|
| 1 | +--- |
| 2 | +title: Configure MetalLB via BGP on Azure Stack Edge |
| 3 | +description: Describes how to configure MetalLB via Border Gateway Protocol for load balancing on your Azure Stack Edge device. |
| 4 | +services: databox |
| 5 | +author: alkohli |
| 6 | + |
| 7 | +ms.service: databox |
| 8 | +ms.subservice: edge |
| 9 | +ms.topic: how-to |
| 10 | +ms.date: 09/24/2021 |
| 11 | +ms.author: alkohli |
| 12 | +--- |
| 13 | +# Configure load balancing with MetalLB on your Azure Stack Edge |
| 14 | + |
| 15 | +[!INCLUDE [applies-to-GPU-and-pro-r-and-mini-r-skus](../../includes/azure-stack-edge-applies-to-gpu-pro-r-mini-r-sku.md)] |
| 16 | + |
| 17 | +This article describes how to configure load balancing on your Azure Stack Edge device using MetalLB via Border Gateway Protocol (BGP). |
| 18 | + |
| 19 | +## About MetalLB and load balancing |
| 20 | + |
| 21 | +MetalLB is a load-balancer implementation for bare metal Kubernetes clusters. MetalLB serves two functions: it assigns IP addresses to the Kubernetes load balancer services from a configured pool of IP addresses and then announces the IP to the external network. MetalLB achieves these functions through standard routing protocols such as Address Resolution Protocol (ARP), Neighbor Discovery Protocol (NDP), or Border Gateway Protocol (BGP). |
| 22 | + |
| 23 | +For more information, see [BGP mode for MetalLB](https://metallb.universe.tf/configuration/#bgp-configuratioN). |
| 24 | + |
| 25 | +## MetalLB on Azure Stack Edge |
| 26 | + |
| 27 | +There are multiple networking components such as Calico, MetalLB, and Core DNS installed on your Azure Stack Edge device. MetalLB hooks into the Kubernetes cluster running on your Azure Stack Edge device, and allows you to create Kubernetes services of type `LoadBalancer` in the cluster. |
| 28 | + |
| 29 | +In BGP mode, all machines in the cluster establish BGP peering sessions with nearby routers that you control, and tell those routers how to forward traffic to the service IPs.MetalLB with the Border Gateway Protocol (BGP) is not the default networking mode for the Kubernetes cluster running on your device. To configure MetalLB via BGP, you designate the top-of-rack (ToR) switch as the load balancer and set up peer sessions. |
| 30 | + |
| 31 | +MetalLB in BGP mode can be configured to achieve low failover times if you are using 2-node devices. This configuration is more involved than the standard configuration as you may not have access to the top-of-rack switch. |
| 32 | + |
| 33 | +## Configure MetalLB |
| 34 | + |
| 35 | +You can configure MetalLB in BGP mode by connecting to the PowerShell interface of the device and then running specific cmdlets. |
| 36 | + |
| 37 | +### Prerequisites |
| 38 | + |
| 39 | +Before you begin, make sure that: |
| 40 | +- Compute is enabled on one port of the device. This creates a virtual switch on that port. |
| 41 | + - To enable compute, in the local UI for your device, go to **Advanced networking** page and select a port on which you want to enable compute. |
| 42 | + - In the **Network settings** page, enable the port for compute. **Apply** the settings. |
| 43 | +- You have available IPs in the same subnet the port that you enabled for compute on your device. |
| 44 | + |
| 45 | +### Configuration |
| 46 | + |
| 47 | +For a basic configuration for MetalLB using BGP session, you need the following information: |
| 48 | + |
| 49 | +- The peer IP address that MetalLB should connect to. |
| 50 | +- The peer's Autonomous System Number (ASN). BGP requires that routes are announced with an ASN for peer sessions. |
| 51 | +- The ASN MetalLB should use. ASNs are 16-bit numbers between 1 and 65534 and 32-bit numbers between 131072 and 4294967294. |
| 52 | + |
| 53 | +> [!IMPORTANT] |
| 54 | +> For MetalLB to work in BGP mode, peers must be specified. If no BGP peers are specified, MetalLB will work in default layer 2 mode. For more information, see [Layer 2 mode in MetalLB](https://metallb.universe.tf/concepts/layer2/). |
| 55 | +
|
| 56 | + |
| 57 | +Follow these steps to configure MetalLB in BGP mode: |
| 58 | + |
| 59 | +1. [Connect to the PowerShell interface](azure-stack-edge-gpu-connect-powershell-interface.md#connect-to-the-powershell-interface) of the device. |
| 60 | + |
| 61 | +1. Run the `Get-HcsExternalVirtualSwitch` cmdlet to get the name of the external virtual switch that you'll use for BGP mode. This virtual switch is created when you enabled the port for compute. |
| 62 | + |
| 63 | + ```powershell |
| 64 | + Get-HcsExternalVirtualSwitch |
| 65 | + ``` |
| 66 | +1. Run the `Set-HcsBGPPeer` cmdlet to establish a BGP peer session. |
| 67 | +
|
| 68 | + ```powershell |
| 69 | + Set-HcsBGPPeer -PeerAddress <IP address of the port that you enabled for compute> -PeerAsn <ASN for the peer> -SelfAsn <Your ASN> -SwitchName <Name of virtual switch on the port enabled for compute> -HoldTimeInSeconds <Optional hold time in seconds> |
| 70 | + ``` |
| 71 | +1. Once you have established the session, run the `Get-HcsBGPPeers` cmdlet to get the peer sessions that exist on a virtual switch. |
| 72 | +
|
| 73 | + ```powershell |
| 74 | + Get-HcsBGPPeers -SwitchName <Name of virtual switch that you enabled for compute> |
| 75 | + ``` |
| 76 | +1. Run the `Remove-HcsBGPPeer` cmdlet to remove the peer session. |
| 77 | +
|
| 78 | + ```powershell |
| 79 | + Remove-HcsBGPPeer -PeerAddress <IP address of the port that you enabled for compute> -SwitchName <Name of virtual switch on the port enabled for compute> |
| 80 | + ``` |
| 81 | +1. Run the `Get-HcsBGPPeers` to verify that the peer session is removed. |
| 82 | +
|
| 83 | +Here is an example output: |
| 84 | +
|
| 85 | +```powershell |
| 86 | +Windows PowerShell |
| 87 | +Copyright (C) Microsoft Corporation. All rights reserved. |
| 88 | +
|
| 89 | +Try the new cross-platform PowerShell https://aka.ms/pscore6 |
| 90 | +
|
| 91 | +PS C:\WINDOWS\system32> $Name = "dbe-1csphq2.microsoftdatabox.com" |
| 92 | +PS C:\WINDOWS\system32> Set-Item WSMan:\localhost\Client\TrustedHosts $Name -Concatenate -Force |
| 93 | +PS C:\WINDOWS\system32> $sessOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck |
| 94 | +PS C:\WINDOWS\system32> Enter-PSSession -ComputerName $Name -Credential ~\EdgeUser -ConfigurationName Minishell -UseSSL -SessionOption $sessOptions |
| 95 | +WARNING: The Windows PowerShell interface of your device is intended to |
| 96 | +be used only for the initial network configuration. Please |
| 97 | +engage Microsoft Support if you need to access this interface |
| 98 | +to troubleshoot any potential issues you may be experiencing. |
| 99 | +Changes made through this interface without involving Microsoft |
| 100 | +Support could result in an unsupported configuration. |
| 101 | +[dbe-1csphq2.microsoftdatabox.com]: PS>Get-HcsExternalVirtualSwitch |
| 102 | +
|
| 103 | +Name : vSwitch1 |
| 104 | +InterfaceAlias : {Port2} |
| 105 | +EnableIov : False |
| 106 | +MacAddressPools : |
| 107 | +IPAddressPools : {} |
| 108 | +BGPPeers : |
| 109 | +ConfigurationSource : Dsc |
| 110 | +EnabledForCompute : False |
| 111 | +EnabledForStorage : False |
| 112 | +EnabledForMgmt : True |
| 113 | +SupportsAcceleratedNetworking : False |
| 114 | +DbeDhcpHostVnicName : 3cb2d0ae-6a7b-44cc-8a5d-8eac2d1c0436 |
| 115 | +VirtualNetworks : {} |
| 116 | +EnableEmbeddedTeaming : True |
| 117 | +Vnics : {} |
| 118 | +Type : External |
| 119 | +
|
| 120 | +Name : vSwitch2 |
| 121 | +InterfaceAlias : {Port3, Port4} |
| 122 | +EnableIov : False |
| 123 | +MacAddressPools : |
| 124 | +IPAddressPools : {} |
| 125 | +BGPPeers : |
| 126 | +ConfigurationSource : Dsc |
| 127 | +EnabledForCompute : False |
| 128 | +EnabledForStorage : True |
| 129 | +EnabledForMgmt : False |
| 130 | +SupportsAcceleratedNetworking : False |
| 131 | +DbeDhcpHostVnicName : 8dd480c0-8f22-42b1-8621-d2a43f70690d |
| 132 | +VirtualNetworks : {} |
| 133 | +EnableEmbeddedTeaming : True |
| 134 | +Vnics : {} |
| 135 | +Type : External |
| 136 | +
|
| 137 | +[dbe-1csphq2.microsoftdatabox.com]: PS>Set-HcsBGPPeer -PeerAddress 10.126.77.125 -PeerAsn 64512 -SelfAsn 64513 -SwitchName vSwitch1 -HoldTimeInSeconds 15 |
| 138 | +[dbe-1csphq2.microsoftdatabox.com]: PS>Get-HcsBGPPeers -SwitchName vSwitch1 |
| 139 | +
|
| 140 | +PeerAddress PeerAsn SelfAsn HoldTime |
| 141 | +----------- ------- ------- -------- |
| 142 | +10.126.77.125 64512 64513 15 |
| 143 | +
|
| 144 | +[dbe-1csphq2.microsoftdatabox.com]: PS>Remove-HcsBGPPeer -PeerAddress 10.126.77.125 -SwitchName vSwitch1 |
| 145 | +[dbe-1csphq2.microsoftdatabox.com]: PS>Get-HcsBGPPeers -SwitchName vSwitch1 |
| 146 | +[dbe-1csphq2.microsoftdatabox.com]: PS> |
| 147 | +``` |
| 148 | + |
| 149 | +## Next steps |
| 150 | + |
| 151 | +- Learn more about [Networking on Kubernetes cluster on your Azure Stack Edge device](azure-stack-edge-gpu-kubernetes-networking.md). |
0 commit comments