Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Enable BGP as a Service

Cloud-Native Contrail® Networking™ supports Border Gateway Protocol (BGP) as a Service (BGPaaS). This document should be used to enable BGPaaS in environments using Release 22.1 or later.

The BGPaaS feature in Cloud-Native Contrail Networking provides the network support for BGP to operate within a virtual network in cloud networking environments using Cloud-Native Contrail Networking.

Benefits of BGP as a Service in Cloud-Native Contrail

With BGPaaS in Kubernetes environments using Cloud-Native Contrail Networking, you gain the following functionality:

  • A BGP protocol service that runs in the virtual network. This BGP service creates BGP neighbor sessions to pods, virtual machines, and other workloads in the virtual network.

  • A routing protocol that supports IPv4 neighbors, the IPv4 and IPv6 unicast address family, and IPv6-over-IPv4 next-hop mapping.

  • A BGP protocol service that is user-configurable using most well-known BGP configuration parameters.

You can use BGPaaS in any cloud networking environment that needs the functionality provided by a routing protocol. You may find BGPaaS especially useful in the following scenarios:

  • If you manage a large cloud networking environment that runs multiple workloads, you may want to use BGPaaS to scale network services.

  • If you use tunneling protocols that need network reachability information from a routing protocol to create and maintain tunnels, BGPaaS can help.

Prerequisites

We assume that before you enable BGP as a service:

  • You are operating in a working cloud networking environment using Kubernetes orchestration, and Cloud-Native Contrail Networking is operational.

  • You have a working knowledge of BGP.

Overview of BGP as a Service in Cloud-Native Contrail Networking

Cloud-Native Contrail provides the networking support for BGPaaS.

You have to find a BGP service to run BGP in your cloud networking environment. This document shows how to enable networking support for BGPaaS with Cloud-Native Contrail Networking using the BGP service provided by the BIRD Internet Routing Daemon (BIRD). This daemon is available as a built-in development tool on many versions of Unix. You can also download it to your environment using a separate image.

In the examples that follow, you see that the BGP daemon from BIRD runs in a pod when BGPaaS is enabled. That daemon then sends BGP messages over the network using the networking capabilities provided by Cloud-Native Contrail Networking. For additional information on BIRD, see the BIRD Internet Routing Daemon homepage.

When BGPaaS is operational, the BGP daemon runs in a pod and manages BGPaaS. The BGP daemon is directly connected to a Contrail vRouter.

The Contrail vRouter has a connection to at least one control plane node and connects the BIRD daemon to the control plane. A BGP peering session between at least one control node and the BIRD daemon is established through this connection with the Contrail vRouter.

After a peering session is created between the control nodes and the BGP daemon, the BGP daemon can manage BGPaaS and send routes to BGP clients over the control plane. The BGPaaS management tasks include assigning IP addresses to workloads, pods, VMs, or other objects.

Enable BGPaaS in a Pod

To enable BGPaaS, you must create a pod to host the BGP service. You must then associate the pod hosting the BGP service with the virtual networks where BGPaaS will run.

You can use either of two methods of associating a pod hosting the BGP service with a virtual network:

  • Virtual Machine Interfaces Selector—The pod running the BGP service is directly associated with the virtual network. The pod hosting the BGP service is discovered automatically after the virtual network association is defined.

  • Virtual Machine Interface References—The pod running the BGP service is directly associated with the virtual network by explicitly providing the namespace and the name of the virtual machine interface of the pod hosting the BGP service.

The following sections provide the steps for each association method.

Enable BGPaaS in a Pod Using the Virtual Machine Interfaces Selector

You must create a pod to host the BGP service, and then you can enable BGPaaS with the Virtual Machine Interfaces Selector.

The pod must:

  • Include at least one IPv4 interface.

  • Include annotations using core.juniper.net/bgpaas-networks to specify the associated virtual network names. The value in this annotation must includes at least one virtual network name. If you are associated the pod hosting the BIRD daemon with multiple virtual networks, enter the virtual network names as a comma-separated list.

In this example YAML file, a pod is created to host the BGP service. The pod is associated with two virtual networks and BGPaaS is enabled to run on both virtual networks. The image: variable in the containers: hierarchy points to the BIRD image file that will provide the BGP service in this example.

Enter the kubectl get vmi -n virtual-network-name to confirm that the pod and it's associated virtual machine interfaces have been created. You can also enter the kubectl describe command to ensure the virtual machine interfaces exist.

You can confirm the virtual network was created by reviewing the bgpaasVN= output in the label section of the kubectl describe command.

You must then create a BGPaaS object to configure BGPaaS. The BGPaaS object references the virtual networks in the virtualMachineInterfacesSelector: section.

Enable BGPaaS in a Pod Using Virtual Machine Interface References

You must first create a pod to host the BIRD daemon to enable BGPaaS with Virtual Machine Interface references. The pod must include at least one IPv4 interface.

In the following example, a pod is created in the bgpaas-ns namespace. The annotation associates the pod with the bgpaas-vn-1 virtual network. The image: variable in the containers: hierarchy points to the BIRD image file that will provide the BGP service in this example.

Confirm that the pod was created after committing the pod object configuration file by entering the kubectl get vmi -n bgpaas-ns command.

Note the name of the virtual machine interface for the pod in this command output. You will need to specify the virtual machine interface name later in this procedure when configuring the BGPaaS object.

The Virtual Machine interface references are defined while creating the BGPaaS object using the virtualMachineInterfaceReferences: hierarchy. The namespace: is the pod namespace and the name: is the virtual machine interface name that you retrieved using the kubectl get vmi -n bgpaas-ns command.

Configure the IP Address Allocation Method for BGPasaS

You can configure BGPaaService with one of the following IP address allocation methods:

  • automatic IP address allocation⁠—the BGP service assigns IP addresses.

  • user-specified IP address allocation—you assign the IP address.

You configure the IP address allocation method in the Subnet object.

Automatic IP address allocation is enabled by default. If you enable BGPaaS without manually disabling automatic IP address allocation, BGPaaS uses automatic IP address allocation.

You disable automatic IP address allocation by setting the disableBGPaaSIPAutoAllocation: variable in the Subnet object to true. If the disableBGPaaSIPAutoAllocation: variable is not present in the Subnet object file, automatic IP address allocation is enabled.

In the following configuration sample, automatic IP address allocation is enabled because the disableBGPaaSIPAutoAllocation: variable isn't present in the Subnet object configuration file.

In this configuration sample, automatic IP address allocation is enabled because the disableBGPaaSIPAutoAllocation: variable is set to false.

To enable user-specified IP address allocation, set the disableBGPaaSIPAutoAllocation: variable to true. When user-specified IP address allocation is enabled, you must also configure the BGP addresses that BGPaaS can assign to endpoints within the subnet. You must set a primary IP address using the bgpaasPrimaryIP: variable. You can also set an optional secondary IP address, which is done in this example using the bgpaasSecondaryIP: variable.

Configure the BGPasaService Object

You enable BGPaaS in a cluster by creating a BGPAsAService object.

Create the BGPAsAService object by creating a YAML file that uses BGPAsAService in the kind: field:

Table 1: Spec Field Variables for BGPaaS:

This table provides a description of each Spec field variable in the BGPaaS object file.
Field Variable Description

shared:

Specifies whether a common BGP router object can be shared with multiple virtual machine interfaces in the same virtual network.

When this field is set to true, one BGP client router can be shared with multiple virtual machine interfaces in the same virtual network. This setting limits the total number of BGP client routers that have to be created in a virtual network for a VMI.

When this field is set to false, one BGP client router is created for each virtual machine interface.

autonomousSystem:

Specifies the global Autonomous System number for the BGP instance. The Autonomous System number can be any whole number between 1 and 4294967295.

bgpAsAServiceSessionAttributes:

Defines the BGP session attributes for BGPaaS.

See Table 2

VirtualMachineInterfaceReferences:

Defines the virtual machine interface parameters to associate with BGPaaS when using virtual machine interface references.

See Table 3

virtualMachineInterfacesSelector:

Defines the virtual networks where BGPaaS runs when using the virtual machine interfaces selector.

See Table 4
Table 2: BgpAsAServiceSessionAttributes Fields for BGPaaS:

The bgpAsAServiceSessionAttributes: in the spec: hierarchy are used in all BGPaaS setups. The bgpAsAServiceSessionAttributes: hierarchy includes these fields:
Field Description

localAutonomousSystem:

Specifies the local Autonomous System number for BGP.

LoopCount:

Specifies the number of times that the same ASN can be seen in a route update before the route is discarded. The LoopCount: can be any whole number up to 16.

routeOriginOverride:

Overrides the original setting and sets the origin attribute to Incomplete when forwarding routes.

If you set this field to false, routes are advertised into BGP based on the origin setting. The origin is either IGP or EGP and is set using the origin: field in this file.

If you set this field to true, the origin is set to Incomplete for advertised routes.

Use this field if you want to change how BGP networks prioritize routes received from the BGP service. By default, BGP networks prioritize routes based on origin, and routes with an Incomplete origin receive lower priority than routes received from IGP or EGP.

Origin:

Specifies if BGP operates as an interior gateway protocol—igp—or exterior gateway protocol (egp). The default route origin is igp.

AddressFamilies:

Specifies the address family. You can specify the family as inet for IPv4 or inet6 for IPv6. Both address families can be specified simultaneously.
Table 3: virtualMachineInterfaceReferences: in BGPaaS:

The virtualMachineInterfaceReferences: in the spec: hierarchy include the following fields:
Field Description

apiVersion:

Specifies the API version for the virtual machine interface reference.

kind:

Always set this field to VirtualMachineInterface.

namespace:

Specifies the namespace associated with the virtual machine interface reference. You define this namespace while creating the Pod object. See .

name:

Specifies the name of the pod associated with the virtual machine interface reference. You can retrieve the pod name by entering the kubectl get vmi -n bgpaas-ns command. See Enable BGPaaS in a Pod Using Virtual Machine Interface References.
Table 4: The virtualMachineInterfacesSelector: Fields in BGPaaS:

The virtualMachineInterfacesSelector: in the spec: hierarchy includes the following fields:
Field Description

matchLabels:

Define the match labels for the Virtual Machine Interfaces selector.

The match labels in this context are always used to reference the virtual networks where the Virtual Machine interfaces selector is running.

The match label values in this section are always entered as core.juniper.net/bgpaasVN:virtual-network-name. See Enable BGPaaS in a Pod Using the Virtual Machine Interfaces Selector.

Validate the BGP as a Service Configuration

You should confirm that the BGPaaS object is successfully running after committing the BGPAsAService object file.

Enter the kubectl get BGPAsAService command after creating the BGPAsAService object to confirm the object state. The object is successfully created when the State field indicates Success.

You should also ensure the BGPaaS server and the BGPaaS client are created and are in the Success state.

Enter the kubectl get BGPRouter command to confirm the presence and operational state of the BGPaaS servers and clients.

Configure BGP in Pod

You must also configure the networking parameters for the BGP service running in the pod. The configuration for each individual BGP service is unique and documenting the required networking configuration parameters is beyond the scope of this document.

In this example, the BGP network configuration is configured using BIRD.

You configure BGP using the BIRD CLI in this example. The parameters of the BGP configuration that need to match the BGPaaS objects defined in Cloud-Native Contrail Networking are noted. Although not shown in this example, you should know that the default location to access the BIRD configuration file in most deployments is /etc/bird.conf or /etc/bird/bird.conf.

You can also verify that the BGP protocol is running from your BGP service.

In this example from BIRD, the show protocol command is entered to verify that the BGP protocol is established.