vRouter Session Analytics in Contrail Networking
Juniper® Networks supports the collection, storage, and query for vRouter traffic in environments using Cloud-Native Contrail Networking (CN2) Release 22.1 or later in a Kubernetes-orchestrated environment.
Collector Module
CN2 collects user visible entities (UVEs) and traffic information (session) for traffic
analysis and troubleshooting. The collector module stores these objects and
provides APIs to access the collected information.
The CN2 vRouter agent exports data records to the collector when events are created or deleted.
Collector Deployment
The following components are installed in the Contrail cluster in the
contrail namespace (NS):
-
Collector Microservice—Collects incoming events.
-
InfluxDB—A time series database built specifically for storing time series data. Works with Grafana as a visualization tool for time series data.
-
Fluentd—Logging agent that performs log collection, parsing, and distribution to other services such asOpenSearch.
-
OpenSearch—OpenSearch is the search and analytics engine in the AWS OpenSearch Stack, providing real-time search and analytics for all types of data.
-
OpenSearch Dashboards—User interface that lets you visualize your OpenSearch data and navigate the OpenSearch Stack.
Data Collection
Figure 1 shows the data collection.
UVEs
UVEs are stored in OpenSearch in an index named by the name of the UVE.
Session
Session records are stored in InfluxDB. These records are pushed as events from all agents. This data is downsampled for longer duration. Retention periods of live, downsampled table, and downsampling windows are configurable using the configuration.
| Column | Filterable | Detail |
|---|---|---|
vn |
Yes | Client Virtual Network |
vmi |
Yes | Interface |
remote_vn |
Yes | Server Virtual Network |
vrouter_ip |
Yes | Agent IP |
local_ip |
Yes | Client IP |
client_port |
Yes | Client Port |
remote_ip |
Yes | Server IP |
server_port |
Yes | Server Port |
protocol |
Yes | Protocol |
label.local.<label-name> |
Yes | Client Pod Labels (for example, client pod with label site maps to
label.local.site tag in database). |
label.remote.<label-name> |
Yes | Server Pod Labels |
forward_sampled_bytes |
No | Bytes Sent |
forward_sampled_pkts |
No | Packets Sent |
reverse_sampled_bytes |
No | Bytes Received |
reverse_sampled_pkts |
No | Packets Received |
total_bytes |
No | Total Bytes Exchanged |
Configure Data Collection
To configure vRouter agents to send SessionEndpoint messages to the
fluentd service, run the following three commands. Replace
<cluster-ip> with the cluster IP address of the fluentd service in the
contrail-analytics namespace.
kubectl -n contrail patch vrouter contrail-vrouter-masters --type=merge -p '{"spec":{"agent":{"default":{"collectors":["<cluster-ip>:24224"]}}}}'kubectl -n contrail patch vrouter contrail-vrouter-nodes --type=merge -p '{"spec":{"agent":{"default":{"collectors":["<cluster-ip>:24224"]}}}}'kubectl -n contrail patch gvc default-global-vrouter-config --type=merge -p '{"spec":{"flowExportRate": 10000}}'After running the three configuration commands, restart vRouter for the configuration to take effect. To restart vRouter, run the following command:
kubectl -n contrail delete $(kubectl get pods -l 'app in (contrail-vrouter-masters, contrail-vrouter-nodes)' -n contrail -o name)
Collector Query
The collector modules provide a query interface for access.
Run a Query
Example Query
The following query gets total bytes exchanged between unique source-destination pairs (by
labels) in the contrail-analytics namespace:
{
"granularity": 3600,
"column": [
{
"name": "total_bytes",
"aggregation": "sum"
},
{
"name": "/^label.*/",
"regex": true
}
],
"skip_columns": [
"label.remote.pod-template-hash",
"label.local.pod-template-hash"
],
"range":{
"start_time": -3600
},
"filter": [
{
"field": "label.local.namespace",
"operator": "==",
"value": "contrail-analytics"
},
{
"field": "label.remote.namespace",
"operator": "==",
"value": "contrail-analytics"
}
]
}
Example Query Response
{
"status": "success",
"total": 5,
"data": {
"resultType": "matrix",
"result": [
{
"metric": {
"label.local.namespace": "contrail-analytics",
"label.remote.app": "collector",
"label.remote.namespace": "contrail-analytics"
},
"fields": [
"_time",
"total_bytes"
],
"values": [
[
1645768800,
31012095
]
]
},
{
"metric": {
"label.local.namespace": "contrail-analytics",
"label.remote.app": "opensearch",
"label.remote.chart": "opensearch",
"label.remote.controller-revision-hash": "opensearch-7fcc8df678",
"label.remote.namespace": "contrail-analytics",
"label.remote.release": "contrail-analytics"
},
"fields": [
"_time",
"total_bytes"
],
"values": [
[
1645768800,
221493
]
]
},
{
"metric": {
"label.local.controller-revision-hash": "5599999fc7",
"label.local.namespace": "contrail-analytics",
"label.local.pod-template-generation": "1",
"label.remote.namespace": "contrail-analytics"
},
"fields": [
"_time",
"total_bytes"
],
"values": [
[
1645768800,
23349247
]
]
},
{
"metric": {
"label.local.app": "collector",
"label.local.namespace": "contrail-analytics",
"label.remote.controller-revision-hash": "influxdb-7bdd86f8c",
"label.remote.namespace": "contrail-analytics"
},
"fields": [
"_time",
"total_bytes"
],
"values": [
[
1645768800,
10412552
]
]
},
{
"metric": {
"label.local.app": "opensearch-dashboards",
"label.local.namespace": "contrail-analytics",
"label.local.release": "contrail-analytics",
"label.remote.app": "opensearch",
"label.remote.chart": "opensearch",
"label.remote.controller-revision-hash": "opensearch-7fcc8df678",
"label.remote.namespace": "contrail-analytics",
"label.remote.release": "contrail-analytics"
},
"fields": [
"_time",
"total_bytes"
],
"values": [
[
1645768800,
25152
]
]
}
]
}
}