/json" -X PUT -d 
'{"value": "enable"}'
  2. Remove existing routing protocols.
    For example:
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/route-domain/0/ -H 
"Content-Type: application/json" -X PATCH -d 
'{"routingProtocol": []}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/route-domain/0/ -H 
"Content-Type: application/json" -X PATCH -d 
'{"routingProtocol": []}'
  3. Create the routing instance: name, specify the AS, redistribute connected, static, and kernel routes.
    For example:
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/routing/bgp -H 
"Content-Type: application/json" -X POST -d '{"name": 
"testBGP", "localAs": "111", "addressFamily": [ 
{"name": "ipv4", "redistribute": [ {"name": 
"connected"}, {"name": "static"}, {"name": 
"kernel"}]}, {"name": "ipv6", "redistribute": [ 
{"name": "connected"}, {"name": "static"}, {"name": 
"kernel"}]}]}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/routing/bgp -H 
"Content-Type: application/json" -X POST -d '{"name": 
"testBGP", "localAs": "112", "addressFamily": [ 
{"name": "ipv4", "redistribute": [ {"name": 
"connected"}, {"name": "static"}, {"name": 
"kernel"}]}, {"name": "ipv6", "redistribute": [ 
{"name": "connected"}, {"name": "static"}, {"name": 
"kernel"}]}]}'
  4. To verify the routing instance:
    tmsh list net routing
  5. Set the routers up as neighbors.
    For example:
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP
/neighbor -H "Content-Type: application/json" -X POST 
-d '{"name":"1.1.1.2", "remoteAs" : "112"}'
curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP
/neighbor -H "Content-Type: application/json" -X POST 
-d '{"name":"1::2", "remoteAs" : "112"}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/routing/bgp/testBGP
/neighbor -H "Content-Type: application/json" -X POST 
-d '{"name":"1.1.1.1", "remoteAs" : "111"}'
curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/routing/bgp/testBGP
/neighbor -H "Content-Type: application/json" -X POST 
-d '{"name":"1::1", "remoteAs" : "111"}'
  6. Create the routes.
    An example of static routes: 
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/route -H "Content-
Type: application/json" -X POST -d 
'{"name":"4.4.4.1/32", "blackhole": true}'
curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/route -H "Content-
Type: application/json" -X POST -d '{"name": 
"4::1/128", "blackhole": true}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/route -H "Content-
Type: application/json" -X POST -d 
'{"name":"3.3.3.1/32", "blackhole": true}'
curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/route -H "Content-
Type: application/json" -X POST -d '{"name": 
"3::1/128", "blackhole": true}'
    An example of connected routes (self IP addresses): 
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/self -H "Content-
Type: application/json" -X POST -d 
'{"name":"4.4.4.2/32", "vlan": "testVlan", 
"allowService": "none"}'
curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/net/self -H "Content-
Type: application/json" -X POST -d 
'{"name":"4::2/128", "vlan": "testVlan", 
"allowService": "none"}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/self -H "Content-
Type: application/json" -X POST -d 
'{"name":"3.3.3.2/32", "vlan": "testVlan", 
"allowService": "none"}'
curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/net/self -H "Content-
Type: application/json" -X POST -d 
'{"name":"3::2/128", "vlan": "testVlan", 
"allowService": "none"}'
    An example of kernel routes (virtual-addresses): 
    curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/ltm/virtual-address -H 
"Content-Type: application/json" -X POST -d '{"name": 
"4.4.4.3", "routeAdvertisement": "always"}'
curl -k -u admin:admin 
https://10.144.130.174/mgmt/tm/ltm/virtual-address -H 
"Content-Type: application/json" -X POST -d '{"name": 
"4::3", "routeAdvertisement": "always"}'

curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/ltm/virtual-address -H 
"Content-Type: application/json" -X POST -d '{"name": 
"3.3.3.3", "routeAdvertisement": "always"}'
curl -k -u admin:admin 
https://10.144.128.231/mgmt/tm/ltm/virtual-address -H 
"Content-Type: application/json" -X POST -d '{"name": 
"3::3", "routeAdvertisement": "always"}'
  7. To verify the routes have been exchanged:
    tmsh show net routing bgp
    It can take about 10 seconds for the daemon to start up.
  8. To modify the configuration:
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP /neighbor -H "Content-Type: application/json" -X POST -d '{"name":"5.5.5.5", "remoteAs" : "535"}'

Restore the original ZebOS routing configuration from iControl REST

The routing config sync status is in the prompt. If you encounter a config sync failure that you are not able to fix, or if you need to return to your original ZebOS routing configuration, you can restore the ZebOS configuration with the backed up file. Restoring a UCS should fully restore the ZebOS configuration. Note that restoring a UCS interrupts routing.
  1. Delete the neighbor. For example:
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP /neighbor/5.5.5.5/ -H "Content-Type: application/json" -X DELETE
  2. To verify that the neighbor is deleted:
    tmsh list net routing
  3. Delete all other objects including configured prefix lists and access lists.
    Use the command
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/<object>/all -H "Content-Type: application/json" -X DELETE
     where <object> is the routing object type.
    For example:
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP -H "Content-Type: application/json" -X DELETE
You should now be able to continue working on your configuration in ZebOS
imish
.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information