close
- play_arrow Administration Portal
- play_arrow Introduction
- Unified Administration and Customer Portal Overview
- Administration Portal Overview
- Logging in to Administration Portal
- Switching the Tenant Scope
- Changing the Administration Portal Password
- Changing the Password on First Login
- Resetting the Password
- Setting Password Duration
- Extending the User Login Session
- Setting Up the Cloud CPE Centralized Deployment Model with Administration Portal
- Setting Up the Cloud CPE Distributed Deployment Model with Administration Portal
- play_arrow Managing Objects
- play_arrow Using the Dashboard
- play_arrow Monitoring Alerts, Alarms, and Device Events
- play_arrow Monitoring Tenants SLA Performance
- Multidepartment CPE Device Support
- About the SLA Performance of All Tenants Page
- About the SLA Performance of a Single Tenant Page
- Monitoring Application-Level SLA Performance for real time-optimized SD-WAN
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Understanding SLA Performance Score for Applications, Links, Sites, and Tenants
- play_arrow Monitoring Jobs
- play_arrow Managing POPs
- About the POPs Page
- Creating a Single POP
- Importing Data for Multiple POPs
- Viewing the History of POP Data Imports
- Viewing the History of POP Data Deletions
- Managing a Single POP
- About the VIMs Page
- Creating a Cloud VIM
- About the EMS Page
- Creating an EMS
- Changing the Junos Space Virtual Appliance Password
- About the Routers Page
- Creating Devices
- Configuring Devices
- View the History of Device Data Deletions
- play_arrow Managing Devices
- About the Tenant Devices Page
- About the Cloud Hub Devices Page
- Managing a Tenant Device
- Managing a Cloud Hub Device
- Device Redundancy Support Overview
- Viewing the History of Tenant Device Activation Logs
- Viewing the History of Cloud Hub Device Activation Logs
- Secure OAM Network Overview
- Adding a Cloud Hub Device
- Upgrading a Cloud Hub Device
- Rebooting a CPE Device
- play_arrow Managing Device Templates
- play_arrow Managing Software Images
- play_arrow Configuring Network Services in a Centralized Deployment
- Network Services Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Configuring VNF Properties
- Allocating a Service to Tenants
- Removing a Service from Tenants
- Viewing a Service Configuration
- vSRX VNF Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- Managing a Single Service
- play_arrow Configuring Application SLA Profiles
- Application Quality of Experience (AppQoE) Overview
- About the Application Traffic Type Profiles Page
- Creating Traffic Type Profiles
- Editing and Deleting Traffic Type Profiles
- SLA Profiles and SD-WAN Policies Overview
- Cost-Based Link Switching
- Local Breakout Overview
- About the Application SLA Profiles Page
- Creating SLA Profiles
- Editing and Deleting SLA Profiles
- play_arrow Configuring Application Signatures
- play_arrow Managing Tenants
- play_arrow Managing Operating Companies
- play_arrow Configuring SP Users
- play_arrow Managing Audit Logs
- play_arrow Managing Roles
- play_arrow Configuring Authentication
- play_arrow Configuring Licenses
- play_arrow Customizing the Unified Portal
- play_arrow Managing Signature Database
-
- play_arrow Customer Portal
- play_arrow Introduction
- Unified Administration and Customer Portal Overview
- Customer Portal Overview
- Switching the Tenant Scope
- Accessing Customer Portal
- Setting Up Your Network with Customer Portal
- Changing the Password on First Login
- Changing the Customer Portal Password
- Resetting the Password
- Extending the User Login Session
- play_arrow Using the Dashboard
- play_arrow Managing Objects
- play_arrow Monitoring Security Alerts and Alarms
- play_arrow Monitoring Security and Device Events
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Device Events Page
- About the Screen Events Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- play_arrow Monitoring Threats
- play_arrow Monitoring Jobs
- play_arrow Managing Devices
- play_arrow Managing Device Images
- play_arrow Configuring Network Services in a Distributed Deployment
- Network Service Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Configuring VNF Properties
- vSRX VNF Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy Page
- Creating Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- play_arrow Unified Threat Management
- UTM Overview
- Configuring UTM Settings
- About the UTM Profiles Page
- Creating UTM Profiles
- Editing, Cloning, and Deleting UTM Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SD-WAN
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Creating Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Creating a Department
- Modifying a Department
- Deleting a Department
- play_arrow Managing Deployments
- play_arrow Managing Sites
- About the Sites Page
- Local Breakout Overview
- Multihoming Overview
- Device Redundancy Support Overview
- Upgrading Sites Overview
- Creating Spoke Sites for Hybrid WAN Deployment
- Creating Local Service Edge Sites for Hybrid WAN Deployment
- Creating Regional Service Edge Sites for Hybrid WAN Deployment
- Creating On-Premise Hub Sites for SD-WAN Deployment
- Creating On-Premise Spoke Sites for SD-WAN Deployment
- Creating Cloud Hub Sites for SD-WAN Deployment
- Creating Cloud Spoke Sites for SD-WAN Deployment
- Provisioning a Cloud Spoke Site in AWS VPC
- Importing Multiple Sites
- Managing a Single Site
- Configuring a Single Site
- Upgrading Sites
- Managing LAN Segments on a Tenant Site
- Activating a CPE Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Configuring VRFs and PNE Details for a Site in a Centralized Deployment
- play_arrow Managing Site Groups
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Performing Different Actions on Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Editing and Deleting Log Report Definitions
- Editing and Deleting Bandwidth Report Definitions
- play_arrow SD-WAN Reports
- play_arrow Managing Tenant Users
- play_arrow Managing Audit Logs
- play_arrow Managing Tenant User Roles
- play_arrow Licenses
- play_arrow Signature Database
- play_arrow Managing Certificates
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Designer Tools
- play_arrow Configuration Designer
- Configuration Designer Overview
- Accessing the Configuration Designer
- Using the Configuration Designer
- Changing Your Password
- About the Requests Page for the Configuration Designer
- Creating Requests for Configuration Templates
- Designing Templates with a YANG Configuration
- Designing Templates with a Configuration
- Publishing Configuration Templates
- About the Designs Page for the Configuration Designer
- Cloning Configuration Templates
- Deleting Configuration Template Designs
- play_arrow Resource Designer
- Resource Designer Overview
- Using the Resource Designer
- Accessing the Resource Designer
- About the Requests Page for the Resource Designer
- VNF Overview
- Creating Requests for VNF Packages
- Designing VNF Packages
- Adding VNF Managers
- Publishing VNF Packages
- About the Designs Page for the Resource Designer
- Cloning VNF Packages
- Importing VNF Packages
- Exporting VNF Packages
- Deleting VNF Packages
- play_arrow Network Service Designer introduction
- play_arrow Creating Requests for Network Services
- play_arrow Creating Network Services
- About the Build Page for the Network Service Designer
- Viewing Information About VNFs
- Designing Network Services
- Connecting VNFs in a Service Chain
- Defining Ingress and Egress Points for a Service Chain
- Monitoring Performance Goals
- Configuring Network Services
- vSRX Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- Fortinet VNF Configuration Settings
- Ubuntu VNF Configuration Settings
- play_arrow Managing Network Services
-
- play_arrow Downloads
list Table of Contents
Verifying Configuration for CNI for Kubernetes
Use the verification steps in this topic to view and verify your configuration of Contrail Container Network Interface (CNI) for Kubernetes.
View Pod Name and IP Address
Use the following command to view the IP address allocated to a pod.
content_copy zoom_out_map
[root@device ~]# kubectl get pods --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE default client-1 1/1 Running 0 19d 10.47.25.247 k8s-minion-1-3 default client-2 1/1 Running 0 19d 10.47.25.246 k8s-minion-1-1 default client-x 1/1 Running 0 19d 10.84.21.272 k8s-minion-1-1
Verify Reachability of Pods
Perform the following steps to verify if the pods are reachable to each other.
- Determine the IP address and name of the pod.content_copy zoom_out_map
[root@device ~]# kubectl get pods --all-namespaces -o wide NAME READY STATUS RESTARTS AGE IP NODE example1-36xpr 1/1 Running 0 43s 10.47.25.251 b3s37 example2-pldp1 1/1 Running 0 39s 10.47.25.250 b3s37
- Ping the destination pod from the source pod to verify
if the pod is reachable.content_copy zoom_out_map
root@device ~]# kubectl exec -it example1-36xpr ping 10.47.25.250 PING 10.47.25.250 (10.47.25.250): 56 data bytes 64 bytes from 10.47.25.250: icmp_seq=0 ttl=63 time=1.510 ms 64 bytes from 10.47.25.250: icmp_seq=1 ttl=63 time=0.094 ms
Verify If Isolated Namespace-Pods Are Not Reachable
Perform the following steps to verify if pods in isolated namespaces cannot be reached by pods in non-isolated namespaces.
- Determine the IP address and name of a pod in an isolated
namespace.content_copy zoom_out_map
[root@device ~]# kubectl get pod -n test-isolated-ns -o wide NAME READY STATUS RESTARTS AGE IP NODE example3-bvqx5 1/1 Running 0 1h 10.47.25.249 b3s37
- Determine the IP address of a pod in a non-solated namespace.content_copy zoom_out_map
[root@device ~]# kubectl get pods NAME READY STATUS RESTARTS AGE example1-36xpr 1/1 Running 0 15h example2-pldp1 1/1 Running 0 15h
- Ping the IP address of the pod in the isolated namespace
from the pod in the non-isolated namespace.content_copy zoom_out_map
[root@device ~]# kubectl exec -it example1-36xpr ping 10.47.25.249 --- 10.47.255.249 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss
Verify If Non-Isolated Namespace-Pods Are Reachable
Perform the following steps to verify if pods in non-isolated namespaces can be reached by pods in isolated namespaces.
- Determine the IP address of a pod in a non-isolated namespace.content_copy zoom_out_map
[root@device ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE example1-36xpr 1/1 Running 0 15h 10.47.25.251 b3s37 example2-pldp1 1/1 Running 0 15h 10.47.25.250 b3s37
- Determine the IP address and name of a pod in an isolated
namespace.content_copy zoom_out_map
[root@device ~]# kubectl get pod -n test-isolated-ns -o wide NAME READY STATUS RESTARTS AGE IP NODE example3-bvqx5 1/1 Running 0 1h 10.47.25.249 b3s37
- Ping the IP address of the pod in the non-isolated namespace
from a pod in the isolated namespace.content_copy zoom_out_map
[root@device ~]# kubectl exec -it example3-bvqx5 -n test-isolated-ns ping 10.47.25.251 PING 10.47.25.251 (10.47.25.251): 56 data bytes 64 bytes from 10.47.25.251: icmp_seq=0 ttl=63 time=1.467 ms 64 bytes from 10.47.25.251: icmp_seq=1 ttl=63 time=0.137 ms ^C--- 10.47.25.251 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.137/0.802/1.467/0.665 ms
Verify If a Namespace is Isolated
Namespace annotations are used to turn on isolation in a Kubernetes
namespace. In isolated Kubernetes namespaces, the namespace metadata
is annotated with the opencontrail.org/isolation : true annotation.
Use the following command to view annotations on a namespace.
content_copy zoom_out_map
[root@a7s16 ~]# kubectl describe namespace test-isolated-ns Name: test-isolated-ns Labels: <none> Annotations: opencontrail.org/isolation : true Namespace is isolated Status: Active
