BGP Edge Routing

Gateway nodes run an integrated BGP speaker that connects your fabric to the outside world. You configure peer sessions, announce your managed-network prefixes upstream, optionally import external routes, and control redistribution — all through cenvero-str-ctl. BGP is not available on Compute nodes.

How it fits together

A Gateway node sits at the edge of the fabric. It speaks eBGP to one or more upstream routers or route reflectors, announcing the subnets of your internal networks so external hosts can reach them. Inbound prefixes learned from peers are installed into the kernel routing table and become reachable from within the fabric.

For redundant deployments with a pair of Gateways, both nodes can establish their own peer sessions and announce the fabric prefixes. The shared VIP is held by exactly one Gateway at a time (priority-based active/standby); Stratum's HA mechanism moves the VIP to the surviving node if the active Gateway goes down. See Gateway High Availability.

Configuring a peer session

sudo cenvero-str-ctl bgp peer add \
  --peer-ip 198.51.100.1 \
  --peer-asn 65001 \
  --local-asn 65100 \
  --password mysecretpass

Flag	Description
`--peer-ip`	Upstream router's IP address
`--peer-asn`	Upstream router's AS number
`--local-asn`	This Gateway node's AS number
`--password`	BGP TCP MD5 authentication password (optional but recommended)
`--hold-time`	BGP hold timer in seconds (default `90`)
`--keepalive`	BGP keepalive interval in seconds (default `30`)

List configured peers and their session state:

cenvero-str-ctl bgp peer list

PEER            PEER-ASN  LOCAL-ASN  STATE        PREFIXES-RX  PREFIXES-TX
198.51.100.1    65001     65100      Established  12           3
198.51.100.2    65002     65100      Established  8            3

Remove a peer session:

sudo cenvero-str-ctl bgp peer remove --peer-ip 198.51.100.1

Announcing prefixes

Tell Stratum which internal prefixes to advertise to peers:

sudo cenvero-str-ctl bgp announce 10.20.0.0/24
sudo cenvero-str-ctl bgp announce 10.30.0.0/24

Announcements take effect as soon as they are added. You can also announce a summary prefix that covers multiple networks:

sudo cenvero-str-ctl bgp announce 10.20.0.0/20

List what you are announcing:

cenvero-str-ctl bgp announcements

Withdraw a prefix (peers are notified immediately):

sudo cenvero-str-ctl bgp withdraw 10.20.0.0/24

Importing external prefixes

By default, prefixes learned from peers are installed in the kernel routing table and are reachable from within the fabric. You can filter what gets imported:

sudo cenvero-str-ctl bgp import-policy set \
  --action accept \
  --prefix 0.0.0.0/0

To restrict imports to a specific set of prefixes, set the policy to deny-by-default and add explicit accepts:

bgp:
  peers:
    - peer_ip: 198.51.100.1
      peer_asn: 65001
      local_asn: 65100
  import_policy:
    default: deny
    accept:
      - 0.0.0.0/0
      - 172.16.0.0/12
  export_policy:
    default: deny
    announce:
      - 10.20.0.0/24
      - 10.30.0.0/24

Apply with cenvero-str-ctl config apply --file node.yaml.

Route redistribution

You can redistribute routes from other sources into BGP:

Source	Config key	Effect
Static routes	`redistribute: static`	Announce static kernel routes to peers
Connected prefixes	`redistribute: connected`	Announce directly attached prefixes
Fabric networks	`redistribute: fabric`	Announce all `cnv-user-br0` subnets automatically

redistribute: fabric is the most common option — new networks you create are announced immediately without manually updating the BGP config.

bgp:
  redistribute:
    - fabric

Checking RIB and FIB

Inspect the BGP routing information base:

cenvero-str-ctl bgp rib

PREFIX            NEXT-HOP       AS-PATH    MED  LOCAL-PREF  SOURCE
10.20.0.0/24      0.0.0.0        -          -    -           local
0.0.0.0/0         198.51.100.1   65001      0    100         ebgp
172.16.0.0/12     198.51.100.1   65001      0    100         ebgp

Show only routes installed in the kernel forwarding table:

cenvero-str-ctl bgp fib