Add BGP confederation support in BGPPolicy #6927
Conversation
hongliangl
added
action/release-note
hongliangl
force-pushed
the
20241205-bgp-confederation-controller
branch
from
5e8cee4 to
c1233b6
Compare
hongliangl
force-pushed
the
20241205-bgp-confederation-controller
branch
from
c1233b6 to
8bd9ee8
Compare
docs/bgp-policy.md
Outdated
| ### Confederation | ||
|
|
||
| The `Confederation` field specifies that the BGP process operates within a confederation identified by ASN `65000`, | ||
| with other member ASNs `64513` and `64514`. |
There was a problem hiding this comment.
This is the only field for which the description refers to specific values used in the example, so that's inconsistent. I would recommend just having a generic description here, and adding a link to the more comprehensive confederation example which comes later in the document.
| return !(a == nil && b == nil) && | ||
| (a == nil || b == nil || a.identifier != b.identifier || !a.peers.Equal(b.peers)) |
There was a problem hiding this comment.
this seems incorrect to me. If a and b are both nil, the function will return false because of the negation (!(a == nil && b == nil). Am I missing something, and if not, should this be caught by unit tests? Could you double check?
I would have expected something like this:
return (a == nil && b == nil) || (a != nil && b != nil && a.identifier == b.identifier && a.peers.Equal(b.peers))There was a problem hiding this comment.
The code you provided improves readability within the function, but its logic represents confederationConfigNotChanged, not the current one confederationConfigChanged, if I understand correctly.
Currently, the code implements the opposite logic in confederationConfigChanged, which is less readable. The logic for confederationConfigChanged is:
!(a == nil && b == nil) && (a == nil || b == nil || a.identifier != b.identifier || !a.peers.Equal(b.peers)).
If we negate it, the result simplifies to:
- !!(a == nil && b == nil) && (a == nil || b == nil || a.identifier != b.identifier || !a.peers.Equal(b.peers))
- (a == nil && b == nil) || !(a == nil || b == nil || a.identifier != b.identifier || !a.peers.Equal(b.peers))
- (a == nil && b == nil) || (a != nil && b != nil && a.identifier == b.identifier && a.peers.Equal(b.peers))
It is the same as the example you provided.
Signed-off-by: Hongliang Liu <[email protected]>
hongliangl
force-pushed
the
20241205-bgp-confederation-controller
branch
from
8bd9ee8 to
8c3d330
Compare
| } | ||
| } | ||
|
|
||
| func confederationConfigNotChanged(a, b *confederationConfig) bool { |
There was a problem hiding this comment.
maybe rename to confederationConfigEqual now that you have inverted the logic?
| @@ -1890,7 +2106,8 @@ func generateBGPPolicyState(bgpPolicyName string, | |||
| localASN int32, | |||
| routerID string, | |||
| bgpRoutes []bgp.Route, | |||
| peerConfigs []bgp.PeerConfig) *bgpPolicyState { | |||
| peerConfigs []bgp.PeerConfig, | |||
| patchFns ...func(*bgpPolicyState)) *bgpPolicyState { | |||
There was a problem hiding this comment.
it's weird to introduce this patching mechanism but only use it for configuring the confederation.
I think you should either:
- use a
*confederationConfigparameter (nilis used if there is no confederation), or - use "patch" functions for everything
An example of solution 2:
generateBGPPolicyState("foo", x, y, z, withRoutes(route1, route2), withPeers(peer1, peer2, peer3))
generateBGPPolicyState("bar", x, y, z, withRoutes(route1, route2), withPeers(peer1), withConfederation(c))| defer data.crdClient.CrdV1alpha1().BGPPolicies().Delete(context.TODO(), bgpPolicyName, metav1.DeleteOptions{}) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
these lines should be swapped?
| NodeSelector: metav1.LabelSelector{ | ||
| MatchLabels: map[string]string{}, | ||
| t.Run("One BGPPolicy applied to all Nodes", func(t *testing.T) { | ||
| const bgpPolicyName = "test-policy-alfa" |
There was a problem hiding this comment.
I think you mean "alpha" :P
| updatedBGPPolicy.Spec.Advertisements.Pod = nil | ||
| _, err = data.crdClient.CrdV1alpha1().BGPPolicies().Update(context.TODO(), updatedBGPPolicy, metav1.UpdateOptions{}) | ||
| require.NoError(t, err) | ||
| t.Run("Multiple BGPPolies applied to different Nodes within a confederation", func(t *testing.T) { |
There was a problem hiding this comment.
typo: s/BGPPolies/BGPPolicies
| t.Log("Verify the connectivity of the installed routes on remote FRR route") | ||
| ipsToConnect := []string{podIP, clusterIP} | ||
| for _, ip := range ipsToConnect { | ||
| cmd := fmt.Sprintf("/usr/bin/wget -O - http://%s:8080/hostname -T 5", ip) | ||
| rc, stdout, _, err := exec.RunDockerExecCommand(externalInfo.externalFRRCID, cmd, "/", nil, "") | ||
| require.NoError(t, err) | ||
| require.Equal(t, 0, rc) | ||
| require.Equal(t, podName, stdout) | ||
| } |
There was a problem hiding this comment.
I think this is repeated multiple times, could you define a helper function - ideally inside the test function
| defer func() { | ||
| data.updateServiceInternalTrafficPolicy("agnhost-svc", false) | ||
| }() |
There was a problem hiding this comment.
defer data.updateServiceInternalTrafficPolicy("agnhost-svc", false)
| defer data.crdClient.CrdV1alpha1().BGPPolicies().Delete(context.TODO(), bgpPolicyName, metav1.DeleteOptions{}) | ||
| require.NoError(t, err) |
| const confederationIdentifier = int32(60000) | ||
| const updatedConfederationIdentifier = int32(60001) |
There was a problem hiding this comment.
these constants don't really need to be "typed"
| t.Log("Create a test BGPPolicy selecting all Nodes as well as advertising ClusterIPs and Pod CIDRs") | ||
| const confederationIdentifier = int32(60000) | ||
| const updatedConfederationIdentifier = int32(60001) | ||
| asnStart := int32(61000) |
There was a problem hiding this comment.
based on usage, I am not sure why you use a variable here while you use constants for confederation identifiers.
| - `identifier`: Specifies the ASN of the confederation, serving as its identifier. | ||
| - `memberASNs`: Specifies the ASNs of other members that are part of the confederation. | ||
|
|
||
| See example [BGP Confederation]. |
There was a problem hiding this comment.
Maybe update the [Confederation] to [Advertise Pod IPs through BGP Confederation] to avoid the internal link with number like '(#confederation-1)' in TOC.
| apiVersion: crd.antrea.io/v1alpha1 | ||
| kind: BGPPolicy | ||
| metadata: | ||
| name: example-bgp-policy |
There was a problem hiding this comment.
| name: example-bgp-policy | |
| name: example-bgp-policy-with-confederation |
| notExpectedRoutes := []FRRRoute{{Prefix: clusterIP + "/32", Nexthops: getAllNodeIPs()}} | ||
| checkFRRRouterBGPRoutes(t, expectedRoutes, notExpectedRoutes) | ||
|
|
||
| t.Log("verify the connectivity of the installed routes on remote FRR route") |
There was a problem hiding this comment.
| t.Log("verify the connectivity of the installed routes on remote FRR route") | |
| t.Log("verify the connectivity of the installed routes on the remote FRR router") |
| require.NoError(t, err) | ||
| } | ||
|
|
||
| t.Log("Get routes installed on remote FRR router and verify them") |
There was a problem hiding this comment.
| t.Log("Get routes installed on remote FRR router and verify them") | |
| t.Log("Get routes installed on the remote FRR router and verify them") |
| expectedRoutes = []FRRRoute{{Prefix: clusterIP + "/32", Nexthops: []string{nodeIPv4(0)}}} | ||
| notExpectedRoutes := []FRRRoute{{Prefix: clusterIP + "/32", Nexthops: getAllNodeIPs()}} | ||
| checkFRRRouterBGPRoutes(t, expectedRoutes, notExpectedRoutes) | ||
| t.Log("Get the routes installed on remote FRR router and verify them") |
| } | ||
|
|
||
| for _, bgpPolicy := range bgpPolicies { | ||
| t.Log("Update the test BGPPolicy with a new confederation identifier and removing Pod CIDR advertisement") |
There was a problem hiding this comment.
| t.Log("Update the test BGPPolicy with a new confederation identifier and removing Pod CIDR advertisement") | |
| t.Log("Update the test BGPPolicy %s with a new confederation identifier and removing Pod CIDR advertisement", bgpPolicy.Name) |
For #6567
Done: add some text about ASN to documentation.
Depends on #6905