What Is the Juniper® Cloud-Native Router?
Overview
Juniper Cloud-Native Router (JCNR) is a container-based software solution that combines the JCNR-controller (cRPD-based control plane) and the JCNR-vRouter (DPDK-enabled forwarding/data plane). With the cloud-native router, you can enable Junos OS-based switching control with enhanced forwarding capabilities.
JCNR-controller running on a Kubernetes (K8s) compute-host provides control plane management functionality and uses the forwarding capabilities provided by either the Linux kernel or the DPDK-enabled JCNR-vRouter.
DPDK is an open source set of libraries and drivers. DPDK enables fast packet processing by allowing network interface cards (NICs) to send direct memory access (DMA) packets directly into an application’s address space. The applications poll for packets, to avoid the overhead of interrupts from the NIC. Integrating with DPDK allows a vRouter to process more packets per second than is possible when the vRouter runs as a kernel module.
In this integrated solution, JCNR-Controller uses gRPC-based services to exchange messages and to communicate with JCNR-vRouter, thus creating the fully functional Cloud-Native Router. This close communication allows you to:
-
Learn about fabric and workload interfaces
-
Provision DPDK- or kernel-based interfaces for K8s pods as needed
-
Configure IPv4 and IPv6 address allocation for Pods
Benefits
-
Higher packet forwarding performance with DPDK-based JCNR-vRouter
-
Easy deployment, removal, and upgrade on general purpose compute devices using Helm
-
Full switching and forwarding stacks in software
-
Basic L2 functionality, such as MAC learning, MAC aging, MAC limiting, and L2 statistics
-
L2 reachability to Radio Units (RU) for management traffic
-
L2 reachability to physical distributed units (DU) such as 5G millimeter wave DUs or 4G DUs
-
VLAN tagging
-
Bridge domains
-
Trunk, access, and sub-interface ports
-
Supports multiple virtual functions (VF) on Ethernet NICs
-
Support for bonded VF interfaces
-
Configurable L2 access control lists (ACLs)
-
Rate limiting of egress broadcast and multicast traffic on fabric interfaces
-
Out-of-the-box software-based open radio access network (O-RAN) support
-
Quick spin up with containerized deployment
-
Highly scalable solution
Kubernetes (K8s) is an orchestration platform for running containerized applications in a clustered computing environment. It provides automatic deployment, scaling, networking, and management of containerized applications.
A K8s pod consists of one or more containers, with each pod representing an instance of the application. A pod is the smallest unit that K8s can manage. All containers in the pod share the same network name space.
We rely on K8s to orchestrate the infrastructure that the cloud-native router needs to operate. However, we do not supply K8s installation or management instructions in this documentation. See https://kubernetes.io for Kubernetes documentation. Currently, Juniper Cloud-Native Router requires that the K8s cluster be a standalone cluster, meaning that the K8s master and worker functions both run on a single node.
Juniper Cloud-Native Router Components
Juniper Cloud-Native Router ControllerThe JCNR-Controller (cRPD) is the control-plane part of the Juniper Cloud-Native Router solution. You use the controller to communicate with the other elements of the cloud-native router. Configuration, policies and rules that you set on the controller at deploy time are communicated to other components, primarily the JCNR-vRouter-agent and JCNR-vRouter for implementation.
For example, access control lists (ACLs) are supported on JCNR-Controller to configure L2 access lists with deny rules. JCNR-controller sends the configuration information to the JCNR-vRouter through the JCNR-vRouter agent.
Juniper Cloud-Native Router Controller Functionality:
-
Exposes Junos OS compatible CLI configuration and operation commands that are accessible to external automation and orchestration systems using the NETCONF protocol.
-
Supports JCNR-vRouter as the high-speed forwarding plane. This enables applications that are built using the DPDK framework to send and receive packets directly to the application and the JCNR-vRouter without passing through the kernel.
-
Support for configuration of VLAN-tagged sub-interfaces on physical function (PF), virtual function (VF), virtio, access, and trunk interfaces managed by the DPDK-enabled JCNR-vRouter.
-
Supports configuration of bridge domains
JCNR-vRouter is an alternative to the Linux bridge or the Open vSwitch (OVS) module in the Linux kernel. The pod which houses the JCNR-vRouter container also houses the JCNR-vRouter agent container. JCNR-vRouter functions to:
-
Perform L2 forwarding
-
Perform L2 rate-limiting
-
Allows the use of DPDK-based forwarding
-
Enforce L2 access control lists (ACLs)
JCNR-CNI is a new CNI developed by Juniper to handle Juniper-developed Pods like JCNR-vRouter agent and JCNR-vRouter agent DPDK, along with DPDK application Pods and the cloud-native router controller. JCNR-CNI is a kubernetes CNI plugin installed on each node to provision network interfaces for application pods. During pod creation, K8s delegates Pod interface creation and configuration to JCNR-CNI. JCNR-CNI interacts with JCNR control-plane and JCNR-vrouter to setup DPDK interfaces. When a Pod is removed, JCNR-CNI is invoked to de-provision the Pod interface, configuration, and associated state in K8s and cloud-native router components. JCNR-CNI works with the Multus CNI to add and configure Pod interfaces.
JCNR-CNI provides the following functionality:
-
Manages the networking tasks in K8s pods such as assigning IP addresses, allocating MAC addresses, and setting up interfaces between the Pod and host in a K8s cluster
-
Applies L2 ACLs. The policies are sent to JCNR-vRouter for applying in the data plane
-
Acts on Pod events such as add and delete
-
Generates cRPD configuration
Juniper Cloud-Native Router uses a syslog-ng Pod to gather event logs from cRPD and vRouter and transform the logs into JSON-based notifications. The notifications are logged to a file and can be accessed from that file.