Merge pull request #41167 from skrthomas/pr38580

OSDOCS-2681: Fixes added to #38580

Author: ahardin-rh

_topic_maps/_topic_map.yml

@@ -1121,8 +1121,14 @@ Topics:
     File: metallb-operator-install
   - Name: Configuring MetalLB address pools
     File: metallb-configure-address-pools
+  - Name: Configuring MetalLB BGP peers
+    File: metallb-configure-bgp-peers
+  - Name: Configuring MetalLB BFD profiles
+    File: metallb-configure-bfd-profiles
   - Name: Configuring services to use MetalLB
     File: metallb-configure-services
+  - Name: MetalLB troubleshooting and support
+    File: metallb-troubleshoot-support
 - Name: Associating secondary interfaces metrics to network attachments
   File: associating-secondary-interfaces-metrics-to-network-attachments
 ---

images/209_OpenShift_BGP_0122.png

@@ -1,11 +1,15 @@
+
 :_content-type: CONCEPT
+// Module included in the following assemblies:
+//
+// * networking/metallb/metallb-configure-address-pools.adoc
 [id="nw-metallb-addresspool-cr_{context}"]
 = About the address pool custom resource
 
 The fields for the address pool custom resource are described in the following table.
 
 .MetalLB address pool custom resource
-[cols="1,1,3", options="header"]
+[cols="1,1,3a", options="header"]
 |===
 
 |Field
@@ -26,7 +30,7 @@ Specify the same namespace that the MetalLB Operator uses.
 |`spec.protocol`
 |`string`
 |Specifies the protocol for announcing the load balancer IP address to peer nodes.
-The only supported value is `layer2`.
+Specify `layer2` or `bgp`.
 
 |`spec.autoAssign`
 |`boolean`
@@ -40,31 +44,48 @@ The default value is `true`.
 You can specify multiple ranges in a single pool.
 Specify each range in CIDR notation or as starting and ending IP addresses separated with a hyphen.
 
+|`spec.bgpAdvertisements`
+|`object`
+|Optional: By default, BGP mode advertises each allocated load-balancer IP address to the configured peers with no additional BGP attributes.
+The peer routers receive one `/32` route for each service IP address, with the BGP local preference set to zero and no BGP communities.
+Use this field to create custom advertisements.
+
+|===
+
+The fields for the `bgpAdvertisements` object are defined in the following table:
+
+.BGP advertisements configuration
+[cols="1,1,3a", options="header"]
 |===
 
-////
-.Address pool object
-[source,yaml]
-----
-apiVersion: metallb.io/v1alpha1
-kind: AddressPool
-metadata:
-  name: <pool_name>  <.>
-  namespace: metallb-system  <.>
-spec:
-  protocol: <protocol_type>  <.>
-  autoAssign: true  <.>
-  addresses:  <.>
-  - <range_or_CIDR>
-  ...
-----
-<.> Specify the name for the address pool. When you add a service, you can specify this pool name in the `metallb.universe.tf/address-pool` annotation to select an IP address from a specific pool.
-
-<.> Specify the namespace for the address pool.
-
-<.> Specify the protocol for announcing the load balancer IP address to peer nodes. The only supported value is `layer2`.
-
-<.> Optional: Specify whether MetalLB automatically assigns IP addresses from this pool. Specify `false` if you want explicitly request an IP address from this pool with the `metallb.universe.tf/address-pool` annotation. The default value is `true`.
-
-<.> Specify a list of IP addresses for MetalLB to assign to services. You can specify multiple ranges in a single pool. Specify each range in CIDR notation or as starting and ending IP addresses separated with a hyphen.
-////
+|Field
+|Type
+|Description
+
+|`aggregationLength`
+|`integer`
+|Optional: Specifies the number of bits to include in a 32-bit CIDR mask.
+To aggregate the routes that the speaker advertises to BGP peers, the mask is applied to the routes for several service IP addresses and the speaker advertises the aggregated route.
+For example, with an aggregation length of `24`, the speaker can aggregate several `10.0.1.x/32` service IP addresses and advertise a single `10.0.1.0/24` route.
+
+|`aggregationLengthV6`
+|`integer`
+|Optional: Specifies the number of bits to include in a 128-bit CIDR mask.
+For example, with an aggregation length of `124`, the speaker can aggregate several `fc00:f853:0ccd:e799::x/128` service IP addresses and advertise a single `fc00:f853:0ccd:e799::0/124` route.
+
+|`community`
+|`array`
+|Optional: Specifies one or more BGP communities.
+Each community is specified as two 16-bit values separated by the colon character.
+Well-known communities must be specified as 16-bit values:
+
+* `NO_EXPORT`: `65535:65281`
+* `NO_ADVERTISE`: `65535:65282`
+* `NO_EXPORT_SUBCONFED`: `65535:65283`
+
+|`localPref`
+|`integer`
+|Optional: Specifies the local preference for this advertisement.
+This BGP attribute applies to BGP sessions within the Autonomous System.
+
+|===

modules/nw-metallb-addresspool-cr.adoc

@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * networking/metallb/metallb-configure-bfd-profiles.adoc
+
+[id="nw-metallb-bfdprofile-cr_{context}"]
+= About the BFD profile custom resource
+
+The fields for the BFD profile custom resource are described in the following table.
+
+.BFD profile custom resource
+[cols="1,1,3a",options="header"]
+|===
+
+|Field
+|Type
+|Description
+
+|`metadata.name`
+|`string`
+|Specifies the name for the BFD profile custom resource.
+
+|`metadata.namespace`
+|`string`
+|Specifies the namespace for the BFD profile custom resource.
+
+|`spec.detectMultiplier`
+|`integer`
+|Specifies the detection multiplier to determine packet loss.
+The remote transmission interval is multiplied by this value to determine the connection loss detection timer.
+
+For example, when the local system has the detect multiplier set to `3` and the remote system has the transmission interval set to `300`, the local system detects failures only after `900` ms without receiving packets.
+
+The range is `2` to `255`.
+The default value is `3`.
+
+|`spec.echoMode`
+|`boolean`
+|Specifies the echo transmission mode.
+If you are not using distributed BFD, echo transmission mode works only when the peer is also FRR.
+The default value is `false` and echo transmission mode is disabled.
+
+When echo transmission mode is enabled, consider increasing the transmission interval of control packets to reduce bandwidth usage.
+For example, consider increasing the transmit interval to `2000` ms.
+
+|`spec.echoInterval`
+|`integer`
+|Specifies the minimum transmission interval, less jitter, that this system uses to send and receive echo packets.
+The range is `10` to `60000`.
+The default value is `50` ms.
+
+|`spec.minimumTtl`
+|`integer`
+|Specifies the minimum expected TTL for an incoming control packet.
+This field applies to multi-hop sessions only.
+
+The purpose of setting a minimum TTL is to make the packet validation requirements more stringent and avoid receiving control packets from other sessions.
+
+The default value is `254` and indicates that the system expects only one hop between this system and the peer.
+
+|`spec.passiveMode`
+|`boolean`
+|Specifies whether a session is marked as active or passive.
+A passive session does not attempt to start the connection.
+Instead, a passive session waits for control packets from a peer before it begins to reply.
+
+Marking a session as passive is useful when you have a router that acts as the central node of a star network and you want to avoid sending control packets that you do not need the system to send.
+
+The default value is `false` and marks the session as active.
+
+|`spec.receiveInterval`
+|`integer`
+|Specifies the minimum interval that this system is capable of receiving control packets.
+The range is `10` to `60000`.
+The default value is `300` ms.
+
+|`spec.transmitInterval`
+|`integer`
+|Specifies the minimum transmission interval, less jitter, that this system uses to send control packets.
+The range is `10` to `60000`.
+The default value is `300` ms.
+
+|===

modules/nw-metallb-bfdprofile-cr.adoc

@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * networking/metallb/about-metallb.adoc
+
+[id="nw-metallb-bgp-limitations_{context}"]
+= Limitations for BGP mode
+
+[id="nw-metallb-bgp-limitations-break-connections_{context}"]
+== Node failure can break all active connections
+
+MetalLB shares a limitation that is common to BGP-based load balancing.
+When a BGP session terminates, such as when a node fails or when a `speaker` pod restarts, the session termination might result in resetting all active connections.
+End users can experience a `Connection reset by peer` message.
+
+The consequence of a terminated BGP session is implementation-specific for each router manufacturer.
+However, you can anticipate that a change in the number of `speaker` pods affects the number of BGP sessions and that active connections with BGP peers will break.
+
+To avoid or reduce the likelihood of a service interruption, you can specify a node selector when you add a BGP peer.
+By limiting the number of nodes that start BGP sessions, a fault on a node that does not have a BGP session has no affect on connections to the service.
+
+[id="nw-metallb-bgp-limitations-communities-values_{context}"]
+== Communities are specified as 16-bit values
+
+Communities are specified as part of an address pool custom resource and are specified as 16-bit values separated by a colon.
+For example, to specify that load balancer IP addresses are advertised with the well-known `NO_ADVERTISE` community attribute, use notation like the following:
+
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: AddressPool
+metadata:
+  name: doc-example-no-advertise
+  namespace: metallb-system
+spec:
+  protocol: bgp
+  addresses:
+    - 192.168.1.100-192.168.1.255
+  bgpAdvertisements:
+  - communities:
+    - 65535:65282
+----
+
+The limitation that communities are only specified as 16-bit values is a difference with the community-supported implementation of MetalLB that supports a `bgp-communities` field and readable names for BGP communities.
+
+[id="nw-metallb-bgp-limitations-single-asn_{context}"]
+== Support for a single ASN and a single router ID only
+
+When you add a BGP peer custom resource, you specify the `spec.myASN` field to identify the Autonomous System Number (ASN) that MetalLB belongs to.
+{product-title} uses an implementation of BGP with MetalLB that requires MetalLB to belong to a single ASN.
+If you attempt to add a BGP peer and specify a different value for `spec.myASN` than an existing BGP peer custom resource, you receive an error.
+
+Similarly, when you add a BGP peer custom resource, the `spec.routerID` field is optional.
+If you specify a value for this field, you must specify the same value for all other BGP peer custom resources that you add.
+
+The limitation to support a single ASN and single router ID is a difference with the community-supported implementation of MetalLB.

modules/nw-metallb-bgp-limitations.adoc

@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * networking/metallb/about-metallb.adoc
+
+[id="nw-metallb-bgp_{context}"]
+= MetalLB concepts for BGP mode
+
+In BGP mode, each `speaker` pod advertises the load balancer IP address for a service to each BGP peer.
+BGP peers are commonly network routers that are configured to use the BGP protocol.
+When a router receives traffic for the load balancer IP address, the router picks one of the nodes with a `speaker` pod that advertised the IP address.
+The router sends the traffic to that node.
+After traffic enters the node, the service proxy for the CNI network provider distributes the traffic to all the pods for the service.
+
+The directly-connected router on the same layer 2 network segment as the cluster nodes can be configured as a BGP peer.
+If the directly-connected router is not configured as a BGP peer, you need to configure your network so that packets for load balancer IP addresses are routed between the BGP peers and the cluster nodes that run the `speaker` pods.
+
+Each time a router receives new traffic for the load balancer IP address, it creates a new connection to a node.
+Each router manufacturer has an implementation-specific algorithm for choosing which node to initiate the connection with.
+However, the algorithms commonly are designed to distribute traffic across the available nodes for the purpose of balancing the network load.
+
+If a node becomes unavailable, the router initiates a new connection with another node that has a `speaker` pod that advertises the load balancer IP address.
+
+.MetalLB topology diagram for BGP mode
+image::209_OpenShift_BGP_0122.png["Speaker pods on host network 10.0.1.0/24 use BGP to advertise the load balancer IP address, 203.0.113.200, to a router."]
+
+The preceding graphic shows the following concepts related to MetalLB:
+
+* An application is available through a service that has an IPv4 cluster IP on the `172.130.0.0/16` subnet.
+That IP address is accessible from inside the cluster.
+The service also has an external IP address that MetalLB assigned to the service, `203.0.113.200`.
+
+* Nodes 2 and 3 have a pod for the application.
+
+* The `speaker` daemon set runs a pod on each node.
+The MetalLB Operator starts these pods.
+You can configure MetalLB to specify which nodes run the `speaker` pods.
+
+* Each `speaker` pod is a host-networked pod.
+The IP address for the pod is identical to the IP address for the node on the host network.
+
+* Each `speaker` pod starts a BGP session with all BGP peers and advertises the load balancer IP addresses or aggregated routes to the BGP peers.
+The `speaker` pods advertise that they are part of Autonomous System 65010.
+The diagram shows a router, R1, as a BGP peer within the same Autonomous System.
+However, you can configure MetalLB to start BGP sessions with peers that belong to other Autonomous Systems.
+
+* All the nodes with a `speaker` pod that advertises the load balancer IP address can receive traffic for the service.
+
+** If the external traffic policy for the service is set to `cluster`, then all the `speaker` pods advertise the `203.0.113.200` load balancer IP address and all the nodes with a `speaker` pod can receive traffic for the service.
+At least one endpoint for the service must be in the `Ready` condition. The host prefix is advertised to the router peer only if the external traffic policy is set to `cluster`.
+
+** If the external traffic policy for the service is set to `local`, then only the `speaker` pods that are on the same node as an endpoint in the `Ready` condition for the service can advertise the load balancer IP address. Only those nodes can receive traffic for the service.
+In the preceding graphic, nodes 2 and 3 would advertise `203.0.113.200`.
+
+* You can configure MetalLB to control which `speaker` pods start BGP sessions with specific BGP peers by specifying a node selector when you add a BGP peer custom resource.
+
+* Any routers, such as R1, that are configured to use BGP can be set as BGP peers.
+
+* Client traffic is routed to one of the nodes on the host network.
+After traffic enters the node, the service proxy sends the traffic to the application pod on the same node or another node according to the external traffic policy that you set for the service.
+
+* If a node becomes unavailable, the router detects the failure and initiates a new connection with another node.
+You can configure MetalLB to use a Bidirectional Forwarding Detection (BFD) profile for BGP peers.
+BFD provides faster link failure detection so that routers can initiate new connections earlier than without BFD.