Manual Chapter : Configuring NVGRE Tunnels for HA-Paired Devices

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.0, 14.1.0

BIG-IP ASM

  • 15.0.0, 14.1.0

BIG-IP AAM

  • 15.0.0, 14.1.0

BIG-IP APM

  • 15.0.0, 14.1.0

BIG-IP LTM

  • 15.0.0, 14.1.0
Manual Chapter

Configuring NVGRE Tunnels for HA-Paired Devices

Overview: Configuring NVGRE tunnels for HA-paired devices

You can set up Network Virtualization using Generic Routing Encapsulation (NVGRE) tunnels on an HA pair of BIG-IP® devices. For NVGRE, you are creating a tunnel interface that can process packets to and from both floating and non-floating self IP addresses. The
Local Address
field specifies the floating tunnel IP address, and the
Secondary Address
field specifies the non-floating tunnel IP address. Monitor traffic uses the non-floating tunnel IP address, while forwarded traffic uses the floating tunnel IP address.
When you specify a secondary address,
ConfigSync
is disabled for the tunnel.
After you configure the NVGRE tunnel, two sets of NVGRE flows are created. The floating tunnel IP address is the source of one set of flows, and the non-floating tunnel IP address is the source of the other set. The NVGRE flows that originate from the floating tunnel IP address are available only on the active device.
NVGRE tunnels configured for HA pair
NVGRE tunnels configured for HA pair
After failover, the forwarded traffic flows through the tunnel associated with the floating IP address, which is now active on the other device. Monitor traffic continues to flow through the tunnels associated with the non-floating IP addresses.
NVGRE tunnels configured for HA pair, after failover
NVGRE tunnels configured for HA pair, after failover

About Microsoft Hyper-V representation of tunnels

The Microsoft Hyper-V uses customer records to represent the associations of overlay addresses with remote tunnel endpoints. This information needs to be statically configured for each overlay address:
  • Customer IP address (overlay address)
  • Customer MAC address
  • Provider IP address (underlay/tunnel endpoint)
  • VSID (tunnel key)
  • Routing domain
One example of overlay addresses is self IP addresses assigned to NVGRE tunnel objects on the BIG-IP system. If an address is configured as a floating self IP address, the tunnel local endpoint must also be a floating self IP address. This ensures that failover maintains the validity of the Hyper-V configuration. The traffic groups used for the overlay self IP addresses also need to be configured with a masquerading MAC address.

About configuration of NVGRE tunnels in an HA pair

In an HA configuration, the config sync operation applies, by default, to all tunnel objects on all devices, regardless of whether the tunnel local endpoints are set to floating self IP addresses. This behavior restricts NVGRE tunnels to using only floating self IP addresses, unless you specify a secondary address when you create the tunnel.

Creating an NVGRE tunnel in an HA configuration

The way you create an NVGRE tunnel for a pair of BIG-IP devices in an HA configuration makes the tunnel available for both forwarded and monitor traffic.
  1. On the Main tab, click
    Network
    Tunnels
    Tunnel List
    Create
    or
    Carrier Grade NAT
    Tunnels
    Create
    .
    The New Tunnel screen opens.
  2. In the
    Name
    field, type a unique name for the tunnel.
  3. From the
    Profile
    list, select
    nvgre
    .
    This setting tells the system which tunnel profile to use. The system-supplied NVGRE profile is adequate. To change the settings, you can create a new NVGRE profile, which then appears in this list.
  4. In the
    Key
    field, type the Virtual Subnet Identifier (VSID) to use for the NVGRE tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  5. In the
    Local Address
    field, type the local endpoint IP address.
    This should be a floating self IP address.
  6. In the
    Secondary Address
    field, select
    Specify
    , and type the non-floating local IP address of the tunnel, for use with locally initiated traffic, such as monitor traffic.
  7. For the
    Remote Address
    list, retain the default selection,
    Any
    .
  8. For the
    Mode
    list, retain the default selection,
    Bidirectional
    .
  9. In the
    MTU
    field, type the maximum transmission unit of the tunnel.
    The default value is
    0
    . The valid range is from
    0
    to
    65515
    .
  10. For the
    Use PMTU
    (Path MTU) setting, select or clear the check box.
    • If enabled and the tunnel MTU is set to
      0
      , the tunnel will use the PMTU information.
    • If enabled and the tunnel MTU is fixed to a non-zero value, the tunnel will use the minimum of PMTU and MTU.
    • If disabled, the tunnel will use fixed MTU or calculate its MTU using tunnel encapsulation configurations
    .
  11. From the
    TOS
    list, select
    Preserve
    , or select
    Specify
    and type a Type of Service (TOS) value.
    The valid range is from
    0
    to
    255
    .
  12. From the
    Auto-Last Hop
    list, select a value.
    • Choose
      Default
      if you want the system to use the global
      Auto Last Hop
      setting (if enabled).
    • Choose
      Enabled
      if you want this setting to take precedence over the global
      Auto Last Hop
      setting, for this tunnel only.
    • Choose
      Disabled
      if you want to disable auto last hop behavior for this tunnel only.
  13. From the
    Traffic Group
    list, select the traffic group that includes the local IP address for the tunnel.
  14. Click
    Finished
    .