Default Router#
Underlay Routing → DRDefault Routers
The DefaultRouter resource is an abstraction for the main network instance of a router. On most network operating systems this special router has a number of additional features compared to virtual router services:
- Enables routing protocols like OSPF, IS-IS to operate on (sub)interfaces that are attached to the default router
- Establishes transport tunnels like VxLAN and MPLS tunnels
- Originates and advertises MP-BGP service routes like EVPN and BGP-IPVPN routes
Best deployed as part of a Fabric
When possible, we recommend that you deploy this resource through a Fabric which automatically creates a DefaultRouter for every node in the Fabric.
The DefaultRouter resource is the representation of a routing table, which receives IPv4 and IPv6 routes from attached DefaultInterfaces, SystemInterfaces, and BGP neighbors. In addition, it contains the service routes originating from bridged and routed interfaces connected to virtual network services.
Deployment#
One DefaultRouter resource is linked to a single TopoNode resource, which represents a physical network switch. The DefaultRouter specifies certain global parameters such as:
- The router ID
- BGP parameters
- Route leaking policies
- Import and export policies that determine which routes are accepted from neighbors and which routes are exported to neighbors
BGP#
If BGP is used as a protocol to exchange routes from the default router to its neighbors, the BGP section of the DefaultRouter must be enabled and configured.
Most of the properties of the BGP container can be overridden by BGP peers and BGP groups (set of BGP peers that share common parameters). Nevertheless, it is useful to have default values specified in the DefaultRouter resource and to enable all BGP address families that will be exchanged in your network, even if not every BGP peer will be used to exchange all of these families.
Autonomous system number
On Nokia SR OS, the autonomous system number must be present in the DefaultRouter, even if it is overridden in the BGP peer. Without it, BGP sessions will appear as down and no routes will be exchanged.
Route leaking#
Route leaking is performed when reachability information from a virtual router service needs to be exposed to the default routing table. A use case for route leaking is an in-band management network that needs to be reachable from the default routing table. The inverse is also possible: for example, a default static route towards the internet that is configured in the default router of your network may be exposed to services that have access to the internet.
Often, route leaking is done in both ways simultaneously: public IP addresses are isolated from internal IP addresses through a virtual router service. To enable internet access for those publicly routable IP addresses, a default route towards the internet is leaked from the default router to the virtual router, and the public IP subnet is exposed to the internet by leaking from the virtual router to the default router.
Dependencies#
TopoNode#
A DefaultRouter is always linked to exactly one node. The TopoNode resource must be created before the DefaultRouter can be deployed.
Referenced resources#
Policy#
Import and export routing policies can be configured for route leaking purposes or as global parameters for BGP peering sessions.
Keychain#
BGP keychains contain authentication parameters to secure communication between two BGP peers. If a Keychain is configured in the DefaultRouter, every BGP peer established on a DefaultInterface will use it to authenticate the neighbor unless it is overridden at the group or peer level.
Examples#
apiVersion: routing.eda.nokia.com/v1
kind: DefaultRouter
metadata:
name: router-leaf-1
namespace: eda
spec:
bgp:
autonomousSystem: 65500
ebgpPreference: 170
enabled: true
ibgpPreference: 170
l2VPNEVPN:
enabled: true
interASVPN: false
multipath:
allowMultipleAS: true
maxAllowedPaths: 64
rapidUpdate: true
retainAllRoutes: false
minWaitToAdvertiseSeconds: 0
rapidWithdrawl: false
waitForFibInstall: false
description: 'fabric role: leaf'
ecmp: 64
node: leaf-1
routerID: 11.0.0.2
cat << 'EOF' | kubectl apply -f -
apiVersion: routing.eda.nokia.com/v1
kind: DefaultRouter
metadata:
name: router-leaf-1
namespace: eda
spec:
bgp:
autonomousSystem: 65500
ebgpPreference: 170
enabled: true
ibgpPreference: 170
l2VPNEVPN:
enabled: true
interASVPN: false
multipath:
allowMultipleAS: true
maxAllowedPaths: 64
rapidUpdate: true
retainAllRoutes: false
minWaitToAdvertiseSeconds: 0
rapidWithdrawl: false
waitForFibInstall: false
description: 'fabric role: leaf'
ecmp: 64
node: leaf-1
routerID: 11.0.0.2
EOF
Custom Resource Definition#
To browse the Custom Resource Definition go to crd.eda.dev.
DefaultRouter
SPEC
DefaultRouter enables the configuration of default routing instances on a specified Node, including options for BGP configuration, import and export policies, and router IDs.
-
BGP configuration.
-
Autonomous System number for BGP.
range: 1 to 4294967295 -
Preference to be set for eBGP.
default: 170range: 1 to 255 -
Enables BGP in the default VRF.
default: false -
Preference to be set for iBGP.
default: 170range: 1 to 255 -
Parameters relating to the IPv4 unicast AFI/SAFI.
-
Enables advertisement of IPv4 Unicast routes with IPv6 next-hops to peers.
-
Enables the IPv4 unicast AFISAFI.
-
Enable multipath.
-
When set to true, BGP is allowed to build a multipath set using BGP routes with different neighbor AS (most recent AS in the AS_PATH), When set to false, BGP is only allowed to use non-best paths for ECMP if they meet the multipath criteria and they have the same neighbor AS as the best path.
default: true -
The maximum number of BGP ECMP next-hops for BGP routes with an NLRI belonging to the address family of this configuration context.
range: 1 to 256
-
-
Enables rapid update.
-
Enables the advertisement of the RFC 5549 capability to receive IPv4 routes with IPv6 next-hops.
-
-
Parameters relating to the IPv6 unicast AFI/SAFI.
-
Enables the IPv6 unicast AFISAFI
-
Enable multipath
-
When set to true, BGP is allowed to build a multipath set using BGP routes with different neighbor AS (most recent AS in the AS_PATH), When set to false, BGP is only allowed to use non-best paths for ECMP if they meet the multipath criteria and they have the same neighbor AS as the best path.
default: true -
The maximum number of BGP ECMP next-hops for BGP routes with an NLRI belonging to the address family of this configuration context.
range: 1 to 256
-
-
Enables rapid update.
-
-
Keychain to be used for authentication
-
Parameters relating to the EVPN AFI/SAFI.
-
Enables advertisement of EVPN routes with IPv6 next-hops to peers.
-
Enables the L2VPN EVPN AFISAFI.
-
Enable inter-AS VPN for EVPN.
default: false -
Enable multipath
-
When set to true, BGP is allowed to build a multipath set using BGP routes with different neighbor AS (most recent AS in the AS_PATH), When set to false, BGP is only allowed to use non-best paths for ECMP if they meet the multipath criteria and they have the same neighbor AS as the best path.
default: true -
The maximum number of BGP ECMP next-hops for BGP routes with an NLRI belonging to the address family of this configuration context.
range: 1 to 256
-
-
Enables rapid update.
-
Retain all routes in RIB-In (even those that are not imported to services).
default: false
-
-
Minimum wait time in seconds before advertising routes post BGP restart.
default: 0range: 0 to 3600 -
Enable rapid withdrawal in BGP.
default: false -
When false, all large (12 byte) BGP communities from all outbound routes advertised to the peer are stripped.
-
When false, all standard (4 byte) communities from all outbound routes advertised to the peer are stripped.
-
Parameters related to the VPN IPv4 unicast AFI/SAFI.
-
Enables advertisement of VPN IPv4 routes with IPv6 next-hops to peers.
-
Enables the VPN IPv4 Unicast AFI/SAFI.
-
Enables inter-AS VPN.
default: false -
Enables rapid update.
-
Enables advertisement of the Extended Next Hop Encoding Capability (RFC 8950) to peers.
-
Retain all routes in RIB-In (even those that are not imported to services).
default: false
-
-
Wait for FIB installation before advertising routes.
default: false
-
-
Sets the description on the Default router.
-
Set the maximum number of ECMP paths for the DefaultRouter. This is supported only by some platforms, and will be ignored for others.
range: 1 to 256 -
Reference to a Policy resource to use when evaluating route exports from the DefaultRouter.
-
Reference to a Policy resource to use when evaluating route imports into the DefaultRouter.
-
Reference to a TopoNode on which to configure the default routing instance.
-
Router ID in dotted quad notation.
STATUS
DefaultRouterStatus defines the observed state of DefaultRouter
-
Indicates the health score of the Router.
-
Indicates the reason for the health score.
-
The time when the state of the resource last changed.
-
Operational state of the Router.
enum: "Up", "Down", "Degraded", "Unknown"