From 7ac497249f84732c0677746c9b22713221dcf564 Mon Sep 17 00:00:00 2001
From: Donavan Fritz <dfritz@netflix.com>
Date: Sat, 25 Apr 2026 08:09:00 -0500
Subject: [PATCH] bird: gateway recursive on BGP protocols
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Default is `gateway direct` — BIRD silently rejects kernel routes whose
via address isn't on a directly-connected network interface. Our anycast
host routes use a pod /128 (or /32) as via, which is itself a kernel
route on a flock veth, not a connected network. With `gateway
recursive`, BIRD does a recursive lookup and accepts the kernel route.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
---
 pkg/routing/bird/config.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/routing/bird/config.go b/pkg/routing/bird/config.go
index e7a6845..c23d144 100644
--- a/pkg/routing/bird/config.go
+++ b/pkg/routing/bird/config.go
@@ -64,6 +64,11 @@ protocol kernel kernel4 {
   };
 }
 
+# gateway recursive is set per BGP protocol below — it controls how
+# BIRD resolves a route's next-hop when the gateway isn't on a directly
+# connected interface (our case: anycast routes use the pod's /128 eth0
+# IP as via, which is itself a host route, not a network).
+
 protocol static static6 {
   ipv6;
   {{range $cidr := .CIDR6}}route {{$cidr}} blackhole;
@@ -79,6 +84,7 @@ protocol bgp upstream6_{{$i}} {
   local{{if $.LocalV6}} {{$.LocalV6}}{{end}} as {{$.LocalASN}};
   neighbor {{$p.Address}} as {{$p.ASN}};
   graceful restart;
+  gateway recursive;
   ipv6 {
     import all;
     next hop self;
@@ -94,6 +100,7 @@ protocol bgp upstream4_{{$i}} {
   local{{if $.LocalV4}} {{$.LocalV4}}{{end}} as {{$.LocalASN}};
   neighbor {{$p.Address}} as {{$p.ASN}};
   graceful restart;
+  gateway recursive;
   ipv4 {
     import all;
     next hop self;