- play_arrow Configure Kubernetes and Contrail
- play_arrow CN2 Apstra Integration
- play_arrow CN2 Security
- play_arrow Advanced Virtual Networking
- Enable BGP as a Service
- Create an Isolated Namespace
- Configure Allowed Address Pairs
- Enable Packet-Based Forwarding on Virtual Interfaces
- Configure Reverse Path Forwarding on Virtual Interfaces
- vRouter Interface Health Check
- Kubernetes Ingress Support
- Deploy VirtualNetworkRouter in Cloud-Native Contrail Networking
- Configure Inter-Virtual Network Routing Through Route Targets
- Configure IPAM for Pod Networking
- Enable VLAN Subinterface Support on Virtual Interfaces
- EVPN Networking Support
- Customize Virtual Networks for Pod Deployments, Services, and Namespaces
- Deploy Kubevirt DPDK Dataplane Support for VMs
- Pull Kubevirt Images and Deploy Kubevirt Using a Local Registry
- Static Routes
- VPC to CN2 Communication in AWS EKS
- Configure a Service Account to Assume an IAM role
- play_arrow Configure DPDK
- play_arrow Analytics
- Contrail Networking Analytics
- Contrail Networking Metric List
- Kubernetes Metric List
- Cluster Node Metric List
- Contrail Networking Alert List
- vRouter Session Analytics in Contrail Networking
- Centralized Logging
- Port-Based Mirroring
- Configurable Categories of Metrics Collection and Reporting (Tech Preview)
- Juniper CN2 Technology Previews (Tech Previews)
FloatingIP/DNAT for IPv6 Addresses
SUMMARY Juniper Cloud-Native Contrail release 23.1 supports FloatingIP, or Dynamic Network
Address Translation (DNAT), for dual stack-enabled services (ClusterIP)
. This
article provides information about how this feature works in CN2.
Prerequisites
This feature requires the following:- An environment running CN2 release 23.1 or later
- A Kubeadm or Kubespray Kubernetes cluster with dual-stack
featureGate
enabled. For more information, see IPv4 and IPv6 Dual-Stack Networking. - Kubernetes nodes configured with dual stack network interfaces
FloatingIP/DNAT Overview
In CN2, a FloatingIP implements ClusterIP functionality. After you create a service, a FloatingIP is allocated to that service from the service subnet and associated to all the back-end pod VMIs in the cluster. The vRouter performs DNAT for the back-end pods. This process comprises Equal-Cost Multi-Path Routing (ECMP) load balancing, where the back-end pod VMIs act as ECMP paths.DNAT for IPv6 Overview
CN2 release 23.1 supports DNAT (FloatingIP) for IPv4 and IPv6 addresses for the CN2 ClusterIP service. DNAT for IPv6 functions the same as DNAT for IPv4; create a service (ClusterIP), specifyPreferDualStack
for the
ipFamilyPolicy
, and an IPv6 FloatingIP is allocated to that service. The
vRouter performs DNAT and routes traffic to the next hop, or the translated destination
address (back end pod VMI). from external networks to your back-end pod VMIs.Deploy FloatingIP/DNAT
Complete the following steps to deploy this feature.
Configure and install a
Deployment
. TheDeployment
object creates the back-end pods for the ClusterIP service. The following is an exampleDeployment
. ThisDeployment
creates a pod namednginx
with a mountednginx-xconf
config.content_copy zoom_out_mapapiVersion: apps/v1 kind: Deployment metadata: name: nginx namespace: example-clusterip6 spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationSeconds: 2 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationSeconds: 2 containers: - name: nginx image: <repository>:<tag> ports: - containerPort: 8080 volumeMounts: - name: nginx-conf mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true volumes: - name: nginx-conf configMap: name: nginx-conf items: - key: nginx.conf path: nginx.conf
Create a ClusterIP service. The following is an example service.
content_copy zoom_out_mapapiVersion: v1 kind: Service metadata: name: nginx namespace: clusterip6 labels: app: nginx spec: ports: - name: http port: 8080 protocol: TCP targetPort: 8080 selector: app: nginx ipFamilies: - "IPv6"
Note the following fields:
labels
: Identifies back-end pods with theapp: nginx
label
.selector
: Instructs the service to select VMIs belonging to back-end pods the withapp: nginx
label.ipFamilies
: Specifies the IP family the ClusterIP service uses. The default is IPv4. To use both IP families, use the valueIpFamilyPolicy: PreferDualStack
.