search

projectcalico / calico

Cloud native networking and network security
https://docs.tigera.io/calico/latest/about/
Apache License 2.0
6.01k stars 1.34k forks source link

How to announce Kubernetes Pod networks to FFR router with Calico CNI #7920

Closed balioune closed 11 months ago

balioune commented 1 year ago

Hi, I would like to announce Kubernetes Pod Network to a FRR router (former quagga) using BGP. The BGP sessions are correctly established between the router and kubernetes nodes but I don't see any route received by BGP in my router. You can find bellow my config and the cluster state.

Any suggestion to solve the issue please ?

Regards,

Install of Calico

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml

Kubernetes cluster state

kubectl cluster-info
Kubernetes control plane is running at https://192.168.50.10:6443
CoreDNS is running at https://192.168.50.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

$ sudo calicoctl node status
Calico process is running.

IPv4 BGP status
+--------------+-------------------+-------+----------+-------------+
| PEER ADDRESS |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+--------------+-------------------+-------+----------+-------------+
| 192.168.1.13 | node-to-node mesh | up    | 09:40:40 | Established |
| 192.168.1.2  | global            | up    | 15:04:24 | Established |
+--------------+-------------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.
$ kubectl get nodes -o wide
NAME       STATUS   ROLES           AGE     VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
master     Ready    control-plane   5h59m   v1.27.4   192.168.50.10   <none>        Ubuntu 22.04.2 LTS   6.2.0-26-generic   containerd://1.6.22
worker-1   Ready    <none>          5h31m   v1.27.4   192.168.50.11   <none>        Ubuntu 22.04.2 LTS   6.2.0-26-generic   containerd://1.6.22
$ kubectl get pods -A
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-85578c44bf-rlqsq   1/1     Running   0          5h58m
kube-system   calico-node-67qb7                          1/1     Running   0          5h58m
kube-system   calico-node-6qzvh                          1/1     Running   0          5h31m
kube-system   coredns-5d78c9869d-knjwt                   1/1     Running   0          5h58m
kube-system   coredns-5d78c9869d-t9wc7                   1/1     Running   0          5h58m
kube-system   etcd-master                                1/1     Running   0          5h59m
kube-system   kube-apiserver-master                      1/1     Running   0          5h59m
kube-system   kube-controller-manager-master             1/1     Running   0          5h59m
kube-system   kube-proxy-kwcgg                           1/1     Running   0          5h58m
kube-system   kube-proxy-ssbsv                           1/1     Running   0          5h31m
kube-system   kube-scheduler-master                      1/1     Running   0          5h59m

FRR BGP configuration

frr version 8.1
frr defaults traditional
hostname lab-router
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!

router bgp 55000 vrf default
 bgp ebgp-requires-policy
 neighbor V4 peer-group
 neighbor V4 remote-as 64512
 neighbor V4 ebgp-multihop 5
 neighbor 192.168.1.29 peer-group V4
 neighbor 192.168.1.13 peer-group V4
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor V4 route-map IMPORT in
  neighbor V4 route-map EXPORT out
 exit-address-family
 !
route-map EXPORT deny 100
!
route-map EXPORT permit 1
 match interface lo
!
route-map IMPORT deny 1
!
line vty
!

VTY output

show bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.1.2, local AS number 55000 vrf-id 0
BGP table version 2
RIB entries 3, using 552 bytes of memory
Peers 2, using 1446 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
192.168.1.13    4      64512         8         4        0    0    0 00:00:21            0        0 N/A
192.168.1.29    4      64512         8         4        0    0    0 00:00:21            0        0 N/A

Total number of neighbors 2
# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

K>* 0.0.0.0/0 [0/600] via 192.168.1.254, wlp3s0, 00:00:34
C>* 172.19.0.0/16 is directly connected, br-7bc7b2309f1b, 00:00:34
C>* 192.168.1.0/24 is directly connected, wlp3s0, 00:00:34
mazdakn commented 1 year ago

@balioune please share the BGPPeer and also the IPPool you created.

mazdakn commented 1 year ago

@balioune I am not sure how FRR import/export filters work, so just I assume those are correct.