AS number other than default AS number(64512) to BGP with Calico is not working

[avinashchundu9]

Setup Details

CIS Version : 2.15.1
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP v16.1.3.1
AS3 Version: 3.47 Agent Mode: AS3
Orchestration: K8S Orchestration Version:
Pool Mode: Cluster Additional Setup details: calico CNI with version v3.26.1

Description

BGP between F5 and Calico works if we are using the default AS number. But if we use any other AS number it fails.

Steps To Reproduce

1) Try to establish a BGP peering between F5 and Calico running on Kubernetes with AS number other than the default

Expected Result

BGP peer should be established.

Actual Result

BGP peer wasn't established.

[mdditt2000]

thanks @avinashchundu9 for opening this issue. I created a Spike CONTCNTR-4644 to dig into this issue more

[trinaths]

created a Spike CONTCNTR-4644 to dig into this issue more

[vidyasagar-m]

@avinashchundu9 We tried with different AS Number in our local and the BGP Connection is successfully established. Could you provide us the port lockdown in the VLAN from the BIGIP.

[vidyasagar-m]

@avinashchundu9 Could you also send the AS Number used in the BIGIP end and the cluster end?

[avinashchundu9]

++ Lei

Currently we using 64512. But we tried some lower number a while back.

From: Vidya Sagar @.> Sent: Tuesday, March 26, 2024 11:24 PM To: F5Networks/k8s-bigip-ctlr @.> Cc: Chundu, Avinash @.>; Mention @.> Subject: Re: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

@avinashchundu9https://github.com/avinashchundu9 Could you also send the AS Number used in the BIGIP end and the cluster end?

— Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/k8s-bigip-ctlr/issues/3331#issuecomment-2022048417, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AYSPV4P2L26NG4X2BPW2AF3Y2JQYFAVCNFSM6AAAAABETEZ2W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSGA2DQNBRG4. You are receiving this because you were mentioned.Message ID: @.**@.>>

[avinashchundu9]

We used AS 6451 on both F5 and k8s and it did not work

On F5, under self Ips, all IP’s port lockdown=allow all, see below

Thanks Lei

@.***

From: Chundu, Avinash @.> Sent: Wednesday, March 27, 2024 5:46 PM To: F5Networks/k8s-bigip-ctlr @.>; F5Networks/k8s-bigip-ctlr @.>; chen, LLei @.> Cc: Mention @.***> Subject: RE: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

++ Lei

Currently we using 64512. But we tried some lower number a while back.

From: Vidya Sagar @.**@.>> Sent: Tuesday, March 26, 2024 11:24 PM To: F5Networks/k8s-bigip-ctlr @.**@.>> Cc: Chundu, Avinash @.**@.>>; Mention @.**@.>> Subject: Re: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

@avinashchundu9https://github.com/avinashchundu9 Could you also send the AS Number used in the BIGIP end and the cluster end?

— Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/k8s-bigip-ctlr/issues/3331#issuecomment-2022048417, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AYSPV4P2L26NG4X2BPW2AF3Y2JQYFAVCNFSM6AAAAABETEZ2W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSGA2DQNBRG4. You are receiving this because you were mentioned.Message ID: @.**@.>>

[avinashchundu9]

Here is the node error log.

bird: Global_x_x_x10: Received: Bad peer AS: 64512 bird: Global x_x_x10: State changed to stop bird: Global x_x_x10: State changed to down bird: Global x_x_x_10: Starting bird: Global__ x_x_x_10: State changed to start

thanks LEi

From: chen, LLei Sent: Wednesday, March 27, 2024 5:54 PM To: Chundu, Avinash @.>; F5Networks/k8s-bigip-ctlr @.>; F5Networks/k8s-bigip-ctlr @.> Cc: Mention @.>; Ireland, Paul @.***> Subject: RE: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

We used AS 6451 on both F5 and k8s and it did not work

On F5, under self Ips, all IP’s port lockdown=allow all, see below

Thanks Lei

@.***

From: Chundu, Avinash @.**@.>> Sent: Wednesday, March 27, 2024 5:46 PM To: F5Networks/k8s-bigip-ctlr @.**@.>>; F5Networks/k8s-bigip-ctlr @.**@.>>; chen, LLei @.**@.>> Cc: Mention @.**@.>> Subject: RE: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

++ Lei

Currently we using 64512. But we tried some lower number a while back.

From: Vidya Sagar @.**@.>> Sent: Tuesday, March 26, 2024 11:24 PM To: F5Networks/k8s-bigip-ctlr @.**@.>> Cc: Chundu, Avinash @.**@.>>; Mention @.**@.>> Subject: Re: [F5Networks/k8s-bigip-ctlr] AS number other than default AS number(64512) to BGP with Calico is not working (Issue #3331)

@avinashchundu9https://github.com/avinashchundu9 Could you also send the AS Number used in the BIGIP end and the cluster end?

— Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/k8s-bigip-ctlr/issues/3331#issuecomment-2022048417, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AYSPV4P2L26NG4X2BPW2AF3Y2JQYFAVCNFSM6AAAAABETEZ2W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSGA2DQNBRG4. You are receiving this because you were mentioned.Message ID: @.**@.>>

[vidyasagar-m]

@avinashchundu9 tried with AS Number 6451 and the connection to the BGP Peers is successful. Seems like the issue is related to BIGIP. Please raise a BIGIP SR regarding the issue.

[trinaths]

From the above discussion the no issue with CIS.