public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-28 17:11:42 +00:00
Code Issues Releases Wiki Activity

Fix more broken links, add lazy-loading to images

Browse Source
This commit is contained in:
David Young
2022-07-10 11:01:46 +12:00
parent 635b43afb2
commit 76e919afe9
78 changed files with 166 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
manuscript/kubernetes/loadbalancer/metallb/pfsense.md
View File

@@ -22,23 +22,23 @@ Install the FRR package in pfsense, under **System -> Package Manager -> Availab
Under **Services -> FRR Global/Zebra**, enable FRR, set your router ID (*this will be your router's peer IP in MetalLB config*), and set a master password (*because apparently you have to, even though we don't use it*):
![Enabling BGP routing](/images/metallb-pfsense-00.png)
![Enabling BGP routing](/images/metallb-pfsense-00.png){ loading=lazy }
### Configure FRR BGP
Under **Services -> FRR BGP**, globally enable BGP, and set your local AS and router ID:
![Enabling BGP routing](/images/metallb-pfsense-01.png)
![Enabling BGP routing](/images/metallb-pfsense-01.png){ loading=lazy }
### Configure FRR BGP Advanced
Use the tabs at the top of the FRR configuration to navigate to "**Advanced**"...
![Enabling BGP routing](/images/metallb-pfsense-02.png)
![Enabling BGP routing](/images/metallb-pfsense-02.png){ loading=lazy }
... and scroll down to **eBGP**. Check the checkbox titled "**Disable eBGP Require Policy**:
![Enabling BGP routing](/images/metallb-pfsense-03.png)
![Enabling BGP routing](/images/metallb-pfsense-03.png){ loading=lazy }
!!! question "Isn't disabling a policy check a Bad Idea(tm)?"
If you're an ISP, sure. If you're only using eBGP to share routes between MetalLB and pfsense, then applying policy is an unnecessary complication.[^1]
@@ -58,13 +58,13 @@ It's useful to bundle our configurations within a "peer group" (*a collection of
Now add each node running MetalLB, as a BGP neighbor. Pick the peer-group you created above, and configure each neighbor's ASN:
![Enabling BGP routing](/images/metallb-pfsense-04.png)
![Enabling BGP routing](/images/metallb-pfsense-04.png){ loading=lazy }
## Serving
Once you've added your neighbors, you should be able to use the FRR tab navigation (*it's weird, I know!*) to get to Status / BGP, and identify your neighbors, and all the routes learned from them. In the screenshot below, you'll note that **most** routes are learned from all the neighbors - that'll be service backed by a daemonset, running on all nodes. The `192.168.32.3/32` route, however, is only received from `192.168.33.22`, meaning only one node is running the pods backing this service, so only those pods are advertising the route to pfSense:
![BGP route-](/images/metallb-pfsense-05.png)
![BGP route-](/images/metallb-pfsense-05.png){ loading=lazy }
### Troubleshooting