- play_arrow Configure Kubernetes and Contrail
- play_arrow CN2 Apstra Integration
- play_arrow CN2 Security
- play_arrow Configure DPDK
- play_arrow Configure eBPF
- play_arrow Configure Services
- play_arrow Analytics
- Contrail Networking Analytics
- Contrail Networking Metric List
- Kubernetes Metric List
- Cluster Node Metric List
- Contrail Networking Alert List
- vRouter Session Analytics in Contrail Networking
- Extend TLS Analytics
- Centralized Logging
- Port-Based Mirroring
- Flow-Based Mirroring
- Configurable Categories of Metrics Collection and Reporting (Tech Preview)
- Juniper CN2 Technology Previews (Tech Previews)
Enable VLAN Subinterface Support on Virtual Interfaces
SUMMARY Virtualized Network Function (VNF) and Containerized Network Function (CNF) workloads often require multiple virtual network services on a single interface. Cloud-Native Contrail® Networking™ supports VLAN subinterfaces on virtual interfaces.
VLAN Subinterface Overview
A VLAN subinterface is a logical division of a virtual (or physical) interface at the network level. VLAN subinterfaces are Layer 3 interfaces that receive and forward 802.1Q VLAN tags. You can assign multiple VLAN tags to a single virtual interface. When a packet arrives at that interface, the packet's associated VLAN tags designate which VLAN the packet routes to. You can use VLAN subinterfaces to route traffic to multiple VLANs for your services.
API Changes
This section provides information about API calls that occur when configuring a VLAN subinterface.
When configuring VLAN subinterfaces in Cloud-Native Contrail Networking, Kubernetes updates
the VirtualMachineInterface field with new properties, or
VLAN tags. After an update occurs, the VirtualMachineInterface object
references other VirtualMachineInterface objects based on existing VLAN
tags.
Cloud-Native Contrail Networking defines the properties field from
Contrail Classic as virtualMachineInterfaceProperties.
Network Definition Changes
This section provides information about the network definition enhancements necessary when creating a subinterface for a virtual interface within a pod.
In kube-manager, the PodController watching for pod
events reads the network definition applied to it. Kube-manager parses each
network selection element and creates an associated VMI (virtual machine interface). Parent
VMIs are the network elements with only the
net.juniper.contrail.interfacegroup tag attached in the YAML file.
Subinterfaces are the network elements with the
net.juniper.contrail.interfacegroup and
net.juniper.contrail.vlan tags attached in the YAML
file.
The following two tags enhance the network definition in the cni-args
section:
net.juniper.contrail.interfacegroupInterface Group groups two or more interfaces.
The parent interface is the network selection element associated with only this tag.
The subinterface is the network selection element associated with this tag and a VLAN tag.
net.juniper.contrail.vlanSpecifies the VLANID on the subinterface.
.
A VLAN subinterface belongs to its parent interface. Users must specify the namespace to which the subinterface attaches. Consider the following example:
Example
apiVersion: v1
kind: Pod
metadata:
name: my-pod
namespace: my-namespace
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "parent-vn",
"namespace": "vn-ns",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"}
...
},
{
"name": "subitf-vn",
"namespace": "vn-ns",
"cni-args": {
"net.juniper.contrail.vlan": 100,
"net.juniper.contrail.interfacegroup": "eth1"},
...
},
...
The preceding example shows specified pod annotations for cni-args. This
example configuration creates the following three VMIs and three interface IPs (IIPs) within
the pod:
VMI, IIP for eth0 on default pod network
VMI, IIP for eth1 on
parent-vn(parent interface)VMI, IIP for eth1.100 on
subitf-vn(subinterface)
Configuration Use Cases
This section provides examples of different valid and invalid parent and subinterface configurations.
Valid Configurations
Invalid Configurations
Valid Configuration 1: One Parent, One Subinterface:
apiVersion: v1
kind: Pod
metadata:
name: vlan100-0
namespace: vlan-project
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "vlan-parent-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "100",
"net.juniper.contrail.interfacegroup": "eth1"
}
},
...
Valid Configuration 2: One Parent, Multiple Subinterfaces:
apiVersion: v1
kind: Pod
metadata:
name: vlan100-0
namespace: vlan-project
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "vlan-parent-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn2",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "200",
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "100",
"net.juniper.contrail.interfacegroup": "eth1"
}
}
]
Valid Configuration 3: Multiple Parents, Multiple Subinterfaces:
apiVersion: v1
kind: Pod
metadata:
name: vlan100-0
namespace: vlan-project
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "vlan-parent-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn2",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "200",
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "100",
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vlan-subintf-vn4",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "100",
"net.juniper.contrail.interfacegroup": "eth2"
}
},
{
"name": "vlan-subintf-vn3",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth2"
}
}
]
Invalid Configuration 1: Multiple Interfaces on Same Network:
apiVersion: v1
kind: Pod
metadata:
name: vlan100-0
namespace: vlan-project
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "vn1",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vn1",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.vlan": "200",
"net.juniper.contrail.interfacegroup": "eth1"
}
},
]
Invalid Configuration 2: Two Interfaces with Same interfacegroup but
no VLAN
apiVersion: v1
kind: Pod
metadata:
name: vlan100-0
namespace: vlan-project
annotations:
k8s.v1.cni.cncf.io/networks: |
[
{
"name": "vn1",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
{
"name": "vn2",
"namespace": "vlan-project",
"cni-args": {
"net.juniper.contrail.interfacegroup": "eth1"
}
},
]
