In a hybrid cloud environment where your on-premises data center runs a Border Gateway Protocol (BGP) network, Calico must operate in BGP Peer mode. This mode lets Calico peer directly with the switches and routers in your data center, advertising container routes into your physical network. This topic describes how to configure Calico BGP peering for a Kubernetes cluster deployed in your data center.
BGP Peer mode requires all switches and routers in your data center to support BGP.
Prerequisites
Before you begin, ensure that you have:
A Kubernetes cluster running in your data center with the Calico plug-in installed. See Install Calico
Your data center connected to Cloud Enterprise Network (CEN). See Enable communication between on-premises and cloud networks
Architecture overview
The following figure shows how a data center connects to Alibaba Cloud.
Configure BGP peering
Step 1: Install calicoctl
Install calicoctl on your master node.
Step 2: Apply BGP configuration
Step 2a: Disable node-to-node mesh and set the AS number
Apply the following BGPConfiguration. Replace asNumber with your data center's AS number.
kubectl apply -f - << EOF
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
name: default
spec:
logSeverityScreen: Info
nodeToNodeMeshEnabled: false
asNumber: 64513
EOF| Parameter | Description | Example |
|---|---|---|
nodeToNodeMeshEnabled | Controls whether Calico forms a full BGP mesh between all nodes. Set to false when peering with external routers instead. | false |
asNumber | The Autonomous System (AS) number for your data center. Set this based on your data center configuration. | 64513 |
logSeverityScreen | Log verbosity for the BGP process. Info is suitable for production use. | Info |
Step 2b: Create a global BGP peer
Apply the following BGPPeer resource. Replace peerIP and asNumber with the values for your data center.
kubectl apply -f - << EOF
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
name: my-global-peer
spec:
peerIP: 192.168.0.1
asNumber: 64513
EOF| Parameter | Description | Example |
|---|---|---|
peerIP | The IP address of the BGP peer (your switch or router). | 192.168.0.1 |
asNumber | The AS number for BGP peering. Set this based on your data center configuration. | 64513 |
Step 3: Verify BGP peering
Confirm that the BGP session is established using one of the following methods.
Option 1: Use calicoctl
Run the following command on your master node:
[root@master ~]# ./calicoctl node status
Calico process is running.
IPv4 BGP status
+--------------+-----------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+--------------+-----------+-------+----------+-------------+
| 192.168.0.1 | global | up | 03:38:03 | Established |
+--------------+-----------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.The BGP session is active when STATE shows up and INFO shows Established.
Option 2: Check the VPC route table
Log on to the VPC console.
In the left-side navigation pane, click Route Tables.
On the Route Tables page, click the name of the route table to go to the details page.
Click Route Entry List, then click Cloud Enterprise Network to confirm that a new route entry has been added.