Enable BGP with kubernetes cilium bgp

eazysnatch · Mon Jul 24, 2023 11:57 pm

Hey guys ,

Im struggling with Mikrotik BGP to make it work with Kubernetes ( k3s ) with Cilium CNI. Im not sure what the role must be. I tried with local ibgp, same AS different AS. There is no peer connections. As you can see I also play with default-originate. Any kind of help will be awesome.

] /routing/bgp/connection> print
Flags: D - dynamic, X - disabled, I - inactive
 0   name="PEER_TO_K3S_WN_1"
     remote.address=192.168.1.201
     local.default-address=192.168.1.1 .role=ebgp
     routing-table=main as=65000
     output.default-originate=always

 1   name="PEER_TO_K3S_WN_2"
     remote.address=192.168.1.202
     local.default-address=192.168.1.1 .role=ebgp
     routing-table=main as=65000
     output.default-originate=always

 2   name="PEER_TO_K3S_WN_3"
     remote.address=192.168.1.203
     local.default-address=192.168.1.1 .role=ebgp
     routing-table=main as=65000 address-families=""
     output.default-originate=never

cilium-bgp.yaml

apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
metadata:
  name: bgp-policy
spec:
  nodeSelector:
    matchLabels:
      bgp-policy: a
  virtualRouters:
    - exportPodCIDR: true
      localASN: 65001
      neighbors:
        - peerASN: 65000
          peerAddress: 192.168.1.1/32

cilium-ippool.yaml

apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
  name: "lbpool"
spec:
  cidrs:
  - cidr: "172.198.1.0/24"
  disabled: false

k3s-rpi (main) ✗ cilium bgp peers
Node                 Local AS   Peer AS   Peer Address   Session State   Uptime   Family         Received   Advertised
k3s-worker-node-01   64512      64512     192.168.1.1    active          0s       ipv4/unicast   0          0
                                                                                  ipv6/unicast   0          0
k3s-worker-node-02   64512      64512     192.168.1.1    active          0s       ipv4/unicast   0          0
                                                                                  ipv6/unicast   0          0
k3s-worker-node-03   64512      64512     192.168.1.1    active          0s       ipv4/unicast   0          0
                                                                                  ipv6/unicast   0          0

Cilium example config:
https://docs.cilium.io/en/stable/networ ... rol-plane/
Example with OpnSense:
https://devopstales.github.io/home/cili ... se-bgp-v2/

wiseroute · Tue Jul 25, 2023 4:25 am

hmm... interesting

never tried myself - and i think it is difficult to see the point of having it.

anyway... have you read this guide?

https://docs.cilium.io/en/stable/network/kube-router/

eazysnatch · Tue Jul 25, 2023 12:18 pm

Hey Buddy,

Its a lab where i learn Cilium new features that is the point. Till now my k8s is using MetalLB but with the new version of Cilium you can do LoadBalancer service which is something i want to achieve here. MetalLB also can work with BGP but i configure it with L2 overlay which is not a real LB but it works like a fail over.

Kube-router is a different thing i don't need that.

eazysnatch · Mon Aug 14, 2023 6:13 pm

After all, I figured it out, and I made a blog about it. If someone is interested in how we can do Kubernetes + Cilium and expose services with LoadBalacing using BGP, here it is:

https://medium.com/@valentin.hristev/ku ... ad416546a

Enable BGP with kubernetes cilium bgp

Enable BGP with kubernetes cilium bgp

Re: Enable BGP with kubernetes cilium bgp

Re: Enable BGP with kubernetes cilium bgp

Re: Enable BGP with kubernetes cilium bgp

Who is online