Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bgpv1: Implement AdvertisedPathAttributes for CiliumBGPNeighbor using BGP routing policies #27705

Merged
merged 5 commits into from Sep 12, 2023
Merged

bgpv1: Implement AdvertisedPathAttributes for CiliumBGPNeighbor using BGP routing policies #27705

merged 5 commits into from Sep 12, 2023

Conversation

rastislavs
Copy link
Contributor

@rastislavs rastislavs commented Aug 25, 2023
edited

This PR adds a new field AdvertisedPathAttributes into the CiliumBGPNeighbor part of the CiliumBGPPeeringPolicy CRD, which can be used to apply additional NLRI attributes (communities / local preference) to matched routes when advertising them to a BGP peer.

The implementation relies on the GoBGP routing policies, which are internally abstracted to a new RoutePolicy type and new Router interface methods AddRoutePolicy + RemoveRoutePolicy.

For now, we support this for routes advertised for k8s LB services (matching by CiliumLoadBalancerIPPools) and Pod CIDRs (matching by CiliumNodes).

For more details, please see the individual commits.

Example:

CiliumBGPPeeringPolicy configuration:

apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
spec:
  virtualRouters: 
  - localASN: 65000
    exportPodCIDR: true
    serviceSelector:
      matchLabels:
        advertise: bgp
    neighbors:
    - peerASN: 65000
      peerAddress: 172.0.0.1/32
      advertisedPathAttributes:
      # add community attribute to all routes advertised for the matched CiliumLoadBalancerIPPool
      - selectorType: CiliumLoadBalancerIPPool
        selector:
          matchLabels:
            environment: production
        communities:
          standard:
          - 65001:100
      # add local preference & community attributes to Pod CIDR routes of all nodes
      - selectorType: PodCIDR
        localPreference: 150
        communities:
          standard:
          - 65001:150

Matching a LB pool:

apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
  name: "cilium-pool"
  labels:
    environment: production
spec:
  cidrs:
  - cidr: "192.168.100.0/24"

Causes adding a Community and setting appropriate Local Preference on advertised routes (10.244.0.0/24 is a pod CIDR and 192.168.100.190/32 is a k8s service VIP):

$ cilium bgp routes advertised ipv4 unicast peer 172.0.0.1

VRouter   Prefix               NextHop     Age     Attrs
65000     10.244.0.0/24        172.0.0.2   3m31s   [{Origin: i} {LocalPref: 150} {Communities: 65001:150}] {Nexthop: 172.0.0.2}
65000     192.168.100.190/32   172.0.0.2   3m32s   [{Origin: i} {LocalPref: 100} {Communities: 65001:100}] {Nexthop: 172.0.0.2}

(Note that Local Preference attribute is sent only to iBGP peers and defaults to 100)

On the peered router:

tor# sh bgp ipv4 10.244.0.0/24
BGP routing table entry for 10.244.0.0/24, version 14
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Local
    172.0.0.2 from 172.0.0.2 (172.0.0.2)
      Origin IGP, localpref 150, valid, internal, best (First path received)
      Community: 65001:150
      Last update: Mon Aug 28 09:13:16 2023

tor# sh bgp ipv4 192.168.100.190/32
BGP routing table entry for 192.168.100.190/32, version 13
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Local
    172.0.0.2 from 172.0.0.2 (172.0.0.2)
      Origin IGP, localpref 100, valid, internal, best (First path received)
      Community: 65001:100
      Last update: Mon Aug 28 09:13:16 2023

Release Note:

Implement `AdvertisedPathAttributes` for `CiliumBGPNeighbor` in the `CiliumBGPPeeringPolicy` CRD to allow setting BGP Community and Local Preference path attributes for advertised BGP routes.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 25, 2023
@rastislavs rastislavs added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Aug 25, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 25, 2023
@rastislavs rastislavs added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. area/bgp labels Aug 25, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 25, 2023
@rastislavs rastislavs added the kind/feature This introduces new functionality. label Aug 25, 2023
@rastislavs rastislavs mentioned this pull request Aug 25, 2023
Merged
@rastislavs rastislavs force-pushed the bgp-community branch 3 times, most recently from e3de014 to fc83f1f Compare August 28, 2023 15:17
ldelossa
ldelossa requested changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@ldelossa ldelossa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some questions to clarify, but overall code and structure looks good.

pkg/k8s/apis/cilium.io/v2alpha1/bgpp_types.go Outdated Show resolved Hide resolved
pkg/k8s/apis/cilium.io/v2alpha1/bgpp_types.go Outdated Show resolved Hide resolved
pkg/k8s/apis/cilium.io/v2alpha1/bgpp_types.go Show resolved Hide resolved
pkg/bgpv1/types/bgp.go Outdated Show resolved Hide resolved
pkg/bgpv1/manager/signaled_store.go Outdated Show resolved Hide resolved
pkg/bgpv1/manager/signaled_store.go Outdated Show resolved Hide resolved
YutaroHayakawa
YutaroHayakawa requested changes Aug 29, 2023
View reviewed changes
Copy link
Member

@YutaroHayakawa YutaroHayakawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did an initial look. Thanks! This is cool! I have several questions.

pkg/bgpv1/gobgp/conversions.go Show resolved Hide resolved
pkg/bgpv1/gobgp/server.go Show resolved Hide resolved
pkg/bgpv1/manager/policy_reconciler.go Outdated Show resolved Hide resolved
pkg/bgpv1/manager/policy_reconciler.go Outdated Show resolved Hide resolved
@rastislavs rastislavs changed the title bgpv1: Implement OutgoingRouteAttributes for CiliumBGPNeighbor using BGP routing policies bgpv1: Implement AdvertisedPathAttributes for CiliumBGPNeighbor using BGP routing policies Sep 5, 2023
@rastislavs rastislavs force-pushed the bgp-community branch 2 times, most recently from 76b1119 to bbf290a Compare September 5, 2023 08:03
@rastislavs
Copy link
Contributor Author

/test

@rastislavs rastislavs marked this pull request as ready for review September 5, 2023 08:34
@rastislavs rastislavs requested review from a team as code owners September 5, 2023 08:34
YutaroHayakawa
YutaroHayakawa approved these changes Sep 5, 2023
View reviewed changes
Copy link
Member

@YutaroHayakawa YutaroHayakawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My concerns are addressed. LGTM 👍

harsimran-pabla
harsimran-pabla approved these changes Sep 5, 2023
View reviewed changes
Copy link
Contributor

@harsimran-pabla harsimran-pabla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!!

@rastislavs
bgpv1: Add AdvertisedPathAttributes field into CiliumBGPPeeringPolicy…
298c6f9 
… CRD

Extend the CiliumBGPNeighbor part of the CiliumBGPPeeringPolicy CRD
with a new optional field "AdvertisedPathAttributes" that can be
used to apply additional path attributes to selected routes when
advertising them to a peer.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
@rastislavs
bgpv1: Introduce RoutePolicy type and Implement Add/Remove Policy in …
ba7aece 
…GoBGP

Introduce a new RoutePolicy type representing a BGP routing policy and new Router
interface methods AddRoutePolicy + RemoveRoutePolicy.
Implement the new RoutePolicy interface in the GoBGP router implementation.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
@rastislavs
bgpv1: Introduce BGPCPResourceStore for BGP CP reconcilers usage
7546064 
Introduces a new BGPCPResourceStore that provides and easy to use interface
to a resource.Store for k8s objects that needs to be processed by the
BGP Control Plane reconcilers. It automatically signals the BGP Control Plane
whenever an event happens on the resource, so that individual reconcilers do
not need to do that themselves. Also provides a respective mock type that can
be used in unit tests.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
@rastislavs
bgpv1: Implement RoutePolicyReconciler for AdvertisedPathAttributes
f71064b 
Implements a new BGP CP reconciler "PolicyReconciler", that reconciles
BGP neighbor's AdvertisedPathAttributes configuration matching
CiliumLoadBalancerIPPools and/or PodCIDRs into underlying server's
routing policies.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
@rastislavs
bgpv1: Add ResetNeighbor Router API and use it in RoutePolicyReconciler
d70ce39 
Adds a new Router interface API method ResetNeighbor(), which
can be used to perform soft or hard reset of a BGP peer.
Uses this API from the RoutePolicyReconciler upon routing policy
changes to take effect immediately.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
@rastislavs
Copy link
Contributor Author

/test

danehans
danehans approved these changes Sep 11, 2023
View reviewed changes
Copy link
Contributor

@danehans danehans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a really nice feature. I have a few nits that can be resolved in a follow-up PR.

pkg/bgpv1/types/bgp.go Show resolved Hide resolved
pkg/k8s/apis/cilium.io/v2alpha1/bgpp_types.go Show resolved Hide resolved
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 11, 2023
@julianwiedmann julianwiedmann merged commit bad202e into cilium:main Sep 12, 2023
61 checks passed
This was referenced Sep 26, 2023
Closed
Closed
@rastislavs rastislavs mentioned this pull request Oct 10, 2023
Merged
@rastislavs rastislavs mentioned this pull request Nov 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harsimran-pabla harsimran-pabla harsimran-pabla approved these changes

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@danehans danehans danehans approved these changes

@ldelossa ldelossa ldelossa approved these changes

@YutaroHayakawa YutaroHayakawa YutaroHayakawa approved these changes

Assignees
No one assigned
Labels
area/bgp kind/feature This introduces new functionality. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@rastislavs @nathanjsweet @danehans @ldelossa @YutaroHayakawa @harsimran-pabla @julianwiedmann