Top of Rack BGP

Overview

The Service Proxy for Kubernetes (SPK) Top of Rack (ToR) BGP feature enables the Traffic Management Microkernel (TMM) Pods to establish BGP peer relationships based on the cluster node the TMM Pod is running on. Without the ToR BGP feature, all TMM Pods must share the same BGP neighbor configuration, requiring a full BGP mesh.

Parameters

The table below describes the BIG-IP Controller’s BGP Helm parameters used in this document, refer to the BGP Overview for the full list of parameters.

Parameter Description
asn The AS number of the f5-tmm-routing container.
maxPathsEbgp Set the maxPathsEbgp to install multiple paths in External BGP
maxPathsIbgp Set the maxPathsIbgp to install multiple paths in Internal BGP
hostname The hostname of the f5-tmm-routing container.
neighbors.nodeLookup Reference the ConfigMap holding the IP addresses.
neighbors.asn The AS number of the BGP peer.
neighbors.ebgpMultihop Enables connectivity between external peers that do not have a direct connection (1-255).
neighbors.acceptsIPv4 Enables advertising IPv4 virtual server addresses to the peer (true / false). The default is false.
neighbors.softReconf Enables BGP4 policies to be activated without clearing the BGP session.

BGP peer groups

The SPKs ToR feature relies on BGP peer-groups to support per-node BGP peering relationships. Because BGP peer-groups support only a one AS (autonomous system) number, you must create a separate SPKs ConfigMap for each AS number when using the procedure below. You can use multiple ConfigMaps to map IP addresses within a single AS number, for example to map IPv4 and IPv6 peers within the AS

Procedure

Use these steps to configure SPKs ToR BGP peering.

  1. Determine the cluster node names:

    kubectl get nodes
    
    NAME                          STATUS   ROLES                 
    master-robin3.pd.f5net.com    Ready    control-plane,master   
    worker1-robin3.pd.f5net.com   Ready    <none>                 
    worker2-robin3.pd.f5net.com   Ready    <none>   
    
  2. Create a new ConfigMap using the node names and the IP addresses of the BGP peers connected to the node. As mentioned in the BGP peer groups section, you must create one ConfgMap per AS number:

    Note: Be certain to add the namespace of the BIG-IP Controller.

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "spk-tor-bgp"
      namespace: "spk-ingress"
    data:
      worker1-robin.f5.com: 10.20.2.206
      worker2-robin.f5.com: 10.20.2.207
      master-robin.f5.com: 10.20.2.208
    

    You can also use multiple IP addresses per entry.

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "spk-tor-bgp"
      namespace: "spk-ingress"
    data:
      worker1-robin.f5.com: 10.20.2.106, 10.20.2.206
      worker2-robin.f5.com: 10.20.2.107, 10.20.2.207
      master-robin.f5.com: 10.20.2.108, 10.20.2.208
    
  3. Reference the ConfigMap name using the BIG-IP Controller’s neighbors.nodeLookup parameter:

    bgp:
      asn: 64443
      maxPathsEbgp: 4
      maxPathsIbgp: "null"
      hostname:spk-ingress-bgp
      neighbors:
       - nodeLookup: spk-tor-bgp
         asn: 3535
         ebgpMultihop: 100
         acceptsIPv4: true
         softReconf: true            
    
  4. After installing the BIG-IP Controller, to verify the BGP configuration is correct, first determine where the TMMs have scheduled:

    kubectl get pods -n spk-ingress -o wide | grep tmm
    
    f5-tmm-f98ff99cc-l76hc  4/4  Running  172.18.0.5  worker1-robin.f5.com
    f5-tmm-f98ff99cc-nfkgw  4/4  Running  172.18.0:6  worker2-robin.f5.com
    
  5. View the ZebOS configuration once the BIG-IP Controller has installed:

    In this example, the f5-tmm-routing container is in the spk-ingress Project:

    oc exec -it deploy/f5-tmm -c f5-tmm-routing -n spk-ingress \
    -- imish -e 'show running-config'
    
  6. Verify the correct IP address is configured:

    In this example, the worker2-robin.f5.com mapped IP address 10.20.2.207 is used in the configuration.

    router bgp 64443
    bgp router-id 0.0.107.127
    no bgp default ipv4-unicast
    bgp log-neighbor-changes
    bgp graceful-restart restart-time 120
    max-paths ebgp 4
    redistribute kernel
    neighbor spk-peers peer-group
    neighbor spk-peers remote-as 3535
    neighbor spk-peers ebgp-multihop 100
    neighbor spk-peers activate
    neighbor spk-peers soft-reconfiguration inbound
    neighbor 10.20.2.207 peer-group spk-peers
    neighbor 10.20.2.207 activate
    
  7. The TMM Pods should now peer with the BGP neighbors based on the node they are running.

Configuration updates

The configuration updates section describes how to update the SPKs BGP peering settings when either adding a new cluster node, or changing BGP peer IP addresses.

Adding new nodes

Use the steps below to add a new node to the cluster.

Note: These steps can also be followed for replacing nodes without interruption of service.

  1. Integrate the new cluster node.
  2. Configure the peer BGP Router for the new node.
  3. Update the SPKs BGP ConfigMap with the node and node IP address information.
  4. New TMM Pods can now be scheduled to the new node.

Changing BGP peer IPs

Use these step when changing BGP peer IP addresses.

Note: These steps can also be followed when BGP peers need to be replaced.

  1. Configure the BGP peers with new IP addresses.

  2. Update the SPKs ConfigMap by mapping each new BGP peer IP address with the correct cluster node name.

  3. Delete the TMM Pods in the namespace:

    kubectl delete pods -l app=f5-tmm -n spk-ingress
    
  4. The new TMM Pods should deploy automatically, reading the new BGP peer IP addresses from the SPKs config map.

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.