Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's New

Learn about new features introduced in CN2 Release 23.2.

CN2 on Rancher RKE2

CN2 on Upstream Kubernetes

  • Starting in Release 23.2, CN2 is supported on Kubernetes v1.26.

Configure Kubernetes

  • Priority Classes—Starting in Release 23.2, CN2 supports Priority Classes for critical CN2 components. CN2 introduces the PriorityClass object, which lets you map a priority, in the form of an integer value, to a priority class name. CN2's essential components use these default classes so that kube-scheduler prioritizes these pods for scheduling and resource allocation.

    [See Priority Classes for Critical Components].

  • Multi-Cluster Pod Scheduling—Starting in CN2 Release 23.2, CN2 supports network-aware pod scheduling for multi-cluster deployments. CN2 introduces the MetricsConfig controller and the CentralCollector controller. These controllers reconcile and manage a custom metrics collector CR and a central collector CR. These custom resources enable the contrail-scheduler to schedule multi-cluster pods based on important network metrics.

    [See Pod Scheduling for Multi-Cluster Deployments ].

Advanced Virtual Networking

  • Fast Convergence—Starting in Release 23.2, CN2 supports Fast Convergence. CN2 provides an SDN solution that offers network virtualization at the compute node-level through overlay networking. In an SDN, failures can occur in the overlay or in the underlay. The vRouter detects, rectifies, and propagates any failure to the gateways by using health checks. Fast convergence improves the convergence time in case of failures in a cluster managed by CN2.

    [See Configure Fast Convergence in CN2].

  • Graceful Restart and Long-Lived Graceful Restart—Starting in Release 23.2, you can configure graceful restart and long-lived graceful restart (LLRG) in CN2. LLGR is a mechanism used to preserve routing details for a longer period of time in the event of a failed peer. Graceful restart and LLGR ensure that routes learnt are not immediately deleted and withdraw from advertised peers. Instead, the routes are kept and marked as stale. Consequently, if sessions come back up and routes are relearned, the overall impact to the network is minimized.

    [See Configure Graceful Restart and Long-Lived Graceful Restart].

  • BFD Health Check for BGPaaS Sessions—Starting in CN2 Release 23.2, you can configure Bidirectional Forwarding and Detection (BFD) health check for BGP as a Service (BGPaaS) sessions. When you configure BFD health check, you associate the health check service with a BGPaaS object. This association triggers the establishment of BFD sessions to all BGPaaS neighbors for that service. If the BFD session goes down, the resulting BGPaaS session terminates and the routes are withdrawn.

    [See Configure BFD Health Check for BGPaaS Sessions].

  • Stickiness for Load-Balanced Flows—Starting in Release 23.2, CN2 supports flow stickiness. Flow stickiness helps minimize flow remapping across ECMP groups in a load-balanced system. Flow stickiness reduces the flow being remapped and retains the flow with the original path when the ECMP group's member change. When a flow is affected by a member change, the vRouter reprograms the flow table and rebalances the flow.

    [See Stickiness for Load-Balanced Flows].

Analytics

  • Extend TLS to Analytics—Starting in Release 23.2, you can enable TLS certificates for analytics components in CN2. TLS is a security protocol used for certificate exchange, mutual authentication, and negotiating ciphers to secure the stream from potential tampering and eavesdropping. By default, the certificate and secrets for the control plane and vRouter are automatically generated in Contrail certificate manager. When you install the components with Helm, certificate manager automatically creates the certificates and secrets needed for each analytic component.

    [See Extend TLS Analytics].

  • Flow-based traffic mirroring—Starting in CN2 Release 23.2, CN2 can selectively mirror network traffic on the basis of flow when vRouter is in flow mode. This network traffic flow is specified by the security policy and is sent to the network analyzer that monitors and analyzes the data. The network analyzer is specified with mirrorDestination resource. It also supports the mirrorDestination resource present outside the cluster.

    If the security policy defines SecondaryAction at the rule level, then flows matching the rules with mirror destination are mirrored.

    [See Flow-Based Mirroring].

CN2 Pipelines

CN2 Pipelines is a CI/CD tool to enable GitOps-based workflows to automate CN2 configuration, testing, and qualification. CN2 Pipelines runs alongside CN2 clusters starting with CN2 Release 23.1 (Tech Preview). In Release 23.2, CN2 Pipelines supports customer container network functions (CNFs), auto-generates bearer token for authentication, discovers cluster nodes dynamically and uses discovered data during test execution.

[See CN2 Pipelines for GitOps Guide].