-
Notifications
You must be signed in to change notification settings - Fork 368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add BGP Confederation support #6567
Comments
Thanks for the detailed issue, we will look into it. |
Basing on the gobgp sample given here: A sample BGPPolicy which is roughly equivalent to the above FRR config.
I am unsure the purpose of the gobgp |
That seems pretty straightforward. We can easily extend the BTW, currently we restrict the cc @hongliangl, who contributed the BGP support in Antrea. He is currently on leave but will be back in a couple of weeks. |
We use FRR for the route reflectors in the diagram.
For prefix 10.0.0.34/34 advertised from the k8s cluster (Antrea BGP or FRR-k8s), the
Our use case for this is internal (non direct internet peering), so we use all private ranges. The restriction would help protect unknowing users against bad config and unwise decisions. However, a k8s cluster peering or operating on the public side (internet) intentionally would likely want to use public ASN ranges in both the localASN and/or the confederated ASN. |
Describe the problem/challenge you have
In large iBGP based networks it is useful to split up the AS into multiple sub-AS using BGP Confederations. Lack of confederation prevents the ability to segment the BGP config and failure domains.
Take for example our environment:
-Multiple large subnets of k8s nodes (each subnet is typically /20 or larger)
-BGP route reflectors in each subnet running as a sub-AS
-Multiple subnets are sub-AS of a main confederated AS
-Upstream Cisco router as gateway for all subnets (cannot run multiple BGP processes with a different local-AS for each process)
Without BGP confederation, either:
Describe the solution you'd like
Add support for BGP Confederation
Anything else you would like to add?
Sample frr-k8s config with basic BGP confederation:
64512 is the sub-AS
65535 is the the main AS
BGP peering diagram
The text was updated successfully, but these errors were encountered: