Skip to content

Split routing server into BGP watcher and routing handler under felix #800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: abasu-peers-watcher-rem-pubsub
Choose a base branch
from
Open

Split routing server into BGP watcher and routing handler under felix #800

wants to merge 1 commit into from

Conversation

aritrbas
Copy link
Collaborator

@aritrbas aritrbas commented Sep 24, 2025
edited
Loading

Overview

  • The original architecture had a monolithic routingServer with mixed responsibilities:
    • Watching BGP RIB state from GoBGP
    • Managing BGP peer configuration
    • Injecting BGP routes into VPP
    • Announcing local pod prefixes
  • The refactoring splits the routingServer into three focused components:
    1. BGPWatcher – Observes GoBGP RIB state
    2. BGPHandler – Handles BGP protocol logic - RIB entries, policies, filters, defined sets, policy assignments
    3. RoutingHandler – Handles local address announcement, SNAT configuration, and route cleanup
  • In addition, the architecture also involves:
    • PeerHandler – Responsible for BGP peer selection, configuration, and secret management
    • ConnectivityHandler – Manages all VPP tunnel and route programming (IPIP, VXLAN, Wireguard, IPsec, SRv6)

Summary of Components:

1. BGPWatcher (watchers/bgp_watcher.go)

  • Role: Watch the GoBGP RIB for route changes from BGP peers
  • Responsibility:
    • Initializes GoBGP server with global configuration
    • Sets up initial BGP export policies (via BGPHandler)
    • Monitors the GoBGP RIB
    • Detects when peers announce or withdraw routes
    • Delegates all business logic to BGPHandler

2. BGPHandler (felix/routing/bgp_handler.go)

  • Role: BGP protocol business logic and GoBGP server programming
  • Responsibility:
    • Route Injection: Takes BGP paths from peers and injects routes into VPP
    • BGP Path Management: Handles path advertisements from local components
    • BGP Peer Configuration: Manages peer settings in GoBGP
    • BGP Filter Management: Translates Calico BGPFilter CRDs into GoBGP policies
    • Defined Set Management: Manages prefix lists and neighbor sets
    • Initial Policy Setup: Sets up initial BGP export policies
  • Infrastructure Programmed:
    • GoBGP Server
    • VPP (indirect via RoutingHandler):
      • Routes from BGP peers (via Connectivity events)
      • SRv6 policies (via SRv6Policy events)
  • Events Generated:
    • ConnectivityAdded - Route learned from BGP peer
    • ConnectivityDeleted - Route withdrawn by BGP peer
    • SRv6PolicyAdded - SRv6 tunnel route learned
    • SRv6PolicyDeleted - SRv6 tunnel route withdrawn

3. RoutingHandler (felix/routing/routing_handler.go)

  • Role: Local address announcement and route cleanup
  • Responsibility:
    • Local Address Advertisement: Announces pod prefixes to BGP
    • Route Cleanup: Cleans up stale routes on agent restart
    • SNAT Configuration: Configures source NAT for local traffic
  • Infrastructure Programmed:
    • GoBGP Server (indirect via BGPHandler):
      • Announces local pod prefixes (via BGPPath events → BGPHandlerGoBGP server)
    • VPP:
      • SNAT configuration for local traffic
  • Events Generated:
    • BGPPathAdded - Local prefix to announce
    • BGPPathDeleted - Local prefix to withdraw

4. PeerHandler (felix/routing/peer_handler.go)

  • Role: BGP peer selection and configuration and secret management
  • Responsibility:
    • Peer Selection: Determines which nodes to peer with
    • AS Number Management: Determines AS numbers for peers
    • Password Management: Retrieves BGP passwords from Kubernetes secrets
    • Peer Lifecycle: Manages peer add/update/delete operations
    • Secret Change Handling: Responds to secret updates
  • Infrastructure Programmed:
    • GoBGP Server: (indirect via BGPHandler)
      • Updates peers (via BGPPeer events → BGPHandlerGoBGP server)
  • Events Generated:
    • BGPPeerAdded - New peer to configure
    • BGPPeerUpdated - Peer configuration changed
    • BGPPeerDeleted - Peer to remove

5. ConnectivityHandler (felix/connectivity/connectivity_handler.go)

  • Role: Tunnel and connectivity provider management
  • Responsibility:
    • Tunnel Setup: Manages VPP tunnels based on IPAM pool configuration
    • SRv6 Policy Management: Manages SRv6 policies in VPP
    • Provider Management: Manages connectivity providers:
      • FLAT: Direct L3 routing (no encapsulation)
      • IPIP: IP-in-IP tunnel encapsulation
      • VXLAN: VXLAN overlay network
      • Wireguard: Encrypted Wireguard tunnels
      • IPsec: IPsec encrypted tunnels
      • SRv6: Segment Routing over IPv6
  • Infrastructure Programmed:
    • VPP

Event-Driven Architecture

The refactoring introduces a clean event-driven pattern:

Watcher → Event → FelixServer → Handler → Infrastructure

Event Flow

All BGP related events now flow through Felix server's event loop:

External Source (Watchers)
  → common.SendEvent()
    → felixServerEventChan
      → FelixServer.handleFelixServerEvents()
        → Handlers (BGP/Routing/Connectivity/Peer)
          → Infrastructure (GoBGP/VPP/Linux)

New Events Registered

The following events are now registered in felix_server.go and handled in handleFelixServerEvents():

common.BGPPathAdded
common.BGPPathDeleted
common.BGPPeerAdded
common.BGPPeerUpdated
common.BGPPeerDeleted
common.BGPFilterAddedOrUpdated
common.BGPFilterDeleted
common.BGPDefinedSetAdded
common.BGPDefinedSetDeleted
common.ConnectivityAdded
common.ConnectivityDeleted
common.SRv6PolicyAdded
common.SRv6PolicyDeleted
common.LocalPodAddressAdded
common.LocalPodAddressDeleted

Separation of Watching vs Business Logic

Watching Logic (Observation)

Watcher What It Watches Where Frequency
SecretWatcher Kubernetes Secrets K8s API Real-time (watch)
BGPConfigurationWatcher BGPConfiguration CRDs Calico API Real-time (watch)
PeerWatcher BGPPeer CRDs Calico API Real-time (watch)
BGPFilterWatcher BGPFilter CRDs Calico API Real-time (watch)
PrefixWatcher IPAM prefix assignments Calico backend 5-second poll
LocalSIDWatcher VPP SRv6 LocalSID state VPP API 10-second poll
BGPWatcher GoBGP RIB changes GoBGP stream Real-time (gRPC)

Business Logic (Decision & Execution)

Handler Business Logic Programming Target
ConnectivityHandler Tunnel setup, connectivity provider management VPP (IPIP, VXLAN, Wireguard, IPsec, SRv6)
PeerHandler BGP peer selection and configuration, secret management GoBGP (peer config) [via BGPHandler]
BGPHandler Route injection, filter policies, path management GoBGP (RIB, policies, filters, defined sets)
RoutingHandler Local prefix announcement, SNAT config, route cleanup VPP (SNAT), GoBGP (announcements) [via BGPHandler]

@aritrbas aritrbas marked this pull request as draft September 24, 2025 05:53
@aritrbas aritrbas force-pushed the abasu-split-routing branch from e85057b to b19dd0a Compare October 2, 2025 19:27
@aritrbas aritrbas changed the base branch from nsk-split-svc to abasu-peers-watcher-rem-pubsub October 2, 2025 19:28
@aritrbas aritrbas force-pushed the abasu-split-routing branch 3 times, most recently from 45f1afe to b6d1d35 Compare October 8, 2025 04:27
@aritrbas aritrbas marked this pull request as ready for review October 8, 2025 04:27
@aritrbas aritrbas changed the title [WIP] Split routing server into BGP watcher and routing handler under felix Split routing server into BGP watcher and routing handler under felix Oct 8, 2025
@aritrbas aritrbas changed the title Split routing server into BGP watcher and routing handler under felix [WIP] Split routing server into BGP watcher and routing handler under felix Oct 9, 2025
@aritrbas aritrbas marked this pull request as draft October 9, 2025 15:33
@aritrbas aritrbas force-pushed the abasu-peers-watcher-rem-pubsub branch 2 times, most recently from ffb8c29 to eb5adeb Compare October 10, 2025 00:20
@aritrbas aritrbas force-pushed the abasu-split-routing branch from b6d1d35 to d231e16 Compare October 14, 2025 22:49
@aritrbas aritrbas marked this pull request as ready for review October 14, 2025 22:53
@aritrbas aritrbas changed the title [WIP] Split routing server into BGP watcher and routing handler under felix Split routing server into BGP watcher and routing handler under felix Oct 14, 2025
refactor: decouple routingServer into BGPWatcher, BGPHandler and rout…
3a7370a 
…ingHandler

The refactoring splits the monolithic routingServer into three focused components:
i) BGPWatcher - observes GoBGP RIB state
ii) BGPHandler - handles BGP protocol business logic
iii) RoutingHandler - handles route installation business logic

There is a clear separation of monitoring (BGPWatcher) and business logic:
i) GoBGP programming via the BGPHandler
ii) Linux Kernel programming via the routingHandler
iii) VPP programming via the connectivityHandler

Signed-off-by: Aritra Basu <[email protected]>
@aritrbas aritrbas force-pushed the abasu-split-routing branch from d231e16 to 3a7370a Compare October 14, 2025 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@florincoras florincoras Awaiting requested review from florincoras

@sknat sknat Awaiting requested review from sknat

@hedibouattour hedibouattour Awaiting requested review from hedibouattour

@onong onong Awaiting requested review from onong

Assignees

@aritrbas aritrbas

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aritrbas