- play_arrow Configure Kubernetes and Contrail
- play_arrow CN2 Apstra Integration
- play_arrow CN2 Security
- play_arrow Configure DPDK
- play_arrow Configure eBPF
- play_arrow Configure Services
- play_arrow Analytics
- Contrail Networking Analytics
- Contrail Networking Metric List
- Kubernetes Metric List
- Cluster Node Metric List
- Contrail Networking Alert List
- vRouter Session Analytics in Contrail Networking
- Extend TLS Analytics
- Centralized Logging
- Port-Based Mirroring
- Flow-Based Mirroring
- Configurable Categories of Metrics Collection and Reporting (Tech Preview)
- Juniper CN2 Technology Previews (Tech Previews)
Configure Allowed Address Pairs
Starting in CN2 Release 22.1 or later, Juniper Networks supports allowed address pairs
(AAPs). Allowed address pairs enables you to add IP/MAC (CIDR) addresses to the guest
interface (VirtualMachineInterface) by using a secondary IP address.
When you create a pod in a cluster, each pod automatically obtains its IP address from the virtual machine (VM) interface. If your pod is not on the same virtual network, you can add an AAP to allow traffic to flow through the port regardless of the subnet. For example, let's say that your pod's IP address is 192.168.2.0. If you define an AAP with subnet 192.168.2.0/24, the AAP allows the pods to communicate with the guest interface. The vRouter then forwards the traffic and advertises reachability to the pod.
To configure an allowed address pair, insert the following attributes into your pod YAML file. For example:
kind: Pod
metadata:
name: my-pod
namespace: my-namespace
annotations:
k8s.v1.cni.cncf.op/networks: |
[
{
"name": "net-a",
"cni-args": {
"net.juniper.contrail.allowedAddressPairs": [{
"ip": 192.168.2.0/24
"mac": "02:3f:66:ad:00:e9",
"addressMode": "active-active"
}],}
...
},
{
"name": "net-b",
...
},
The AllowedAddressPairs attribute contains a list of allowed address pair
definitions, as described in the following table:
| Definition | Description |
|---|---|
| ip | Specify the external pod IP address through which you want to allow traffic to pass. |
| mac | (Optional) Specify the MAC address of the external pod. |
| addressMode | (Optional) Specify a high availability (HA) address mode. Choose from
active/active or active/standby. Active/standby is the default. The addressMode default value is an empty string. Active/standby is used for VRRP addresses. Active/active is used for ECMP. |
In Kubemanager, the PodController watches for Pod events and reads the
interface definitions for each new AAP. The controller then generates an
AllowedAddressPair and adds it to the list of interfaces in the
VirtualMachineInterface.
Alternative Configuration
Alternatively, you can configure AAP interfaces directly from the
VirtualMachineInterface. For example:
kubectl patch --namespace project-kubemanager VirtualMachineInterface $VMINAME -p "$(cat ./aap.yaml)"
The preceding command updates the existing VirtualMachineInterface with
the AAP configuration, as follows:
spec:
allowedAddressPairs:
allowedAddressPair:
- ip:
ipPrefix: 192.0.2.0
ipPrefixLen: 24
