BGP Filter
A BGP filter resource (BGPFilter) represents a way to control
routes imported by and exported to BGP peers specified using a
BGP peer resource (BGPPeer).
The BGPFilter rules are applied sequentially: the action for
the first rule that matches an address to its cidr +
matchOperator is executed immediately. If an address does not
match any explicit BGP filter rule, the default action is
accept.
In order for a BGPFilter to be used in a BGP peering, its name
must be added to filters of the corresponding BGPPeer resource.
For kubectl commands, the following case-sensitive aliases may
be used to specify the resource type on the CLI: bgpfilters.crd.projectcalico.org
Sample YAML​
apiVersion: projectcalico.org/v3
kind: BGPFilter
metadata:
name: my-filter
spec:
exportV4:
- action: Accept
matchOperator: In
cidr: 77.0.0.0/16
- action: Reject
matchOperator: NotIn
cidr: 88.0.0.0/16
importV4:
- action: Reject
matchOperator: NotIn
cidr: 44.0.0.0/16
exportV6:
- action: Reject
matchOperator: NotEqual
cidr: 9000::0/64
importV6:
- action: Accept
matchOperator: Equal
cidr: 5000::0/64
- action: Reject
matchOperator: NotIn
cidr: 5000::0/64
BGP filter definition​
apiVersion: projectcalico.org/v3
kind: BGPFilter
metadata:
name: my-filter
spec:
exportV4:
- action: Accept
matchOperator: In
cidr: 77.0.0.0/16
importV4:
- action: Accept
matchOperator: NotIn
cidr: 44.0.0.0/16
exportV6:
- action: Accept
matchOperator: Equal
cidr: 9000::0/64
importV6:
- action: Accept
matchOperator: NotEqual
cidr: 5000::0/64
BGP filter definition​
Metadata​
| Field | Description | Accepted Values | Schema |
|---|---|---|---|
| name | Unique name to describe this resource instance. Must be specified. | Alphanumeric string with optional ., _, or -. | string |
Spec​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| exportV4 | List of v4 CIDRs and export action | BGP Filter Rule v4 | ||
| importV4 | List of v4 CIDRs and import action | BGP Filter Rule v4 | ||
| exportV6 | List of v6 CIDRs and export action | BGP Filter Rule v6 | ||
| importV6 | List of v6 CIDRs and import action | BGP Filter Rule v6 |
BGP Filter Rule v4​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| cidr | IPv4 range | A valid IPv4 CIDR | string | |
| matchOperator | Method by which to match candidate routes | In, NotIn, Equal, NotEqual | string | |
| action | Action to be taken for this CIDR | Accept or Reject | string |
BGP Filter Rule v6​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| cidr | IPv6 range | A valid IPv6 CIDR | string | |
| matchOperator | Method by which to match candidate routes | In, NotIn, Equal, NotEqual | string | |
| action | Action to be taken for this CIDR | Accept or Reject | string |
Supported operations​
| Datastore type | Create/Delete | Update | Get/List | Notes |
|---|---|---|---|---|
| Kubernetes API server | Yes | Yes | Yes |