It seems so counterintuitive to setup an LB, in front of your LB to get traffic distributed across the 2 nodes. Microsoft have recently announced their RouteServer object, which enables a dynamic way of injecting routes into the route table.
RouteServer uses BGP to establish communicate with 3rd party devices. I sense that the feature is created more to get your ip-network-routes easily imported into to Azure via an Express-Route, but luckily for us, BGP is a standard protocol, and is supported on Citrix ADC’s. RouteServer does not come as full-featured BGP router, so keep that in-mind.
Configuration of RouteServer is pretty simple, you created the required subnet (RouteServerSubnet) and add peers into your RouteServe. Name == “a good explaning name”, ASN == “The remote AS number of the 3rd party device”, ipV4 Address == “Where RouteServer” will communicate for the configured AS number”.
1 2 3 4 |
example: Name: adc01-nic1-trust AS: 1000 IP: 10.10.10.10 (i dont recommend using the NSIP) |
Citrix ADC supports BGP via’ the ZebOS deamon running in userland(the binary is acutally bgpd). That means its another terminal, and has to be configured via CLI or API – there is no GUI here. From the CLI, type “vtysh” to access the ZebOS terminal. To enable ZebOs on another SubnetIP (SNIP), the option; -dynamicRouting ENABLED (setting for the SNIP) has to be enabled. The VIP’s also needs an extra option before they are redistributed via BGP; -hostRoute ENABLED. And remember, depending on your configuration your vServer needs to be UP, before the ip is announced via BGP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
<strong>Citrix ADC Example configuration</strong>: enable ns feature BGP add HA node 1 10.200.100.2 -inc ENABLED add ns ip 10.200.10.5 255.255.255.128 -vServer DISABLED -dynamicRouting ENABLED add ns ip 172.16.200.10 255.255.255.255 -type VIP -snmp DISABLED -hostRoute ENABLED <strong>ZebOS</strong>: vtysh config t router bgp 1000 Neighbor 10.0.3.4 remote-as 65515 Address-family ipv4 redistribute kernel redistribute static debug zebos: sh ip bgp has to show something like BGP table version is 16, local router ID is 10.200.10.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.200.10/32 0.0.0.0 32768 ? Sh ip bgp neighbor will show something like: Sh ip bgp neighbor BGP neighbor is 10.0.3.4, remote AS 65515, local AS 400, external link BGP version 4, remote router ID 10.0.3.4 BGP state = Established, up for 01:26:40 Last read 01:26:40, hold time is 90, keepalive interval is 30 seconds Neighbor capabilities: Route refresh: advertised and received (new) Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: received Received 202 messages, 0 notifications, 0 in queue Sent 178 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 16, neighbor version 16 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 0 accepted prefixes 4 announced prefixes |
Getting traffic to the VIP; in the setup i had to do, i had a AZ FW, with a DNAT rule to send traffic to the VIP (172.16.200.10) from the public. and voila – it worked 🙂
API – just an example if you need to do this via code:
1 |
curl -k -u username https://NSIP:443/nitro/v1/config/ -X POST --data 'object={"routerDynamicRouting": {"bgpRouter": {"localAS": 1000,"neighbor": [{"address": "10.105.7.69","remoteAS": 65515}, {"address": "10.105.7.68","remoteAS": 65515}],"afParams": [{"addressFamily": "ipv4","redistribute":{"protocol":"kernel"}},{"addressFamily": "ipv4","redistribute": {"protocol": "static"}}]}}}' |