Manual Chapter : Configuring BGP and BFD with iControl REST

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Configuring BGP and BFD with iControl REST

Most of what you can do in tmsh works in iControl® REST. If you are not familiar with iControl REST API, you can find more documentation in the iControl REST wiki.

Move ZebOS BGP and BFD routing configuration to iControl REST

Before moving your configuration to iControl REST, be sure to create the VLANs and Self-IP addresses you need to use.
You have to create a new deployment because migration compatibility is not yet available.
  1. Enable the sys db variable by adding a JSON object to the URI.
    For example, if you had two devices (10.144.130.174 and 10.144.128.231) you would enter this command into a terminal that can reach both devices:
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/sys/db/tmrouted.tmos.ro
    uting/ -H "Content-Type: application/json" -X PUT -d 
    '{"value": "enable"}'
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/sys/db/tmrouted.tmos.ro
    uting/ -H "Content-Type: application/json" -X PUT -d 
    '{"value": "enable"}'
  2. Remove existing routing protocols.
    For example:
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/route-domain/0/ -H 
    "Content-Type: application/json" -X PATCH -d 
    '{"routingProtocol": []}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/route-domain/0/ -H 
    "Content-Type: application/json" -X PATCH -d 
    '{"routingProtocol": []}'
  3. Create the routing instance: name, specify the AS, redistribute connected, static, and kernel routes.
    For example:
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/routing/bgp -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "testBGP", "localAs": "111", "addressFamily": [ 
    {"name": "ipv4", "redistribute": [ {"name": 
    "connected"}, {"name": "static"}, {"name": 
    "kernel"}]}, {"name": "ipv6", "redistribute": [ 
    {"name": "connected"}, {"name": "static"}, {"name": 
    "kernel"}]}]}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/routing/bgp -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "testBGP", "localAs": "112", "addressFamily": [ 
    {"name": "ipv4", "redistribute": [ {"name": 
    "connected"}, {"name": "static"}, {"name": 
    "kernel"}]}, {"name": "ipv6", "redistribute": [ 
    {"name": "connected"}, {"name": "static"}, {"name": 
    "kernel"}]}]}'
    
  4. To verify the routing instance:
    tmsh list net routing
  5. Set the routers up as neighbors.
    For example:
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP
    /neighbor -H "Content-Type: application/json" -X POST 
    -d '{"name":"1.1.1.2", "remoteAs" : "112"}'
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP
    /neighbor -H "Content-Type: application/json" -X POST 
    -d '{"name":"1::2", "remoteAs" : "112"}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/routing/bgp/testBGP
    /neighbor -H "Content-Type: application/json" -X POST 
    -d '{"name":"1.1.1.1", "remoteAs" : "111"}'
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/routing/bgp/testBGP
    /neighbor -H "Content-Type: application/json" -X POST 
    -d '{"name":"1::1", "remoteAs" : "111"}'
  6. Create the routes.
    An example of static routes:
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/route -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"4.4.4.1/32", "blackhole": true}'
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/route -H "Content-
    Type: application/json" -X POST -d '{"name": 
    "4::1/128", "blackhole": true}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/route -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"3.3.3.1/32", "blackhole": true}'
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/route -H "Content-
    Type: application/json" -X POST -d '{"name": 
    "3::1/128", "blackhole": true}'
    An example of connected routes (self IP addresses):
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/self -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"4.4.4.2/32", "vlan": "testVlan", 
    "allowService": "none"}'
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/net/self -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"4::2/128", "vlan": "testVlan", 
    "allowService": "none"}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/self -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"3.3.3.2/32", "vlan": "testVlan", 
    "allowService": "none"}'
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/net/self -H "Content-
    Type: application/json" -X POST -d 
    '{"name":"3::2/128", "vlan": "testVlan", 
    "allowService": "none"}'
    An example of kernel routes (virtual-addresses):
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/ltm/virtual-address -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "4.4.4.3", "routeAdvertisement": "always"}'
    curl -k -u admin:admin 
    https://10.144.130.174/mgmt/tm/ltm/virtual-address -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "4::3", "routeAdvertisement": "always"}'
    
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/ltm/virtual-address -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "3.3.3.3", "routeAdvertisement": "always"}'
    curl -k -u admin:admin 
    https://10.144.128.231/mgmt/tm/ltm/virtual-address -H 
    "Content-Type: application/json" -X POST -d '{"name": 
    "3::3", "routeAdvertisement": "always"}'
  7. To verify the routes have been exchanged:
    tmsh show net routing bgp
    It can take about 10 seconds for the daemon to start up.
  8. To modify the configuration:
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP /neighbor -H "Content-Type: application/json" -X POST -d '{"name":"5.5.5.5", "remoteAs" : "535"}'

Restore the original ZebOS routing configuration from iControl REST

The routing config sync status is in the prompt. If you encounter a config sync failure that you are not able to fix, or if you need to return to your original ZebOS routing configuration, you can restore the ZebOS configuration with the backed up file. Restoring a UCS should fully restore the ZebOS configuration. Note that restoring a UCS interrupts routing.
  1. Delete the neighbor. For example:
    curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP /neighbor/5.5.5.5/ -H "Content-Type: application/json" -X DELETE
  2. To verify that the neighbor is deleted:
    tmsh list net routing
  3. Delete all other objects including configured prefix lists and access lists.
    Use the command curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/<object>/all -H "Content-Type: application/json" -X DELETE where <object> is the routing object type.
    For example: curl -k -u admin:admin https://10.144.130.174/mgmt/tm/net/routing/bgp/testBGP -H "Content-Type: application/json" -X DELETE
You should now be able to continue working on your configuration in ZebOS imish.