Bgp control plane: add route aggregation feature #37275

romanspb80 · 2025-01-27T00:53:03Z

Add route aggregation feature in BGP Control Plane (RFC 4632)
New route aggregation options under the CiliumBGPAdvertisement.

apiVersion: cilium.io/v2alpha1
kind: CiliumBGPAdvertisement
metadata:
  name: bgp-advertisements
  labels:
    advertise: bgp
spec:
  advertisements:
    - advertisementType: "Service"
      service:
        aggregationLengthIPv4: 24                  <<<<<<<<<<<<<<   New Field
        aggregationLengthIPv6: 120                 <<<<<<<<<<<<<<   New Field

Fixes: #36777

Signed-off-by: Roman Ptitcyn romanspb@yahoo.com

harsimran-pabla

Hi @romanspb80 Before jumping into the code review of the implementation, I think we need to agree on the API change. I still think user should specify aggregation length instead of dynamically calculating it based on the boolean flag.

In vast majority of cases there is going to be single IP returned from getServicePrefix
, so with single /32 or /128 prefix there will be nothing to aggregate.

Have you tested this change on kubernetes cluster with sample loadbalancer service ? can you provide some example outputs how aggregation will look like?

romanspb80 · 2025-01-30T20:22:35Z

Hi @romanspb80 Before jumping into the code review of the implementation, I think we need to agree on the API change. I still think user should specify aggregation length instead of dynamically calculating it based on the boolean flag.

In vast majority of cases there is going to be single IP returned from getServicePrefix , so with single /32 or /128 prefix there will be nothing to aggregate.

Have you tested this change on kubernetes cluster with sample loadbalancer service ? can you provide some example outputs how aggregation will look like?

Hi @harsimran-pabla . Thanks for the comment.
I agree with you that the most common case would be single prefix. But there ar 8000 e couple of points which are worth discussing.
For example, we can use annotation to assign multiple ips for serice advertisement:

apiVersion: v1
kind: Service
metadata:
  name: nginxservice
  annotations:
    "io.cilium/lb-ipam-ips": "172.16.102.2,172.16.102.8"
spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - name: grpc
    port: 8888
    targetPort: 80

In this case the dynamically calculating works:

bash-5.1# ./gobgp neighbor 172.18.0.2 adj-in
   ID  Network              Next Hop             AS_PATH              Age        Attrs
   0   10.244.1.0/24        172.18.0.2           65002                00:03:05   [{Origin: i}]
   0   172.16.102.0/28      172.18.0.2           65002                00:00:05   [{Origin: i}]
bash-5.1#

The dynamically calculated mask /28 is more efficiently then if we set the mask /24 manualy.

Also there is another case which I noted in my comment :
"I would also like to note that in this pull request, aggregation is performed only for prefixes within the service. But in this PR I made a feature in which aggregation takes into account all services with this option and the route aggregation is global for all prefixes of the affected services. I suggest discussing this point too."

Thanks

harsimran-pabla · 2025-01-30T20:47:09Z

But there are couple of points which are worth discussing. For example, we can use annotation to assign multiple ips for serice advertisement

Yes, but the common case is that each service gets single /32 prefix. And if we pick start and end address from various services which have aggregate flag set, resulting aggregated prefix can be very large range - as services can have IPs allocated from different lb-ipam pools.

harsimran-pabla · 2025-01-30T20:52:54Z

"I would also like to note that in this pull request, aggregation is performed only for prefixes within the service. But in this #36791 I made a feature in which aggregation takes into account all services with this option and the route aggregation is global for all prefixes of the affected services. I suggest discussing this point too."

This approach was modifying LB Pool with a aggregate flag. Why not introduce new BGP advertisement type which will advertise complete LB IPAM pool range ? Implementation would be much simpler and not change existing service reconcilers.

I am trying to understand if the goal is to reduce /32 prefix announcements, can we achieve it with this simpler mechanism. Existing service announcements can be configured if user wants to service with eTP=Local to work.

romanspb80 · 2025-01-30T23:31:06Z

"I would also like to note that in this pull request, aggregation is performed only for prefixes within the service. But in this #36791 I made a feature in which aggregation takes into account all services with this option and the route aggregation is global for all prefixes of the affected services. I suggest discussing this point too."

This approach was modifying LB Pool with a aggregate flag. Why not introduce new BGP advertisement type which will advertise complete LB IPAM pool range ? Implementation would be much simpler and not change existing service reconcilers.

I am trying to understand if the goal is to reduce /32 prefix announcements, can we achieve it with this simpler mechanism. Existing service announcements can be configured if user wants to service with eTP=Local to work.

Yes, that makes sense. So instead of dynamic calculation use the cidr (or all cidrs from the LB pool) mask right away?
For example, if cidr from LB pool is 172.16.102.0/25 then bgp advertisement will be same in case of enabled aggregation.
We can also add an option for the case where the pool contains multiple cidrs, then they can be aggregated if they are adjacent.

harsimran-pabla · 2025-02-03T14:49:35Z

We can also add an option for the case where the pool contains multiple cidrs, then they can be aggregated if they are adjacent.

No, I would still prefer each pool advertisement. Atleast we should start with this common case and see later if it makes sense to improve further upon it. In this approach, feature is not about prefix aggregation. It is more about LB Pool advertisement.

harsimran-pabla · 2025-02-03T15:00:01Z

There are two approaches to reduce /32 advertisements, I am not leaning towards one or the other.

Introduce new advertisement type, which is LB Pool Advert. This will advertise LB Pool prefix regardless of checking backend services. Much simpler implementation as well as larger prefix block can be advertised. Drawback is that if you'd want services with eTP=Local, this is not enough. And other cases of cluster ip/external ip advertisement, this advertisement type is not the solution for it.
Provide prefix length as previously discussed here.

I am not yet convinced if we need to jump straight into auto-aggregation, we can look at it in the future. At this stage, I think we need something simpler and deterministic.

romanspb80 · 2025-02-03T18:53:57Z

Ok. Will do this approach:

Provide prefix length as previously discussed here.

maintainer-s-little-helper · 2025-02-08T21:20:13Z

Commit 3a5d0c8 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

romanspb80 · 2025-02-08T21:38:06Z

Hi @harsimran-pabla
I've updated PR in accordance with the second approach. I added two fields:

aggregationLengthIPv4 with range 24..31
aggregationLengthIPv6 with range 120..127

It makes sense to discuss the thresholds of these ranges.

Thanks

harsimran-pabla

Thanks @romanspb80 for the changes. API looks good to me, there are few other comments regarding the implementation.

Route policies should be done for all service types ( external IP, cluster IP ), currently it implemented for LB Ingress IP only.
Unit tests are missing.
Route policies which are merged here should be sorted based on prefix length. For eg, if multiple advertisements match same service, longer prefix should be first.

pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go

pkg/bgpv1/manager/reconcilerv2/service.go

tommyp1ckles

@cilium/sig-k8s CRD changes look good to me. I do see that @harsimran-pabla had a comment regarding the need for the min values.

romanspb80 · 2025-02-16T14:18:33Z

@harsimran-pabla , I've updated the PR in accordance with the comments.
Thanks

romanspb80 · 2025-03-07T21:03:55Z

Hi @romanspb80, instead of merge commit, can you please rebase only your change on top of latest. merge-commit is not allowed in Cilium.

Also, we promoted the BGP APIs from v2alpha1 to v2, I see that you updated the API in v2. Similar to change in pkg/k8s/apis/cilium.io/v2/bgp_advert_types.go, you should do same change in pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go, we want to keep both APIs same for time being. This helps in easy migration for users from v2alpha1 to v2.

Thank you, @harsimran-pabla . I updated the change

YutaroHayakawa · 2025-03-09T06:22:11Z

/test

harsimran-pabla · 2025-03-13T14:04:10Z

@romanspb80 I think you'd need to rebase on latest to get the failing test to pass. Check this comment on slack.

New route aggregation option under the CiliumBGPAdvertisement. apiVersion: cilium.io/v2alpha1 kind: CiliumBGPAdvertisement metadata: name: bgp-advertisements labels: advertise: bgp spec: advertisements: - advertisementType: "Service" service: aggregationLengthIPv4: 24 <<<<<<<<<<<<<< New Field aggregationLengthIPv6: 120 <<<<<<<<<<<<<< New Field Fixes: cilium#36777 Signed-off-by: Roman Ptitcyn <romanspb@yahoo.com>

romanspb80 · 2025-03-15T06:48:08Z

/test

romanspb80 · 2025-03-15T12:12:06Z

@romanspb80 I think you'd need to rebase on latest to get the failing test to pass. Check this comment on slack.

done. Thanks!

romanspb80 requested review from a team as code owners January 27, 2025 00:53

romanspb80 requested review from ovidiutirla, tommyp1ckles and harsimran-pabla January 27, 2025 00:53

maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 27, 2025

github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Jan 27, 2025

romanspb80 mentioned this pull request Jan 27, 2025

Add route summarization to bgp advertistments services #36791

Closed

harsimran-pabla requested changes Jan 30, 2025

View reviewed changes

romanspb80 requested a review from harsimran-pabla February 2, 2025 13:35

maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 8, 2025

romanspb80 force-pushed the BGP-Control-Plane--add-route-aggregation branch from 3a5d0c8 to 89a459f Compare February 8, 2025 21:28

maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 8, 2025

harsimran-pabla requested changes Feb 10, 2025

View reviewed changes

pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go Outdated Show resolved Hide resolved

pkg/bgpv1/manager/reconcilerv2/service.go Outdated Show resolved Hide resolved

pkg/bgpv1/manager/reconcilerv2/service.go Outdated Show resolved Hide resolved

tommyp1ckles approved these changes Feb 14, 2025

View reviewed changes

romanspb80 force-pushed the BGP-Control-Plane--add-route-aggregation branch 2 times, most recently from 4e3904e to 4d27eee Compare February 16, 2025 14:14

romanspb80 requested a review from harsimran-pabla February 16, 2025 14:18

romanspb80 force-pushed the BGP-Control-Plane--add-route-aggregation branch from 4d27eee to 1af4fc5 Compare February 19, 2025 19:56

harsimran-pabla removed request for ovidiutirla, nathanjsweet, sayboras, aspsk, bimmlerd, doniacld, kaworu, squeed, derailed, christarazi, dlapcevic, brlbil, pchaigno and jrajahalme March 7, 2025 21:02

pchaigno enabled auto-merge March 9, 2025 08:20

pchaigno disabled auto-merge March 9, 2025 08:22

romanspb80 force-pushed the BGP-Control-Plane--add-route-aggregation branch 3 times, most recently from 20fc92b to 27801fa Compare March 10, 2025 20:28

romanspb80 mentioned this pull request Mar 11, 2025

Add new member romanspb80 cilium/community#218

Merged

romanspb80 force-pushed the BGP-Control-Plane--add-route-aggregation branch from 27801fa to f61646e Compare March 14, 2025 23:25

pchaigno added this pull request to the merge queue Mar 15, 2025

Merged via the queue into cilium:main with commit 9e1e31a Mar 15, 2025
67 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bgp control plane: add route aggregation feature #37275

Bgp control plane: add route aggregation feature #37275

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bgp control plane: add route aggregation feature #37275

Bgp control plane: add route aggregation feature #37275

Uh oh!

Conversation

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!