fix some docs and add bgpfilter doc

docs/bgp_filtering.md

@@ -1,17 +1,19 @@
 This document summarizes a testbed for bgp filters, using a node external to calicoVPP KinD cluster, in the same docker bridge network. The external node peers with the cluster nodes and filters are included.
 
 create the external node in the kind cluster network, and install gobgp:
-```yaml
+```bash
 docker run -d --name my-ubuntu-container --network kind -it ubuntu sleep infinity
 docker exec my-ubuntu-container apt update
 docker exec my-ubuntu-container apt install golang -y
+docker exec my-ubuntu-container apt install iproute2 -y
 wget https://github.com/osrg/gobgp/releases/download/v3.14.0/gobgp_3.14.0_linux_amd64.tar.gz
 docker cp gobgp_3.14.0_linux_amd64.tar.gz my-ubuntu-container:/
 docker exec my-ubuntu-container tar -xf gobgp_3.14.0_linux_amd64.tar.gz
 ```
 use the same as number as the cluster nodes peering, and the external node address as a router-id, and add every node as a neighbor:
 
-```yaml
+example:
+```bash
 echo "
 [global.config]
   as = 64512
@@ -44,10 +46,39 @@ echo "
 docker cp gobgp.conf my-ubuntu-container:/
 
 docker exec -d  my-ubuntu-container  ./gobgpd -f ./gobgp.conf &  >/dev/null 2>&1
+```
+Add a route to test advertisement
 
+```bash
 docker exec my-ubuntu-container ./gobgp -u 172.18.0.7 global rib add 1.2.3.4/32 nexthop 172.18.0.7
 ```
-add a route to test advertisement and filtering
+add external node as a bgppeer using this file *with the correct peerIP*
+
+```bash
+kubectl apply test/yaml/bgp/externalBgpPeer.yaml
+```
+check that 1.2.3.4/32 address is advertised on your clusters nodes:
+
+```bash
+kubectl -n calico-vpp-dataplane  exec -it $(kubectl -n calico-vpp-dataplane get pod | grep -v  NAME | awk '{print $1}'| awk 'NR==1') -c agent -- gobgp global rib
+```
+
+Add a bgpfilter filtering out that address:
+
+```bash
+kubectl apply test/yaml/bgp/bgpFilter.yaml
+```
+
+Apply it to your bgppeer by adding this to the object:
+
 ```yaml
-./gobgp -u 172.18.0.7 global rib add 1.2.3.4/32 nexthop 172.18.0.7
+spec:
+  filters:
+    - bgpftest
+```
+
+check that 1.2.3.4/32 address is not advertised anymore:
+
+```bash
+kubectl -n calico-vpp-dataplane  exec -it $(kubectl -n calico-vpp-dataplane get pod | grep -v  NAME | awk '{print $1}'| awk 'NR==1') -c agent -- gobgp global rib
 ```

docs/memif.md

@@ -60,6 +60,8 @@ metadata:
 ```
 This is called PBL (Port based balancer).
 
+A pod supports having both memif and [vcl](vcl.md) interfaces at the same time by adding both annotations.
+
 ### Sockets
 
 Memif interfaces use a socketfile: a Unix domain socket used for communication between the memif endpoints. This allows server/client interfaces to communicate together.

docs/vcl.md

@@ -43,6 +43,8 @@ Calico/VPP exposes the @vpp/session abstract socket within the container, to whi
 VPP api has a particular syntax for abstract sockets: using the keyword `abstract:` then `netns_name:`. 
 For example: `abstract:vpp/session,netns_name=/var/run/netns/cni-75e26661-4119-90a4-b9d2-0b00489f76f3`. This syntax appears in vppctl.
 
+A pod supports having both vcl and [memif](memif.md) interfaces at the same time by adding both annotations.
+
 ## Testing VCL feature
 
 VCL can be tested using iperf network performance tool.

test/yaml/bgp/bgpFilter.yaml

@@ -0,0 +1,27 @@
+kind: BGPFilter
+apiVersion: projectcalico.org/v3
+metadata:
+  name: bgpftest
+spec:
+  exportV4:
+    - action: Reject
+      cidr: 11.0.0.0/8
+      matchOperator: In
+  exportV6:
+    - action: Reject
+      cidr: 2001:db8::/32
+      matchOperator: In
+  importV4:
+    - action: Reject
+      cidr: 1.7.2.0/24
+      matchOperator: In
+    - action: Reject
+      cidr: 1.2.3.4/32
+      matchOperator: In
+  importV6:
+    - action: Reject
+      cidr: 2001:db7::/32
+      matchOperator: In
+    - action: Reject
+      cidr: 2001:dc7::/32
+      matchOperator: NotIn

test/yaml/bgp/externalBgpPeer.yaml

@@ -0,0 +1,10 @@
+apiVersion: projectcalico.org/v3
+kind: BGPPeer
+metadata:
+  name: my-global-peer
+spec:
+  nodeSelector: all()
+  peerIP: 172.18.0.7
+  asNumber: 64512
+  filters:
+    - bgpftest

test/yaml/mvpp/test.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: Pod
 metadata:
@@ -7,18 +6,50 @@ metadata:
   name: mvpp
   namespace: mvpp
   annotations:
-    "cni.projectcalico.org/vppExtraMemifPorts":  "tcp:4444-20000,udp:4444-20000"
+    "cni.projectcalico.org/vppExtraMemifPorts":  "udp:6081"
 spec:
   containers:
   - name: mvpp
-    image: calicovpp/vpp:latest
-    command: ["tail", "-f", "/dev/null"]
+    image: docker.io/calicovpp/vpp:6cbd0f8f259f1ea91e0c563cc4a459f776053b2e # with geneve termination
     imagePullPolicy: IfNotPresent
     securityContext:
       privileged: true
     ports:
-    - containerPort: 4444
+    - containerPort: 6081
       protocol: UDP
+    command: ["/bin/bash", "-ec"]
+    args:
+      - |
+        mkdir -p /run/vpp/
+        echo "
+        create memif socket id 1 filename abstract:vpp/memif-eth0
+        create interface memif socket-id 1 id 0 slave buffer-size 4096 rx-queues 1 tx-queues 1
+        set int ip addr memif1/0 $(ip addr show dev eth0 | grep 'inet '| awk '{print $2}')
+        set interface mac address memif1/0 02:00:00:00:00:01
+        ip route add 0.0.0.0/0 via 127.0.0.1 memif1/0
+        ip neighbor memif1/0 127.0.0.1 02:fe:e6:5b:3a:44
+        set int st memif1/0 up
+        " > /run/vpp/vppstartup.conf
+        echo "
+        unix {
+          nodaemon
+          exec /run/vpp/vppstartup.conf
+          cli-listen /run/vpp/cli.sock
+        }
+        buffers {
+          buffers-per-numa 8192
+          default data-size 2048
+          page-size 4K
+        }
+        cpu {
+          workers 0
+        }
+        plugins {
+          plugin default { enable }
+          plugin dpdk_plugin.so { disable }
+        }
+        " > /etc/vpp/vpp.conf
+        vpp -c /etc/vpp/vpp.conf
 ---
 apiVersion: v1
 kind: Service