Routing in a cluster
Routing in a cluster works in much the same way as routing in a standalone system. A few points to note:
All routing configurations must be performed from the cluster IP address and the configurations are propagated to the other cluster nodes.
Routes are limited to the maximum number of ECMP routes supported by the upstream router.
Node-specific routing configurations must be performed by using the owner-node argument as follows:
router ospf owner-node 0 ospf router-id 18.104.22.168 exit-owner-node ! <!--NeedCopy-->
The following command displays the consolidated cluster configuration for all nodes in VTYSH.
The following command displays the cluster status on each node.
show cluser node
IPv4 routing in L2 cluster
The following section contains sample configurations that help you to configure IPv4 OSPF and BGP routing in the L2 cluster.
In the following configuration, OSPF, and BGP routing are enabled. Also, spotted SNIP addresses are added and dynamic routing is enabled on these SNIP addresses.
en ns fea ospf bgp add vlan 10 add ns ip 10.10.10.1 255.255.255.0 -dynamicrouting enabled -ownernode 1 add ns ip 10.10.10.2 255.255.255.0 -dynamicrouting enabled -ownernode 2 add ns ip 10.10.10.3 255.255.255.0 -dynamicrouting enabled -ownernode 3 bind vlan 10 -ipaddress 10.10.10.1 255.255.255.0 <!--NeedCopy-->
For configuring IPv4 OSPF in the L2 cluster, you must:
- Set the priority to zero.
- Configure the Router-id as a spotted configuration.
The OSPF configuration guidelines for the L2 cluster are applicable for OSPFv3 also.
In the following sample configuration IPv4 OSPF is configured.
interface vlan10 IP OSPF PRIORITY 0 ! router ospf owner-node 1 ospf router-id 22.214.171.124 exit-owner-node owner-node 2 ospf router-id 126.96.36.199 exit-owner-node owner-node 3 ospf router-id 188.8.131.52 exit-owner-node network 10.10.10.0/24 area 0 redistribute kernel ! <!--NeedCopy-->
In the following VTYSH sample configuration, IPv4 BGP is configured.
router bgp 100 neighbor 10.10.10.10 remote-as 200 owner-node 1 neighbor 10.10.10.10 update-source 10.10.10.1 exit-owner-node owner-node 2 neighbor 10.10.10.10 update-source 10.10.10.2 exit-owner-node owner-node 3 neighbor 10.10.10.10 update-source 10.10.10.3 exit-owner-node redistribute kernel ! <!--NeedCopy-->
The update-source command is used for each neighbor with the owner-node argument in the following configuration to connect with proper source IP.
IPv6 routing in L2 cluster
The following section contains sample configurations that help you to configure IPv6 OSPF and BGP routing in the L2 cluster.
Before configuring IPv6 routing in a L2 cluster, you must enable the IPv6 feature.
To enable IPv6 routing by using the CLI,
At the command prompt, type:
enable ns fea ipv6pt
In the following configuration, OSPF, and BGP routing are enabled. Also, spotted SNIP6 addresses are added and dynamic routing is enabled on these SNIP6 addresses.
add ns ip6 3ffa::1/64 -dynamicrouting enabled -ownernode 1 add ns ip6 3ffa::2/64 -dynamicrouting enabled -ownernode 2 add ns ip6 3ffa::3/64 -dynamicrouting enabled -ownernode 3 add vlan 10 bind vlan 10 -ipaddress 3ffa::1/64 <!--NeedCopy-->
In the following VTYSH sample configuration, IPv6 BGP is configured.
router bgp 100 neighbor 3ffa::10 remote-as 200 owner-node 1 neighbor 3ffa::10 update-source 3ffa::1 exit-owner-node owner-node-2 neighbor 3ffa::10 update-source 3ffa::2 exit-owner-node owner-node-3 neighbor 3ffa::10 update-source 3ffa::3 exit-owner-node no neighbor 3ffa::10 activate address-family ipv6 redistribute kernel neighbor 3ffa::10 activate exit-address-family ! <!--NeedCopy-->
The Citrix ADC cluster can use routes learned by various routing protocols after you install the routes in the Citrix ADC cluster routing table.
To install IPv6 learned routes to the internal routing table by using the CLI:
At the command prompt, type:
ns route-install ipv6 bgp
ns route-install ipv6 ospf
ns route-install default
If you have to exchange IPv4 routes on a IPv6 neighbor, you must remove the
no neighbor 3ffa::10 activeVTYSH command from the earlier configuration.
update-sourceVTYSH command must be used for each owner node to specify the right IPv6 source IP while connecting to the BGP peer as given in the BGP IPv4 configuration.
Routing in a L3 cluster
The routing in a L3 cluster works only when the following configurations are done on the Citrix ADC appliance.
Enable the dynamic routing for a VLAN.
set vlan <id> -dynamicrouting enabled <!--NeedCopy-->
To reach all cluster nodes, the VIP, CLIP, and Citrix ADC IP (NSIP) must be advertised by routing protocols along with the
Consider an example where all the cluster nodes are grouped in the AS 100 network, and the upstream routers are in a different AS 200.
The following figure depicts the AS 100 and AS 200 deployment in a cluster setup.
In this deployment, CLIP advertises CCO to upstream routers. Some cluster nodes drop the advertised traffic, as an AS loop is detected.
To overcome the issue, configure the following command in VTYSH BGP router mode for each neighbor.
At the VTYSH command prompt, type:
neighbor <peer_ip> allowas-in 1
As a best practice, Citrix recommends you to configure any one of the following:
Configure route-maps to learn only desired networks such as; default route, Citrix ADC IP (NSIP), and NSIP subnets on cluster nodes.
Configure upstream routes to advertise only desired networks such as; CLIP and Citrix ADC IP (NSIP) in cluster.