bird: gateway recursive on BGP protocols

Default is `gateway direct` — BIRD silently rejects kernel routes whose
via address isn't on a directly-connected network interface. Our anycast
host routes use a pod /128 (or /32) as via, which is itself a kernel
route on a flock veth, not a connected network. With `gateway
recursive`, BIRD does a recursive lookup and accepts the kernel route.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

pkg/routing/bird/config.go

@@ -64,6 +64,11 @@ protocol kernel kernel4 {
   };
 }
 
+# gateway recursive is set per BGP protocol below — it controls how
+# BIRD resolves a route's next-hop when the gateway isn't on a directly
+# connected interface (our case: anycast routes use the pod's /128 eth0
+# IP as via, which is itself a host route, not a network).
+
 protocol static static6 {
   ipv6;
   {{range $cidr := .CIDR6}}route {{$cidr}} blackhole;
@@ -79,6 +84,7 @@ protocol bgp upstream6_{{$i}} {
   local{{if $.LocalV6}} {{$.LocalV6}}{{end}} as {{$.LocalASN}};
   neighbor {{$p.Address}} as {{$p.ASN}};
   graceful restart;
+  gateway recursive;
   ipv6 {
     import all;
     next hop self;
@@ -94,6 +100,7 @@ protocol bgp upstream4_{{$i}} {
   local{{if $.LocalV4}} {{$.LocalV4}}{{end}} as {{$.LocalASN}};
   neighbor {{$p.Address}} as {{$p.ASN}};
   graceful restart;
+  gateway recursive;
   ipv4 {
     import all;
     next hop self;