Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

external-header-nav
keyboard_arrow_up
list Table of Contents
file_download PDF
keyboard_arrow_right

Deployment Models

date_range 20-Apr-23

SUMMARY Learn about single cluster and multi-cluster CN2.

Single Cluster Deployment

Cloud-Native Contrail Networking (CN2) is available as an integrated networking platform in a single Amazon EKS cluster, watching where workloads are instantiated and connecting those workloads to the appropriate overlay networks.

In a single-cluster deployment on Amazon EKS (Figure 1), the Contrail controller sits in chosen worker nodes and provides the network configuration and network control planes for the host cluster. The Contrail data plane components sit in all worker nodes and provide the packet send and receive function for the workloads.

Figure 1: Single Cluster Deployment Single Cluster Deployment

Multi-Cluster Deployment

In a multi-cluster deployment (Figure 2), the Contrail controller resides in its own Amazon EKS cluster and provides networking to other clusters. The Amazon EKS cluster that the Contrail controller resides in is called the central cluster. The Amazon EKS clusters that house the workloads are called the distributed workload clusters.

Figure 2: Multi-Cluster Deployment Multi-Cluster Deployment

Centralizing the networking in this way makes the networking easier to configure and manage and easier to apply consistent network policy and security.

Figure 2 provides more detail on this setup. The Contrail controller sits in the central cluster and contains a kubemanager for each distributed workload cluster that it serves. The distributed workload cluster runs the workloads and contains the Contrail vRouter.

Figure 3: Multi-Cluster Components Multi-Cluster Components

The multi-cluster Contrail controller differs from the single-cluster Contrail controller in two main ways:

  • The multi-cluster Contrail controller has a contrail-k8s-kubemanager pod instantiated for each distributed workload cluster. As part of the procedure to connect a distributed workload cluster to the central cluster, you explicitly create and assign a contrail-k8s-kubemanager deployment that watches for changes to resources that affect its assigned workload cluster.
  • The multi-cluster Contrail controller uses multi-cluster watch technology to detect changes in the distributed workload clusters.

The function of the multi-cluster contrail-k8s-kubemanager pod is identical to its single-cluster counterpart. It watches for changes to regular Kubernetes resources that affect its assigned cluster and acts on the changes accordingly.

All other Contrail components in a multi-cluster deployment behave in the same way as in a single-cluster deployment. The network control plane, for example, communicates with data plane components using XMPP, outside of regular Kubernetes REST channels. Because of this, the network control plane is indifferent to whether the data plane components that it communicates with reside in the same cluster or in different clusters. The only requirement is that the data plane components are reachable.

external-footer-nav