[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP in a containers

On Fri 2018-Jun-15 05:18:05 -0300, Raymond Burkholder <ray at oneunified.net> wrote:

>On 06/14/2018 09:22 PM, Michael Thomas wrote:
>>So I have to ask, why is it advantageous to put this in a container 
>>rather than just run it directly
>>on the container's host?

Some bits similar to Raymond's comments, but in our case this was 
specifically for a Kubernetes deployment.  Our k8s deployment is mostly 
"self-hosted", i.e. the k8s control plane runs within k8s, with the workers 
being disposable.  Dropping the routing into a container that runs in the 
host's/worker's network namespace means it is just another container 
(daemonset) that Kubernetes will schedule to the worker as part of initial 

So, we don't run BGP within the application containers themselves but 
rather on the container hosts.  Advertising service IPs is handled by IPVS 
pods that anycast the service IPs and do DSR + tunnel mode to the k8s pods 
backing a given L4 service, with an HTTP reverse proxy layer (Kubernetes 
ingress controllers) in the middle for HTTP/s services.

Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E   | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180615/7f95c3d2/attachment.sig>