Creating External IP Address Pool

An external IP address pool is a collection of IPs that MetalLB utilizes to obtain external access IPs for LoadBalancer type internal routes.

TOC

Prerequisites

If you need to use a BGP type external IP address pool, please contact the administrator to enable the relevant features.

Constraints and Limitations

The IP resources for the external address must meet the following conditions:

  • The external address pool must be layer 2 (L2) interconnected with available nodes.

  • The IPs must be usable by the platform and cannot include IPs already in use by the physical network, such as gateway IPs.

  • There must be no overlap with the networks used by the cluster, including Cluster CIDR, Service CIDR, subnets, etc.

  • In a dual-stack environment, ensure that both IPv4 and IPv6 addresses exist simultaneously in the same external address pool, and their counts are both greater than 0. Otherwise, dual-stack LoadBalancer type internal routes will not be able to obtain external access addresses.

  • In an IPv6 environment, nodes' DNS must support IPv6; otherwise, the MetalLB plugin cannot be successfully deployed.

Deploying the MetalLB Plugin

Using the external address pool relies on the MetalLB plugin.

  1. Go to Platform Management.

  2. In the left navigation bar, click Marketplace > Cluster Plugin.

  3. Search MetalLB, click on MetalLB to the right of ⋮ > Deploy.

  4. Wait until the deployment status shows Deployment Successful to complete the deployment.

Example IPAddressPool custom resource (CR)

# ippool-with-L2advertisement.yaml
kind: IPAddressPool
apiVersion: metallb.io/v1beta1
metadata:
  name: test-ippool
  namespace: metallb-system
spec:
  addresses:
    - 13.1.1.1/24
  avoidBuggyIPs: true
---
kind: L2Advertisement
apiVersion: metallb.io/v1beta1
metadata:
  name: test-ippool
  namespace: metallb-system
spec:
  ipAddressPools:
    - test-ippool
  nodeSelectors:
    - matchLabels: {}
      matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
            - 192.168.66.210

BGP mode:

# ippool-with-bgpadvertisement.yaml
kind: IPAddressPool
apiVersion: metallb.io/v1beta1
metadata:
  name: test-pool-bgp
  namespace: metallb-system
spec:
  addresses:
    - 4.4.4.3/23
  avoidBuggyIPs: true
---
kind: BGPAdvertisement
apiVersion: metallb.io/v1beta1
metadata:
  name: test-pool-bgp
  namespace: metallb-system
spec:
  ipAddressPools:
    - test-pool-bgp
  nodeSelectors:
    - matchLabels:
        alertmanager: "true"
  peers:
    - test-bgp-example
  1. Ip pool reference.
INFO

Q: What is L2Advertisement?

A:

  1. L2Advertisement is a Custom Resource (CRD) provided by the MetalLB to control which IP address pool addresses should be broadcast via ARP (IPv4) or NDP (IPv6) in Layer 2 mode.

Q: What is the purpose of L2Advertisement?

A:

  1. Specifying which IP addresses in the IPAddressPool to L2 broadcast to (ARP/NDP advertisements);

  2. Control broadcast behaviour to prevent IP conflicts or cross-segment broadcasts;

  3. Restricting the broadcast range in multi-NIC, multi-network environments.

In short, it tells MetalLB: which IPs can broadcast and to whom (e.g., which nodes).

Without defining a L2Advertisement in Layer2 mode, MetalLB will not advertise any addresses.

Q: What is BGPAdvertisement in MetalLB?

A:

BGPAdvertisement is a Kubernetes Custom Resource Definition (CRD) used in MetalLB, a load-balancer implementation for bare-metal Kubernetes clusters. It controls how IP address ranges (defined in IPAddressPool) are advertised to external networks via BGP (Border Gateway Protocol).

Q: Why is BGPAdvertisement Important?

A:

In MetalLB's BGP mode, the controller peers with external routers using BGP and advertises the IPs assigned to Kubernetes Service objects. The BGPAdvertisement resource allows you to:

  • Control which address pools are advertised

  • Customize route advertisement settings like:

    • Route aggregation

    • BGP communities

    • Local preference (BGP priority)

Without defining a BGPAdvertisement, MetalLB will not advertise any addresses, even if you have configured BGP peers.

Creating an External IP Address Pool by using the web console

  1. Go to Platform Management.

  2. In the left navigation bar, click Network Management > External IP Address Pool.

  3. Click Create External IP Address Pool.

  4. Refer to the following instructions to configure certain parameters.

    ParameterDescription
    Type
    • L2: Communication and forwarding based on MAC addresses, suitable for small-scale or local area networks that require simple and fast layer 2 switching, with advantages in simple configuration and low latency.
    • BGP (Alpha): Routing and forwarding based on IP addresses, using BGP protocol to exchange routing information, suitable for large-scale networks requiring complex routing across multiple autonomous systems, with advantages in high scalability and reliability.
    IP ResourcesSupport input in CIDR and IP range formats. Click Add to support multiple entries, examples as follows:
    CIDR: 192.168.1.1/24.
    IP Range: 192.168.2.1 ~ 192.168.2.255.
    Available NodesIn L2 mode, available nodes are those used to carry all VIP traffic; in BGP mode, available nodes are those used to carry VIPs, establish BGP connections with peers, and announce routes externally.
    • Node Name: Select available nodes based on node names.
    • Label Selector: Select available nodes based on labels.
    • Show Node Details: View final available nodes in a list format.
    Note:
    • When using BGP type, the available nodes are the next-hop nodes; ensure that the selected available nodes are a subset of the BGP Connection Nodes.
    • You can configure either the label selector or the node name separately to choose available nodes; if both are configured simultaneously, the final available nodes are the intersection of both.
    BGP PeersSelect BGP peers; please refer to BGP Peers for specific configurations.
  5. Click Create.

Creating an External IP Address Pool by using the CLI

kubectl apply -f ippool-with-L2advertisement.yaml -f ippool-with-bgpadvertisement.yaml

View Alarm Policy

  1. Go to Platform Management.

  2. In the left navigation bar, click Network Management > External IP Address Pool.

  3. Click View Alarm Policy in the upper right corner of the page to view the general alarm policy for MetalLB.