bird

.github/workflows/deploy_environments.yaml

@@ -5,9 +5,8 @@ on:
   push:
     branches:
       - main
+      - james/bird
   workflow_dispatch:
-    branches:
-      - main
 
 jobs:
   deploy_dev3:
@@ -16,7 +15,7 @@ jobs:
     with:
       environment: dev3
     secrets: inherit
-    if: github.ref == 'refs/heads/main'
+    #if: github.ref == 'refs/heads/main'
 
   deploy_prod1:
     name: Deploy prod1

ansible/roles/k8s_lb/tasks/main.yaml

@@ -10,6 +10,7 @@
       - iptables-persistent
       - haproxy
       - openvswitch-switch-dpdk
+      - bird2
 
 - name: Add WN
   ansible.posix.authorized_key:
@@ -54,24 +55,6 @@
     dest: /etc/netplan/50-cloud-init.yaml
     mode: "600"
 
-- name: Install frr
-  ansible.builtin.apt:
-    update_cache: true
-    pkg:
-      - frr
-
-- name: Enable ospfd
-  ansible.builtin.lineinfile:
-    path: /etc/frr/daemons
-    search_string: ospfd=no
-    line: "ospfd=yes"
-
-- name: Config template frr
-  ansible.builtin.template:
-    src: frr.conf.j2
-    dest: /etc/frr/frr.conf
-    mode: "640"
-
 - name: Iptables rules
   ansible.builtin.template:
     src: iptables.j2
@@ -93,11 +76,26 @@
     state: restarted
     enabled: true
 
-- name: Reload and enable frr service
+- name: Bird config
+  ansible.builtin.template:
+    src: bird.conf.j2
+    dest: /etc/bird/bird.conf
+    mode: "640"
+    owner: "bird"
+    group: "bird"
+
+- name: Stop and disable frr service
   ansible.builtin.service:
     name: frr
+    state: stopped
+    enabled: false
+
+- name: Reload bird
+  ansible.builtin.systemd_service:
+    name: bird
     state: reloaded
     enabled: true
+    daemon_reload: true
 
 - name: Set net.ipv4.ip_forward
   ansible.posix.sysctl:
@@ -195,3 +193,8 @@
     name: datadog-agent
     state: restarted
     enabled: true
+
+- name: Remove frr
+  ansible.builtin.apt:
+    name: frr
+    state: absent

ansible/roles/k8s_lb/templates/bird.conf.j2

@@ -0,0 +1,119 @@
+# Managed by ansible
+
+# This is a basic configuration file, which contains boilerplate options and
+# some basic examples. It allows the BIRD daemon to start but will not cause
+# anything else to happen.
+#
+# Please refer to the BIRD User's Guide documentation, which is also available
+# online at http://bird.network.cz/ in HTML format, for more information on
+# configuring BIRD and adding routing protocols.
+
+# Configure logging
+log syslog all;
+# log "/var/log/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug };
+
+# Set router ID. It is a unique identification of your router, usually one of
+# IPv4 addresses of the router. It is recommended to configure it explicitly.
+router id {{ BIRD_ROUTER_ID }};
+
+# Turn on global debugging of all protocols (all messages or just selected classes)
+# debug protocols all;
+# debug protocols { events, states };
+
+# Turn on internal watchdog
+# watchdog warning 5 s;
+# watchdog timeout 30 s;
+
+# Tables master4 and master6 are defined by default
+# ipv4 table master4;
+# ipv6 table master6;
+
+# The Device protocol is not a real routing protocol. It does not generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel. It is necessary in almost any configuration.
+protocol device {
+    scan time 10;
+}
+
+# The direct protocol is not a real routing protocol. It automatically generates
+# direct routes to all network interfaces. Can exist in as many instances as you
+# wish if you want to populate multiple routing tables with direct routes.
+protocol direct {
+	#disabled;		# Disable by default
+	ipv4;			# Connect to default IPv4 table
+	ipv6;			# ... and to default IPv6 table
+}
+
+# The Kernel protocol is not a real routing protocol. Instead of communicating
+# with other routers in the network, it performs synchronization of BIRD
+# routing tables with the OS kernel. One instance per table.
+protocol kernel {
+    persist;
+    scan time 10;
+	ipv4 {			# Connect protocol to IPv4 table by channel
+#	      table master4;	# Default IPv4 table is master4
+          import all;	# Import to table, default is import all
+          export all;	# Export to protocol. default is export none
+	};
+	learn;			# Learn alien routes from the kernel
+#	kernel table 10;	# Kernel table to synchronize with (default: main)
+}
+
+# Static routes (Again, there can be multiple instances, for different address
+# families and to disable/enable various groups of static routes on the fly).
+protocol static {
+	ipv4;			# Again, IPv4 channel with default options
+}
+
+# Pipe protocol connects two routing tables. Beware of loops.
+# protocol pipe {
+#	table master4;		# No ipv4/ipv6 channel definition like in other protocols
+#	peer table mrib4;
+#	import all;		# Direction peer table -> table
+#	export all;		# Direction table -> peer table
+# }
+
+# OSPF example, both OSPFv2 and OSPFv3 are supported
+# protocol ospf v3 {
+#  	ipv6 {
+#		import all;
+#		export where source = RTS_STATIC;
+#	};
+#	area 0 {
+#		interface "eth*" {
+#			type broadcast;		# Detected by default
+#			cost 10;		# Interface metric
+#			hello 5;		# Default hello perid 10 is too long
+#		};
+#		interface "tun*" {
+#			type ptp;		# PtP mode, avoids DR selection
+#			cost 100;		# Interface metric
+#			hello 5;		# Default hello perid 10 is too long
+#		};
+#		interface "dummy0" {
+#			stub;			# Stub interface, just propagate it
+#		};
+#	};
+#}
+
+protocol ospf v2 {
+  	ipv4 {
+		import none;
+	};
+	area 0 {
+        default cost 10;
+        networks {
+            {{ BIRD_NETWORK }};
+        };
+		interface "eth*" {
+			type broadcast;	# Detected by default
+			cost 10;		# Interface metric
+            neighbors {
+                {{ BIRD_NEIGHBOR }};
+            };
+		};
+        interface "lo" {
+            cost {{ BIRD_OSPF_COST }};
+        };
+	};
+}

terraform/cluster.tf

@@ -20,7 +20,9 @@ module "some_mesh_cluster" {
   mesh_lb_ip                    = var.mesh_lb_ip
   mesh_gateway                  = var.mesh_gateway
   mesh_networkrange             = var.mesh_networkrange
-  mesh_net_block                = var.mesh_net_block
+  bird_network                  = var.bird_network
+  bird_neighbor                 = var.bird_neighbor
+  bird_ospf_cost                = var.bird_ospf_cost
   mesh_external_ips             = var.mesh_external_ips
   meshdb_fqdn                   = var.meshdb_fqdn
   mesh_local_password           = var.mesh_local_password

terraform/dev3.tfvars

@@ -46,7 +46,7 @@ mesh_worker_disk_size = [
 mesh_lb_ip        = "10.70.90.145"
 mesh_gateway      = "10.70.90.1"
 mesh_networkrange = "24"
-mesh_net_block    = "10.70.90.0"
+bird_neighbor     = "10.69.7.13"
 mesh_external_ips = [
   "199.170.132.46",
 ]

terraform/mesh_cluster/ansible.tf

@@ -29,15 +29,17 @@ resource "ansible_group" "lb" {
     ansible_ssh_private_key_file = "../terraform/${path.module}/mesh${var.mesh_env_name}"
     ansible_ssh_common_args      = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
     EXTERNAL_LISTEN_IPS          = join(";", var.mesh_external_ips)
-    LB_HOSTNAME                  = "k8s-lb-${var.mesh_env_name}"
-    INTERNAL_NETWORK_BLOCK       = format("%s/%s", var.mesh_net_block, var.mesh_networkrange)
     INTERNAL_NETWORK_RANGE       = var.mesh_networkrange
     WORKER_IPS                   = join(";", var.mesh_ips)
     NODE_PORT                    = "80"
     MESHDB_FQDN                  = join(",", var.meshdb_fqdn)
     MESH_DG                      = var.mesh_gateway
     DATADOG_API_KEY              = var.DATADOG_API_KEY
     DATADOG_SITE                 = var.DATADOG_SITE
+    BIRD_ROUTER_ID               = var.mesh_lb_ip
+    BIRD_NETWORK                 = var.bird_network
+    BIRD_NEIGHBOR                = var.bird_neighbor
+    BIRD_OSPF_COST               = var.bird_ospf_cost
   }
 }
 

terraform/mesh_cluster/vars.tf

@@ -60,11 +60,6 @@ variable "mesh_networkrange" {
   default     = "24"
 }
 
-variable "mesh_net_block" {
-  description = "network range to use for intneral networking"
-  default     = "10.70.90.0"
-}
-
 variable "mesh_external_ips" {
   type        = list(string)
   description = "external ip for meshdb, assigned to the lb vm"
@@ -146,3 +141,20 @@ variable "mesh_lb_disk_size" {
   description = "disk size for the lb in gb"
   default     = 10
 }
+
+variable "bird_network" {
+  type        = string
+  description = "bird ospf network for the lb vm"
+  default     = "10.69.0.0/16"
+}
+
+variable "bird_neighbor" {
+  type        = string
+  description = "bird ospf neighbor for the lb vm"
+}
+
+variable "bird_ospf_cost" {
+  type        = string
+  description = "OSPF cost for only bird"
+  default     = "10"
+}

terraform/prod1.tfvars

@@ -43,7 +43,7 @@ mesh_worker_disk_size = [
 mesh_lb_ip        = "10.70.90.156"
 mesh_gateway      = "10.70.90.1"
 mesh_networkrange = "24"
-mesh_net_block    = "10.70.90.0"
+bird_neighbor     = "10.69.7.13"
 mesh_external_ips = [
   "199.170.132.45",
 ]

terraform/prod2.tfvars

@@ -42,7 +42,7 @@ mesh_lb_ram_mb    = 6144
 mesh_lb_disk_size = 10
 mesh_gateway      = "10.70.100.1"
 mesh_networkrange = "24"
-mesh_net_block    = "10.70.100.0"
+bird_neighbor     = "10.69.0.10"
 mesh_external_ips = [
   "23.158.16.22",
 ]

terraform/vars.tf

@@ -94,11 +94,6 @@ variable "mesh_networkrange" {
   default     = "24"
 }
 
-variable "mesh_net_block" {
-  description = "network range to use for intneral networking"
-  default     = "10.70.90.0"
-}
-
 variable "mesh_external_ips" {
   type        = list(string)
   description = "external ip for meshdb, assigned to the lb vm"
@@ -162,3 +157,20 @@ variable "mesh_lb_disk_size" {
   description = "disk size for the lb in gb"
   default     = 10
 }
+
+variable "bird_network" {
+  type        = string
+  description = "bird ospf network for the lb vm"
+  default     = "10.69.0.0/16"
+}
+
+variable "bird_neighbor" {
+  type        = string
+  description = "bird ospf neighbor for the lb vm"
+}
+
+variable "bird_ospf_cost" {
+  type        = string
+  description = "OSPF cost for only bird"
+  default     = "10"
+}