Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

SCTP Support for CN2

SUMMARY Juniper® Cloud-Native Contrail Networking (CN2) Release 23.4, supports the Stream Control Transmission Protocol (SCTP). The vRouter acts as a mediator to forward the SCTP traffic between two endpoints.

Overview

SCTP is a connection-oriented network protocol for transmitting multiple streams of data simultaneously between two endpoints that have established a connection in a computer network. SCTP is an Internet Protocol (IP) transport layer protocol. It ensures reliable and in-sequence data transmission so that data units sent over the network arrive completely, and in the right sequence, to the application or user at the endpoint.

SCTP is supported for Data Plane Development Kit (DPDK) and kernel data path.

Verify the Kubernetes Pod Networking

Use this procedure to test the Kubernetes pod networking.

  1. Create two pods using the following example file. On the server pod, the iPerf3 server is running. See the command section in the file.
  2. To test the traffic, run iperf3 -c <server-pod-ip> -p 3386 --sctp on the client pod iperf3-client and server pod iperf3-server.

Apply the Kubernetes Network Policy

Use this procedure to add the Kubernetes network policy.

  1. Apply the following network policy. This policy allows SCTP traffic on only the 3386 ports. Other port traffic will be dropped.

    Apply the network policy using a different port number. This file allows SCTP traffic with port 5201 and other port traffic will be dropped. In this example, traffic from port 3386 will be dropped.

  2. To test the traffic, run the command:

Apply the Contrail Security Policy

Use this procedure to apply or block SCTP traffic using the Contrail security policy.

  1. Apply the following Contrail security policy. This will allow the SCTP traffic with port 3386.
  2. To block SCTP traffic with port 3386, run the following file:
  3. To test the traffic, run the command:

Verify the Kubernetes Service Networking

Use this procedure to verify the Kubernetes service networking.

  1. Create a service and pod behind the service and client pod. See the following example file:

    This will create one pod behind the service.

  2. To test the traffic, run the following command on the sctp-client pod:
  3. Create the Kubernetes network policy for the cluster IP service using the following file:
    This will allow SCTP traffic with port 3386 only and other port traffic will be dropped.
  4. To test the traffic, run the following command on the sctp-server pod: