Install and Verify Juniper Cloud-Native Router on Amazon EKS
The Juniper Cloud-Native Router uses the the JCNR-Controller (cRPD) to provide control plane capabilities and JCNR-CNI to provide a container network interface. Juniper Cloud-Native Router uses the DPDK-enabled vRouter to provide high-performance data plane capabilities and Syslog-NG to provide notification functions. This section explains how you can install these components of the Cloud-Native Router.
Install Juniper Cloud-Native Router Using Juniper Support Site Package
Read this section to learn the steps required to install the cloud-native router components using Helm charts.
- Review the System Requirements for EKS Deployment to ensure the setup has all the required configuration.
-
Download the desired JCNR software package to the directory of your choice.
You have the option of downloading the package to install JCNR only or downloading the package to install JNCR together with Juniper cSRX. See JCNR Software Download Packages for a description of the packages available. If you don't want to install Juniper cSRX now, you can always choose to install Juniper cSRX on your working JCNR installation later.
-
Expand the file
Juniper_Cloud_Native_Router_<release-number>.tgz.
tar xzvf Juniper_Cloud_Native_Router_<release-number>.tgz
-
Change directory to the main installation directory.
If you're installing JCNR only, then:
cd Juniper_Cloud_Native_Router_<release>
If you're installing JCNR and cSRX at the same time, then:
cd Juniper_Cloud_Native_Router_CSRX_<release>
Note:All remaining steps in the installation assume that your current working directory is now either Juniper_Cloud_Native_Router_<release> or Juniper_Cloud_Native_Router_CSRX_<release>.
-
View the contents in the current directory.
ls helmcharts images README.md secrets
-
Change to the helmchart directory and expand the Helm
chart.
cd helmchart
For JCNR only:
ls jcnr-<release>.tgz
tar -xzvf jcnr-<release>.tgz
ls jcnr jcnr-<release>.tgz
For the combined JCNR and cSRX:
ls jcnr_csrx-<release>.tgz
tar -xzvf jcnr_csrx-<release>.tgz
ls jcnr_csrx jcnr_csrx-<release>.tgz
- Follow the steps in Installing Your License to install your JCNR license.
-
Enter the root password for your host server into the
secrets/jcnr-secrets.yaml file at the following
line:
root-password: <add your password in base64 format>
You must enter the password in base64-encoded format. To encode the password, create a file with the plain text password on a single line. Then issue the command:base64 -w 0 rootPasswordFile -
Apply secrets/jcnr-secrets.yaml to the cluster.
kubectl apply -f secrets/jcnr-secrets.yaml namespace/jcnr created secret/jcnr-secrets created
-
Create the JCNR ConfigMap if using the Virtual Router Redundancy Protocol
(VRRP) for your JCNR cluster. A sample
jcnr-aws-config.yamlmanifest is provided incRPD_examplesdirectory in the installation bundle. Apply thejcnr-aws-config.yamlto the Kubernetes system.kubectl apply -f jcnr-aws-config.yaml configmap/jcnr-aws-config created
- If desired, configure how cores are assigned to the vRouter DPDK containers. See Allocate CPUs to the JCNR Forwarding Plane.
-
Customize the Helm chart for your deployment using the
helmchart/jcnr/values.yaml or
helmchart/jcnr_csrx/values.yaml file.
See Customize JCNR Helm Chart for EKS Deployment for descriptions of the helm chart configurations and a sample helm chart for EKS deployment.
-
Optionally, customize JCNR configuration.
See, Customize JCNR Configuration for creating and applying the cRPD customizations.
- If you're installing Juniper cSRX now, then follow the procedure in Apply the cSRX License and Configure cSRX.
-
Install Multus CNI using the following command:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/v3.7.2-eksbuild.1/aws-k8s-multus.yaml
- Install the Amazon Elastic Block Storage (EBS) Container Storage Interface (CSI) driver.
-
Label the nodes where you want JCNR to be installed based on the
nodeaffinityconfiguration (if defined in thevalues.yaml). For example:kubectl label nodes ip-10.0.100.17.us-east-2.compute.internal key1=jcnr --overwrite
-
Deploy the Juniper Cloud-Native Router using the Helm chart.
Navigate to the helmchart/jcnr or the helmchart/jcnr_csrx directory and run the following command:
helm install jcnr .
helm install jcnr_csrx .
NAME: jcnr LAST DEPLOYED: Fri Dec 22 06:04:33 2023 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None
-
Confirm Juniper Cloud-Native Router deployment.
helm ls
Sample output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION jcnr default 1 2023-12-22 06:04:33.144611017 -0400 EDT deployed jcnr-<version> <version>
Install Juniper Cloud-Native Router Using AWS Marketplace Subscription (BYOL)
Use this procedure to install JCNR (BYOL) from AWS Marketplace using Helm charts.
This procedure installs JCNR on your existing Amazon EKS cluster. Ensure you've set up your Amazon EKS cluster prior to running this procedure. You can use any method to create an EKS cluster as long as it meets the system requirements described in System Requirements for EKS Deployment.
For convenience, we've provided a CloudFormation template that you can use to quickly get a cluster up and running. This template is provided in CloudFormation Template for EKS Cluster.
- Review the System Requirements for EKS Deployment to ensure the setup has all the required configuration.
- Log in to and search for JCNR products from the AWS Marketplace.
- Select the JCNR (BYOL) product and subscribe to it.
-
Scroll down on the selected product's landing page to view the usage
instructions.
The instructions show you how to log in to the ECR Helm registry and download the JCNR helm chart.
-
Copy and run the provided usage instructions on the setup where you issue
your AWS CLI commands.
aws configure aws ecr get-login-password <...> helm pull oci: <...>
This downloads the jcnr-<version>.tgz file onto your setup. -
Expand the file
jcnr-<version>.tgz.
tar xzvf jcnr-<version>.tgz
-
Change directory to
jcnr.cd jcnr
Note:All remaining steps in the installation assume that your current working directory is now jcnr.
-
View the contents in the current directory.
ls Chart.yaml charts cRPD_examples scripts secrets values.yaml
- Follow the steps in Installing Your License to install your JCNR license.
-
Enter the root password for your host server into the
secrets/jcnr-secrets.yaml file at the following
line:
root-password: <add your password in base64 format>
You must enter the password in base64-encoded format. To encode the password, create a file with the plain text password on a single line. Then issue the command:base64 -w 0 rootPasswordFile -
Apply secrets/jcnr-secrets.yaml to the cluster.
kubectl apply -f secrets/jcnr-secrets.yaml namespace/jcnr created secret/jcnr-secrets created
-
Create the JCNR ConfigMap if using the Virtual Router Redundancy Protocol
(VRRP) for your JCNR cluster. Apply the
jcnr-aws-config.yamlto the Kubernetes system.kubectl apply -f jcnr-aws-config.yaml configmap/jcnr-aws-config created
- If desired, configure how cores are assigned to the vRouter DPDK containers. See Allocate CPUs to the JCNR Forwarding Plane.
-
Customize the helm chart for your deployment using the
values.yaml file.
See, Customize JCNR Helm Chart for EKS Deployment for descriptions of the helm chart configurations and a sample helm chart for EKS deployment.
-
Optionally, customize JCNR configuration.
See Customize JCNR Configuration for creating and applying the cRPD customizations.
-
Verify that the Amazon EBS CSI driver role policy has been attached to the
EKS cluster node role.
aws iam list-attached-role-policies --role-name <EKS_Cluster_Node_Role_Name>
Look for
arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicyin the output. If this policy is not listed, add it as follows:aws iam attach-role-policy --role-name <EKS_Cluster_Node_Role_Name> --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
-
Verify that the Amazon VPC CNI role policy has been attached to the EKS
cluster node role.
aws iam list-attached-role-policies --role-name <EKS_Cluster_Node_Role-Name>
Look for
arn:aws:iam::aws:policy/AmazonEKS_CNI_Policyin the output. If this policy is not listed, add it as follows:aws iam attach-role-policy --role-name <EKS_Cluster_Node_Role_Name> --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-
Verify that the Amazon EBS CSI driver and Amazon VPC CNI add-ons are
installed.
aws eks describe-addon-versions --addon-name aws-ebs-csi-driver
aws eks describe-addon-versions --addon-name vpc-cni
If any of the add-ons is not installed, you can install them respectively as follows:
aws eks create-addon --cluster-name my-cluster --addon-name aws-ebs-csi-driver --addon-version <version> --service-account-role-arn <EKS_Cluster_Node_IAM_role_ARN>
aws eks create-addon --cluster-name my-cluster --addon-name vpc-cni --addon-version <version> --service-account-role-arn <EKS_Cluster_Node_IAM_role_ARN>
Be sure to install the versions listed in Minimum Host System Requirements for EKS. -
Label the nodes where you want JCNR to be installed based on the
nodeaffinityconfiguration (if defined in thevalues.yaml). For example:kubectl label nodes ip-10.0.100.17.us-east-2.compute.internal key1=jcnr --overwrite
-
Deploy the Juniper Cloud-Native Router using the helm chart.
Run the following command:
helm install jcnr .
NAME: jcnr LAST DEPLOYED: <date_time> NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None
-
Confirm Juniper Cloud-Native Router deployment.
helm ls
Sample output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION jcnr default 1 <date_time> deployed jcnr-<version> <version>
Verify JCNR Installation on Amazon EKS
Note:
The output shown in this example procedure is affected by the number of nodes in the cluster. The output you see in your setup may differ in that regard.
-
Verify the state of the JCNR pods by issuing the
kubectl get pods -Acommand. The output of thekubectlcommand shows all of the pods in the Kubernetes cluster in all namespaces. Successful deployment means that all pods are in the running state. In this example we have marked the Juniper Cloud-Native Router Pods in bold. For example:kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE contrail-deploy contrail-k8s-deployer-5b6c9656d5-nw9t9 1/1 Running 0 13d contrail jcnr-0-dp-contrail-vrouter-nodes-b2jxp 2/2 Running 0 13d contrail jcnr-0-dp-contrail-vrouter-nodes-vrdpdk-g7wrk 1/1 Running 0 13d jcnr jcnr-0-crpd-0 1/1 Running 0 13d jcnr syslog-ng-tct27 1/1 Running 0 13d kube-system aws-node-k8hxl 1/1 Running 1 (15d ago) 15d kube-system ebs-csi-node-c8rbh 3/3 Running 3 (15d ago) 15d kube-system kube-multus-ds-8nzhs 1/1 Running 1 (13d ago) 13d kube-system kube-proxy-h669c 1/1 Running 1 (15d ago) 15d
-
Verify the JCNR daemonsets by issuing the
kubectl get ds -Acommand. Use thekubectl get ds -Acommand to get a list of daemonsets. The JCNR daemonsets are highlighted in bold text.kubectl get ds -A
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE contrail jcnr-0-dp-contrail-vrouter-nodes 1 1 1 1 1 <none> 13d contrail jcnr-0-dp-contrail-vrouter-nodes-vrdpdk 1 1 1 1 1 <none> 13d jcnr syslog-ng 1 1 1 1 1 <none> 13d kube-system aws-node 8 8 8 8 8 <none> 15d kube-system ebs-csi-node 8 8 8 8 8 kubernetes.io/os=linux 15d kube-system ebs-csi-node-windows 0 0 0 0 0 kubernetes.io/os=windows 15d kube-system kube-multus-ds 8 8 8 8 8 <none> 13d kube-system kube-proxy 8 8 8 8 8 <none> 15d
-
Verify the JCNR statefulsets by issuing the
kubectl get statefulsets -Acommand. The command output provides the statefulsets.kubectl get statefulsets -A
NAMESPACE NAME READY AGE jcnr jcnr-0-crpd 1/1 27m
-
Verify if the cRPD is licensed and has the appropriate
configurations.
- View the Access the cRPD CLI section for instructions to access the cRPD CLI.
-
Once you have access the cRPD CLI, issue the
show system licensecommand in the cli mode to view the system licenses. For example:root@jcnr-01:/# cli root@jcnr-01> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed containerized-rpd-standard 1 1 0 2024-09-20 16:59:00 PDT Licenses installed: License identifier: 85e5229f-0c64-0000-c10e4-a98c09ab34a1 License SKU: S-CRPD-10-A1-PF-5 License version: 1 Order Type: commercial Software Serial Number: 1000098711000-iHpgf Customer ID: Juniper Networks Inc. License count: 15000 Features: containerized-rpd-standard - Containerized routing protocol daemon with standard features date-based, 2022-08-21 17:00:00 PDT - 2027-09-20 16:59:00 PDT -
Issue the
show configuration | display setcommand in the cli mode to view the cRPD default and custom configuration. The output will be based on the custom configuration and the JCNR deployment mode.root@jcnr-01# cli root@jcnr-01> show configuration | display set
-
Type the
exitcommand to exit from the pod shell.
-
Verify the vRouter interfaces configuration.
- View the Access the vRouter CLI section for instructions on how to access the vRouter CLI.
-
Once you have accessed the vRouter CLI, issue the
vif --listcommand to view the vRouter interfaces . The output will depend upon the JCNR deployment mode and configuration. An example for L3 mode deployment, with one fabric interface configured, is provided below:$ vif --list Vrouter Interface Table Flags: P=Policy, X=Cross Connect, S=Service Chain, Mr=Receive Mirror Mt=Transmit Mirror, Tc=Transmit Checksum Offload, L3=Layer 3, L2=Layer 2 D=DHCP, Vp=Vhost Physical, Pr=Promiscuous, Vnt=Native Vlan Tagged Mnp=No MAC Proxy, Dpdk=DPDK PMD Interface, Rfl=Receive Filtering Offload, Mon=Interface is Monitored Uuf=Unknown Unicast Flood, Vof=VLAN insert/strip offload, Df=Drop New Flows, L=MAC Learning Enabled Proxy=MAC Requests Proxied Always, Er=Etree Root, Mn=Mirror without Vlan Tag, HbsL=HBS Left Intf HbsR=HBS Right Intf, Ig=Igmp Trap Enabled, Ml=MAC-IP Learning Enabled, Me=Multicast Enabled vif0/0 Socket: unix MTU: 1514 Type:Agent HWaddr:00:00:5e:00:01:00 Vrf:65535 Flags:L2 QOS:-1 Ref:3 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 RX packets:0 bytes:0 errors:0 TX packets:0 bytes:0 errors:0 Drops:0 vif0/1 PCI: 0000:00:07.0 (Speed 1000, Duplex 1) NH: 6 MTU: 9000 Type:Physical HWaddr:0e:d0:2a:58:46:4f IPaddr:0.0.0.0 DDP: OFF SwLB: ON Vrf:0 Mcast Vrf:0 Flags:L3L2 QOS:0 Ref:8 RX device packets:20476 bytes:859992 errors:0 RX port packets:20476 errors:0 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 Fabric Interface: 0000:00:07.0 Status: UP Driver: net_ena RX packets:20476 bytes:859992 errors:0 TX packets:2 bytes:180 errors:0 Drops:0 TX port packets:2 errors:0 TX device packets:8 bytes:740 errors:0 vif0/2 PCI: 0000:00:08.0 (Speed 1000, Duplex 1) NH: 7 MTU: 9000 Type:Physical HWaddr:0e:6a:9e:04:da:6f IPaddr:0.0.0.0 DDP: OFF SwLB: ON Vrf:0 Mcast Vrf:0 Flags:L3L2 QOS:0 Ref:8 RX device packets:20476 bytes:859992 errors:0 RX port packets:20476 errors:0 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 Fabric Interface: 0000:00:08.0 Status: UP Driver: net_ena RX packets:20476 bytes:859992 errors:0 TX packets:2 bytes:180 errors:0 Drops:0 TX port packets:2 errors:0 TX device packets:8 bytes:740 errors:0 vif0/3 PMD: eth2 NH: 10 MTU: 9000 Type:Host HWaddr:0e:d0:2a:58:46:4f IPaddr:0.0.0.0 DDP: OFF SwLB: ON Vrf:0 Mcast Vrf:65535 Flags:L3L2DProxyEr QOS:-1 Ref:11 TxXVif:1 RX device packets:2 bytes:180 errors:0 RX queue packets:2 errors:0 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 RX packets:2 bytes:180 errors:0 TX packets:20476 bytes:859992 errors:0 Drops:0 TX queue packets:20476 errors:0 TX device packets:20476 bytes:859992 errors:0 vif0/4 PMD: eth3 NH: 15 MTU: 9000 Type:Host HWaddr:0e:6a:9e:04:da:6f IPaddr:0.0.0.0 DDP: OFF SwLB: ON Vrf:0 Mcast Vrf:65535 Flags:L3L2DProxyEr QOS:-1 Ref:11 TxXVif:2 RX device packets:2 bytes:180 errors:0 RX queue packets:2 errors:0 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 RX packets:2 bytes:180 errors:0 TX packets:20476 bytes:859992 errors:0 Drops:0 TX queue packets:20476 errors:0 TX device packets:20476 bytes:859992 errors:0 -
Type
exitto exit from the pod shell.