vRouter Session Analytics in Contrail Networking
Juniper Networks supports the collection, storage, and query for vRouter traffic in environments using Cloud-Native Contrail® Networking™ Release 22.1 or later in a Kubernetes-orchestrated environment.
Collector Module
Contrail Networking collects user visible entities (UVEs) and traffic information (session)
for traffic analysis and troubleshooting. The collector
module provides the
function of storing these objects and provides APIs to access the collected information.
The Contrail Networking vRouter agent exports data records to the collector when events are created or deleted.
Collector Deployment
The following components are installed in the Contrail cluster in the
contrail
namespace (NS):
- Collector Microservice—Collects incoming events.
- InfluxDB—A time series database built specifically for storing time series data. Works with Grafana as a visualization tool for time series data.
- Fluentd—Logging agent that performs log collection, parsing, and distribution to other services such asOpenSearch.
- OpenSearch—OpenSearch is the search and analytics engine in the AWS OpenSearch Stack, providing real-time search and analytics for all types of data.
- OpenSearch Dashboards —User interface that lets you visualize your OpenSearch data and navigate the OpenSearch Stack.
Data Collection
Figure 1 shows the data collection.
UVEs
UVEs are stored in OpenSearch in an index named by the name of the UVE.
Session
Session records are stored in InfluxDB. These records are pushed as events from all agents. This data is downsampled for longer duration. Retention periods of live, downsampled table, and downsampling windows are configurable using the configuration.
Column | Filterable | Detail |
---|---|---|
vn |
Yes | Client Virtual Network |
vmi |
Yes | Interface |
remote_vn |
Yes | Server Virtual Network |
vrouter_ip |
Yes | Agent IP |
local_ip |
Yes | Client IP |
client_port |
Yes | Client Port |
remote_ip |
Yes | Server IP |
server_port |
Yes | Server Port |
protocol |
Yes | Protocol |
label.local.<label-name> |
Yes | Client Pod Labels (For example, client pod with label site maps to
label.local.site tag in database.) |
label.remote.<label-name> |
Yes | Server Pod Labels |
forward_sampled_bytes |
No | Bytes Sent |
forward_sampled_pkts |
No | Packets Sent |
reverse_sampled_bytes |
No | Bytes Received |
reverse_sampled_pkts |
No | Packets Received |
total_bytes |
No | Total Bytes Exchanged |
Configure Data Collection
To configure vRouter agents to send SessionEndpoint
messages to the
fluentd
service, run the following three commands. Replace
<cluster-ip>
with the IP address of the cluster.
kubectl -n contrail patch vrouter contrail-vrouter-masters --type=merge -p '{"spec":{"agent":{"default":{"collectors":["<cluster-ip>:24224"]}}}}'
kubectl -n contrail patch vrouter contrail-vrouter-nodes --type=merge -p '{"spec":{"agent":{"default":{"collectors":["<cluster-ip>:24224"]}}}}'
kubectl -n contrail patch gvc default-global-vrouter-config --type=merge -p '{"spec":{"flowExportRate": 10000}}'
After running the three configuration commands, restart vRouter for the configuration to take effect. To restart vRouter, run the following command:
kubectl -n contrail delete $(kubectl get pods -l 'app in (contrail-vrouter-masters, contrail-vrouter-nodes)' -n contrail -o name)
Collector Query
The collector
modules provide a query interface for access.
Run a Query
Example Query
The following query gets total bytes exchanged between unique source-destination pairs (by
labels) in the contrail-analytics
namespace:
{ "granularity": 3600, "column": [ { "name": "total_bytes", "aggregation": "sum" }, { "name": "/^label.*/", "regex": true } ], "skip_columns": [ "label.remote.pod-template-hash", "label.local.pod-template-hash" ], "range":{ "start_time": -3600 }, "filter": [ { "field": "label.local.namespace", "operator": "==", "value": "contrail-analytics" }, { "field": "label.remote.namespace", "operator": "==", "value": "contrail-analytics" } ] }
Example Query Response
{ "status": "success", "total": 5, "data": { "resultType": "matrix", "result": [ { "metric": { "label.local.namespace": "contrail-analytics", "label.remote.app": "collector", "label.remote.namespace": "contrail-analytics" }, "fields": [ "_time", "total_bytes" ], "values": [ [ 1645768800, 31012095 ] ] }, { "metric": { "label.local.namespace": "contrail-analytics", "label.remote.app": "opensearch", "label.remote.chart": "opensearch", "label.remote.controller-revision-hash": "opensearch-7fcc8df678", "label.remote.namespace": "contrail-analytics", "label.remote.release": "contrail-analytics" }, "fields": [ "_time", "total_bytes" ], "values": [ [ 1645768800, 221493 ] ] }, { "metric": { "label.local.controller-revision-hash": "5599999fc7", "label.local.namespace": "contrail-analytics", "label.local.pod-template-generation": "1", "label.remote.namespace": "contrail-analytics" }, "fields": [ "_time", "total_bytes" ], "values": [ [ 1645768800, 23349247 ] ] }, { "metric": { "label.local.app": "collector", "label.local.namespace": "contrail-analytics", "label.remote.controller-revision-hash": "influxdb-7bdd86f8c", "label.remote.namespace": "contrail-analytics" }, "fields": [ "_time", "total_bytes" ], "values": [ [ 1645768800, 10412552 ] ] }, { "metric": { "label.local.app": "opensearch-dashboards", "label.local.namespace": "contrail-analytics", "label.local.release": "contrail-analytics", "label.remote.app": "opensearch", "label.remote.chart": "opensearch", "label.remote.controller-revision-hash": "opensearch-7fcc8df678", "label.remote.namespace": "contrail-analytics", "label.remote.release": "contrail-analytics" }, "fields": [ "_time", "total_bytes" ], "values": [ [ 1645768800, 25152 ] ] } ] } }