Skip to content

feat/implement frr system extension for BGP routing on the host#994

Open
abckey wants to merge 5 commits into
siderolabs:mainfrom
abckey:feat/frr
Open

feat/implement frr system extension for BGP routing on the host#994
abckey wants to merge 5 commits into
siderolabs:mainfrom
abckey:feat/frr

Conversation

@abckey
Copy link
Copy Markdown

@abckey abckey commented Feb 27, 2026
edited
Loading

FRR (Free Range Routing) Extension for Talos

This extension provides FRR for BGP routing on Talos hosts, with built-in MetalLB VRF integration for advertising Kubernetes LoadBalancer IPs via BGP.

Overview

Purpose

  1. FRR (Free Range Routing) for BGP routing on Talos hosts
  2. MetalLB VRF integration with a veth pair for Kubernetes LoadBalancer IP advertisement
  3. Private IPv6 point-to-point connection (fd00::/8) between FRR and MetalLB speaker
  4. Dynamic configuration via Jinja2 template (frr.conf.j2) rendered using jinja2-cli
  5. Interface discovery from MAC addresses specified in FE_MACS environment variable

Architecture

  • FRR runs in host network namespace and manages both:

    • Fabric-facing BGP peering (eBGP with leaf switches via physical interfaces)
    • MetalLB-facing BGP peering (eBGP with node local MetalLB BGP speaker in VRF metallb)

  • MetalLB speaker runs with hostNetwork: true, connects to FRR via a veth pair:

    • veth-metallb interface: in host namespace - MetalLB speaker binds here
    • veth-frr interface: in VRF metallb - FRR listens here for MetalLB connections

  • Route flow: MetalLB advertises LoadBalancer IPs → FRR VRF BGP → imported to default VRF → advertised to fabric

Network Topology

┌──────────────────────────────────────────────────────────────────┐
│                         Talos Host                                │
│                                                                   │
│  ┌─────────────────────────────────────────────────────────────┐ │
│  │                     Default VRF (Host)                       │ │
│  │                                                              │ │
│  │  ┌──────────────────────────┐                               │ │
│  │  │   MetalLB BGP Speaker    │                               │ │
│  │  │   (hostNetwork: true)    │                               │ │
│  │  │   ASN: 4000099999        │                               │ │
│  │  │                          │                               │ │
│  │  │   Binds to veth-metallb  │                               │ │
│  │  │   fda1:...:0001::1/127   │                               │ │
│  │  └────────────┬─────────────┘                               │ │
│  │               │                                              │ │
│  │   veth-metallb (in host ns)                                  │ │
│  │   fda1:...:0001::1/127                                       │ │
│  │               │ veth                                         │ │
│  └───────────────┼──────────────────────────────────────────────┘ │
│                  │                                                │
│  ┌───────────────┼──────────────────────────────────────────────┐ │
│  │               │         VRF: metallb (table 88)              │ │
│  │               ▼                                               │ │
│  │   veth-frr (in VRF)                                          │ │
│  │   fda1:...:0001::0/127                                       │ │
│  │               │                                               │ │
│  │   ┌───────────▼─────────────────────────────────────────┐    │ │
│  │   │              FRR                                     │    │ │
│  │   │   router bgp 4000099998 vrf metallb                  │    │ │
│  │   │   - Listens passively on veth-frr:179                │    │ │
│  │   │   - Receives LB IP routes from MetalLB               │    │ │
│  │   │                                                      │    │ │
│  │   │   router bgp 65001 (default VRF)                     │    │ │
│  │   │   - Peers with fabric via FE_MACS/FE_PORT_NAMES ifaces│    │ │
│  │   │   - Imports routes from VRF metallb                  │    │ │
│  │   │   - Advertises LB IPs to fabric                      │    │ │
│  │   └──────────────────────────────────────────────────────┘    │ │
│  └───────────────────────────────────────────────────────────────┘ │
│                                                                   │
│  Physical Interfaces (resolved from FE_MACS or from FE_PORT_NAMES)│
│  ├── eth0 ──► Leaf Switch 1 (eBGP unnumbered, IPv6 link-local)   │
│  └── eth1 ──► Leaf Switch 2 (eBGP unnumbered, IPv6 link-local)   │
└───────────────────────────────────────────────────────────────────┘

@abckeyzhang
frr system extension for BGP routing on the host
2e32c9f 
Signed-off-by: Kai Zhang <kai.zhang@nokia.com>
@talos-bot talos-bot moved this to In Review in Planning Feb 27, 2026
@abckeyzhang
remove PLAN.md
15d408b 
Signed-off-by: Kai Zhang <kai.zhang@nokia.com>
@abckeyzhang
update README
099587c 
Signed-off-by: Kai Zhang <kai.zhang@nokia.com>
@Unix4ever Unix4ever moved this from In Review to On Hold in Planning Apr 13, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 24, 2026

This PR is stale because it has been open 45 days with no activity.

@github-actions github-actions Bot added the Stale label Apr 24, 2026
abckeyzhang and others added 2 commits May 7, 2026 12:27
@abckeyzhang
feat(frr): add IPv4/IPv6 support, ip rule, and local-as config
34dfeab 
- Add ip_family detection for IPv4/IPv6 support in create_metallb_veth()
- Add ip rule for MetalLB peering traffic to use VRF routing table
- Use ASN_LOCAL for VRF BGP instance with local-as for MetalLB peer
- FRR announces ASN_VRF_METALLB to MetalLB while using ASN_LOCAL internally

Signed-off-by: Kai Zhang <kai.zhang@nokia.com>
@abckey
Merge branch 'main' into feat/frr
d67a0a3
@github-actions github-actions Bot removed the Stale label May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@frezbo frezbo

Labels

None yet

Projects

Planning
Status: On Hold

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@abckey @Unix4ever @frezbo @talos-bot @abckeyzhang