Cilium Feature Proposal

Support injecting received BGP routes into the kernel routing table.

Is your proposed feature related to a problem?

When running Cilium in native routing mode with the BGP Control Plane in a multi-zone setup, it is not possible to have same-zone traffic routed over L2 as each node is not aware of each others pod CIDR so it needs to use its default gateway, bottlenecking same-zone traffic.

Kube-router supports this out-of-the-box, but since kube-router only can be used with kubernetes IPAM mode it cannot be rolled to existing clusters (with cluster IPAM) without causing issues.

Describe the feature you'd like

Cilium BGP control plane would inject received routes via BGP.

(Optional) Describe your proposed solution

Extend the existing CiliumBGPPeeringPolicy definition to include a injectReceivedRoutes field that would be disabled by default.

apiVersion: "cilium.io/v2alpha1"
kind: CiliumBGPPeeringPolicy
metadata:
  name: a
spec:
  virtualRouters:
    - localASN: 64516
      exportPodCIDR: true
      injectReceivedRoutes: true # <- this is new
      serviceSelector:
        matchExpressions:
          - { key: somekey, operator: NotIn, values: [ 'never-used-value' ] }
      neighbors:
        - peerAddress: 10.0.0.01/32
          peerASN: 64515

Since the routes received in Cilium don't seem to effect behaviour on each node, then routes injected would be managed by the peering routers policies controlling which routes are advertised down to each node.