Skip to content

bgp_filtering.md

Latest commit

 

History

History
102 lines (77 loc) · 2.5 KB

bgp_filtering.md

File metadata and controls

102 lines (77 loc) · 2.5 KB

BGP Filtering

This document summarizes a testbed for bgp filters, using a node external to calicoVPP KinD cluster, in the same docker bridge network. The external node peers with the cluster nodes and filters are included.

create the external node in the kind cluster network, and install gobgp:

docker run -d --name my-ubuntu-container --network kind -it ubuntu \
 sleep infinity
docker exec my-ubuntu-container apt update
docker exec my-ubuntu-container apt install golang -y
docker exec my-ubuntu-container apt install iproute2 -y
wget https://github.com/osrg/gobgp/releases/download/v3.14.0/gobgp_3.14.0_linux_amd64.tar.gz
docker cp gobgp_3.14.0_linux_amd64.tar.gz my-ubuntu-container:/
docker exec my-ubuntu-container tar -xf gobgp_3.14.0_linux_amd64.tar.gz

use the same as number as the cluster nodes peering, and the external node address as a router-id, and add every node as a neighbor:

example:

echo "
[global.config]
  as = 64512
  router-id = '172.18.0.7'
  local-address-list = ['172.18.0.7']
  port = 179

[[neighbors]]
  [neighbors.config]
    neighbor-address = '172.18.0.4'
    peer-as = 64512

[[neighbors]]
  [neighbors.config]
    neighbor-address = '172.18.0.3'
    peer-as = 64512

[[neighbors]]
  [neighbors.config]
    neighbor-address = '172.18.0.2'
    peer-as = 64512

[[neighbors]]
  [neighbors.config]
    neighbor-address = '172.18.0.5'
    peer-as = 64512

" > ./gobgp.conf

docker cp gobgp.conf my-ubuntu-container:/

docker exec -d  my-ubuntu-container  ./gobgpd -f ./gobgp.conf &  \
 >/dev/null 2>&1

Add a route to test advertisement

docker exec my-ubuntu-container ./gobgp -u 172.18.0.7 global rib \
 add 1.2.3.4/32 nexthop 172.18.0.7

add external node as a bgppeer using this file with the correct peerIP

kubectl apply test/yaml/bgp/externalBgpPeer.yaml

check that 1.2.3.4/32 address is advertised on your clusters nodes:

kubectl -n calico-vpp-dataplane  exec -it $(kubectl -n calico-vpp-dataplane \
 get pod | grep -v  NAME | awk '{print $1}'| awk 'NR==1') -c agent -- \
 gobgp global rib

Add a bgpfilter filtering out that address:

kubectl apply test/yaml/bgp/bgpFilter.yaml

Apply it to your bgppeer by adding this to the object:

spec:
  filters:
    - bgpftest

check that 1.2.3.4/32 address is not advertised anymore:

kubectl -n calico-vpp-dataplane  exec -it $(kubectl -n calico-vpp-dataplane \
 get pod | grep -v  NAME | awk '{print $1}'| awk 'NR==1') -c agent -- \
 gobgp global rib