Cilium BGP Control Plane

BGP Control Plane provides a way for Cilium to advertise routes to connected routers by using the Border Gateway Protocol (BGP). BGP Control Plane makes Pod networks and/or Services reachable from outside the cluster for environments that support BGP. Because BGP Control Plane does not program the datapath, do not use it to establish reachability within the cluster.

Video

For more insights on Cilium’s BGP, check out eCHO episode 101: More BGP fun with Cilium.

Prerequisites

Installation

Cilium BGP Control Plane can be enabled with Helm flag bgpControlPlane.enabled set as true.

$ helm upgrade cilium cilium/cilium --version 1.16.3 \
    --namespace kube-system \
    --reuse-values \
    --set bgpControlPlane.enabled=true
$ kubectl -n kube-system rollout restart ds/cilium

IPv4/IPv6 single-stack and dual-stack setup are supported. Note that the BGP Control Plane can only advertise the route of the address family that the Cilium is configured to use. You cannot advertise IPv4 routes when the Cilium Agent is configured to use only IPv6 address family. Conversely, you cannot advertise IPv6 routes when Cilium Agent is configured to use only IPv4 address family.

Configuring BGP Control Plane

There are two ways to configure the BGP Control Plane. Using legacy CiliumBGPPeeringPolicy resource, or using newer BGP resources like CiliumBGPClusterConfig. Currently, both configuration options are supported, however CiliumBGPPeeringPolicy will be deprecated in the future.

Troubleshooting and Operation Guide