K
Q

Calico advertising all Kubernetes node subnets from all nodes

6/27/2019

Diagram of Nodes

I have Calico Node2Node Mesh running. And successfully setup peering with my upstream switches.

What Looks strange, is it appears that every node is advertising all the node networks. I would think that each node should advertise its /26 range and the Services range. Instead, it is advertising all 4 /26 (node specific subnets) and the services range. I am worried this is having some multipathing problems.

Is this expected behavior?

172.16. routes are nodes specific 172.20. is where the kube clusterip services

172.16.149.0/26  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1
172.16.155.64/26  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1
172.16.176.192/26  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1
172.16.248.128/26  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1
172.20.0.0/16  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1
172.20.88.169  proto bgp  metric 20
        nexthop via 192.168.101.201  dev vlan101 weight 1
        nexthop via 192.168.101.202  dev vlan101 weight 1
        nexthop via 192.168.101.203  dev vlan101 weight 1
        nexthop via 192.168.101.204  dev vlan101 weight 1

Calico BGP Manifest

---
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: netgate
spec:
  peerIP: 192.168.100.1
  asNumber: 65534
-- Roogles
bgp
kubernetes
project-calico

Similar Questions

how to access helm charts folder
How to dynamically create parameterized pods in kubernetes
Add Kubernetes cluster to GitLab group via GitLab API
How to configure a Flask ws in Kubernetes with SSL?
how to set identityservice4 to tls https on k8s?

1 Answer

8/18/2019

If the connections are EBGP ( different AS) then any routes received via EBGP neighbors will be sent to all EBGP neighbors by default. You wont need to advertise that in BGP because its already in the BGP table. To change this you should have outbound filter in place where each node should only permit the node network. Even if you dont put it , it wont create any immediate issue since other routes will be longer however its the best practice to avoid any weird problems in future.

-- kash88
Source: StackOverflow