Configure IP failover over BGP using FRR (advanced)
Not all data centers support configuring IP failover over BGP. Review the Configure failover on a Compute Instance to learn more about IP Sharing / IP failover availability within each data center.
This guide covers using the open source FRRouting (FRR) tool to configure failover between two Compute Instances. FRR is a routing service that uses BGP to monitor and fail over components in a high availability configuration. These instructions supplement the general Configure failover on a Compute Instance guide and are intended as an advanced alternative to lelastic when more control and customization is needed.
Before you begin
Before following this guide, ensure the following has been done on each Compute Instance used within your IP failover strategy.
-
Read through the Configure failover on a Compute Instance guide to learn more about how failover is implemented within Akamai cloud computing.
-
Set the hostname and update the hosts file for each Compute Instance.
-
Verify Python3 is installed. See FRR's official documentation to learn about FRR's Python dependencies.
Configure failover
These instructions enable you to configure failover using FRR, which is very configurable and can be used for advanced failover implementation. This guide depends on the general Configure failover on a Compute Instance guide for many steps.
To configure failover, complete each section in the order shown:
- Create and share the shared IP address
- For each Compute Instance:
- Test failover
Install FRR
This section provides instructions for installing FRR on Debian, Ubuntu, and CentOS systems through their native package managers. If you're using a different distribution or prefer to install FRR from source, follow FRR's official installation instructions to install FRR using git.
Debian and Ubuntu
Supported distributions: Ubuntu 20.04, 18.04, and 16.04 | Debian 11, 10, and 9
-
Set the FRR environment variable to the version you would like to install. The possible values are
frr-6
,frr-7
,frr-8
, andfrr-stable
, though it is recommended to usefrr-stable
to install the latest stable version.FRRVER="frr-stable"
For more information on FRR versions, see the FRR Debian repository and FRR's Github Releases.
-
If you're running an older Debian-based system, you may need to install the packages below, which come default with most modern Debian-based distributions.
sudo apt update && sudo apt install apt-transport-https gnupg
-
Add FRR's GPG key:
curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -
-
Add FRR's Debian repository to your system's source's list:
echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list
-
Install FRR:
sudo apt install frr frr-pythontools
CentOS/RHEL 7 and 8
Supported distributions: CentOS Stream 9 (and 8), CentOS 8 (and 7), other RHEL derivatives (including AlmaLinux 8, and Rocky Linux 8), and Fedora.
-
Set the FRR environment variable to the version you would like to install. The possible values are
frr-6
,frr-7
,frr-8
, andfrr-stable
, though it is recommended to usefrr-stable
to install the latest stable version.FRRVER="frr-stable"
For more information on FRR versions, see the FRR RPM repository and FRR's Github Releases.
-
Add FRR's RPM repository to your system:
-
CentOS/RHEL 8
curl -O https://rpm.frrouting.org/repo/$FRRVER-repo-1-0.el8.noarch.rpm sudo dnf install ./$FRRVER*
-
CentOS/RHEL 7
curl -O https://rpm.frrouting.org/repo/$FRRVER-repo-1-0.el7.noarch.rpm sudo yum install ./$FRRVER*
-
-
Install FRR:
-
CentOS/RHEL 8
sudo dnf install frr frr-pythontools
-
CentOS/RHEL 7
sudo yum install frr frr-pythontools
-
Configure FRR
With FRR installed, you can now configure it to enable IP failover.
-
FRR works using a variety of protocols. Since we're using FRR for its BGP support, the next step is to explicitly enable the
bgpd
daemon. Using a text editor of your choice, enable thebgpd
daemon by updating its value toyes
in the FRR daemons configuration file:# The watchfrr and zebra daemons are always started. # bgpd=yes
-
Gather the following information, which is required for the next step:
- Shared IP address (
[SHARED_IP]
): The IPv4 address you shared or an address from the IPv6 range that you shared. You can choose any address from the IPv6 range. For example, within the range 2001:db8:e001:1b8c::/64, the address2001:db8:e001:1b8c::1
can be used. - Prefix (
[PREFIX]
): For an IPv4 address, use32
. For an IPv6 address, use either56
or64
depending on the size of the range you are sharing. - Protocol (
[PROTOCOL]
): Useipv4
when sharing an IPv4 address andipv6
when sharing an IPv6 address. - Hostname (
[HOSTNAME]
): The hostname defined on the Compute Instance you are configuring (ex:atl-bgp-1
). - Role (
[ROLE]
): The role of this Compute Instance within your failover strategy.primary
: All requests are routed to this Compute Instance, provided it is accessible.secondary
: If theprimary
Compute Instance fails, all requests are routed to this Compute Instance, provided it is accessible.
- Data center ID (
[DC_ID]
): The ID of your data center. See IP Sharing availability for the corresponding ID.
- Shared IP address (
-
Edit the
/etc/frr/frr.conf
file and add the following lines. Ensure you replace any Compute Instances of[SHARED_IP]
,[HOSTNAME]
,[ROLE]
, and[DC_ID]
as outlined above.hostname [HOSTNAME] router bgp 65001 no bgp ebgp-requires-policy coalesce-time 1000 bgp bestpath as-path multipath-relax neighbor RS peer-group neighbor RS remote-as external neighbor RS ebgp-multihop 10 neighbor RS capability extended-nexthop neighbor 2600:3c0f:[DC_ID]:34::1 peer-group RS neighbor 2600:3c0f:[DC_ID]:34::2 peer-group RS neighbor 2600:3c0f:[DC_ID]:34::3 peer-group RS neighbor 2600:3c0f:[DC_ID]:34::4 peer-group RS address-family [PROTOCOL] unicast network [SHARED_IP]/[PREFIX] route-map [ROLE] redistribute static neighbor RS activate exit-address-family route-map primary permit 10 set community 65000:1 route-map secondary permit 10 set community 65000:2 ipv6 nht resolve-via-default
-
Restart the FRR service:
sudo systemctl restart frr
Updated about 1 month ago