Use Case: Configuring Fat Flows from Contrail Command
This topic provides step-by-step instructions to create an in-network service chain and configure fat flows.
A service chain is a set of services that are connected across networks. A service chain consists of service instances, left and right virtual networks, and a service policy attached to the networks. In an in-network service chain, packets are routed between service instance interfaces. When a packet is routed through the service chain, the source address of the packet entering the left interface of the service chain and source address of the packet exiting the right interface is the same. For more information, see Service Chaining. You can also configure fat flows while you create an in-network-NAT or transparent service chain.
Overview
Service Providers provide services to several subscribers and as a result, large volume of flows are processed at the Contrail vRouter-level and Contrail Agent-level. Processing large volume of flows affects the flow setup rate and increases latency. Fat flow helps reduce the number of flows that are handled by Contrail.
Contrail Networking enables you to configure the Ignore Address field that reduces the number of flows. You can also create fat flows by configuring prefix length. Service provider subscribers in a common IP address pool can access any IP address in the pool. With the introduction of prefix-based fat flow, Contrail Networking supports mask processing where you can create flows based on a group of subscribers. This ensures that continuous flows in the same subnet are grouped into a common fat flow that is configured with the same protocol and port numbers. You can apply prefix length-based fat flow on source IP address while the Ignore Address option is configured on the destination IP address, resulting in a reduction of flow processing.
Topology Information
These topologies provide information on how you can configure the Ignore Address field to reduce the number of flows.
Ignore Address - Source, Destination
Figure 1 depicts a scenario where you have selected the following options from the Ignore Address list.
Destination—for the test-left-VN (subscribers network).
Source—for the test-right-VN (service provider network).
Understanding Source and Destination
Source—For packets from the local virtual machine, source refers to the source IP of the packet.
Destination—For packets from the local virtual machine, destination refers to the destination IP of the packet.
By choosing Destination in the subscribers network, the Prefix Aggregation Source fields are enabled in the network. And by choosing Source in the service providers network, the Prefix Aggregation Destination fields are enabled in the network. When you configure Ignore Address, Contrail Networking helps you to aggregate multiple flows into a single flow by ignoring source and/or destination ports.
To create fat flows in subscribers network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Source Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the source subnet. The flows matching the source subnet is aggregated to 192.0.2.X/24 flows.
Similarly to create fat flows in service provider network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Destination Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the destination subnet. The flows matching the destination subnet is aggregated to 192.0.2.X/24 flows.
Ignore Address - None
Figure 2 depicts a scenario where you have selected None from the Ignore Address list.
By choosing None in the subscribers network and service providers network, the Prefix Aggregation Destination fields and Prefix Aggregation Source fields are enabled in both networks.
In this scenario, the subnet that you enter in the Source Subnet field of the subscribers network matches the subnet that you enter in Destination Subnet field of the service providers network. Similarly, the subnet that you enter in the Destination Subnet field of the subscribers network matches the subnet that you enter in the Source Subnet field of the service providers network.
Prerequisites
Before you begin, ensure that the following prerequisites are met.
Hardware Requirements
Processor: 4 core x86
Memory: 32GB RAM
Storage: at least 128GB hard disk
Software Requirements
Contrail Networking Release 5.0 or later
Create three network IPAMs (IP Address Management).
You can create a new Network IPAM by following these steps:
Click Overlay>IPAM.
The IP Address Management page is displayed.
Click Create to create a new network IPAM.
In the Name field, enter a name for the IPAM.
For left network, enter test-left-IPAM. For right network, enter test-right-IPAM. For management network, enter mgmt-right-IPAM.
Select Default from the DNS list.
Enter valid IP address in the NTP Server IP field.
Enter domain name in the Domain Name field.
Click Create.
The IP Address Management page is displayed.
Getting Started
The instructions provided in the topics given below will help you to
Create the following virtual networks:
Left Virtual Network
Right Virtual Network
Management Virtual Network
For steps to create virtual networks, see Create Virtual Network.
Create three virtual machines.
Each virtual machine must be created with left, right, and management interfaces.
Left Virtual Machine
Right Virtual Machine
Management Virtual Machine
For steps to create virtual machines by using OpenStack, see Create Virtual Machines by using OpenStack.
For steps to create virtual machines by using Contrail Command, see Create Virtual Machines by using Contrail Command.
Create a service template.
For steps to create a service template, see Create Service Template.
Add a service instance.
For steps to add a service instance, see Add Service Instance.
Configure fat flows for these virtual networks.
Left Virtual Network
Right Virtual Network
For steps to configure fat flows, see Configure Fat Flow.
Create a service policy for the left virtual network and right virtual network.
For steps to create a service policy, see Create Service Policy.
Attach the service policy to the left virtual network and right virtual network.
For steps to attach a service policy to a virtual network, see Attach Service Policy.
Ping right virtual machine from left virtual machine.
For steps to ping the right virtual machine by using OpenStack, see Launch a Virtual Machine from OpenStack.
For steps to ping the right virtual machine by using Contrail Command, see Launch a Virtual Machine from Contrail Command.
Configuration
These topics provide instructions to configure fat flows by creating an in-network service chain.
- Create Virtual Network
- Create Virtual Machine
- Create Service Template
- Add Service Instance
- Configure Fat Flow
- Create Service Policy
- Attach Service Policy
- Launch Virtual Machine
Create Virtual Network
Create Virtual Machine
You use OpenStack or Contrail Command to create virtual machines for left, right, and management networks. You create the virtual networks with left, right, and management interfaces.
Create Virtual Machines by using OpenStack
Create Service Template
Follow these steps to create a service template by using the Contrail Command UI:
Add Service Instance
Follow these steps to add a service instance by using the Contrail Command UI:
Configure Fat Flow
You can also configure fat flow at the virtual network (VN) level of Contrail Networking. When you configure fat flow from the VN level, the fat flow configuration is applied to all VMIs under the configured VN.
For more information, see Fat Flows.
Follow these steps to configure fat flows by using the Contrail Command UI.
Create Service Policy
Follow these steps to create a service policy by using the Contrail Command UI.
Attach Service Policy
Follow these steps to attach a service policy:
Launch Virtual Machine
You can launch a virtual machine from OpenStack or from Contrail Command UI.
Launch a Virtual Machine from OpenStack
You can launch virtual machines from OpenStack and test the traffic through the service chain by doing the following:
Launch a Virtual Machine from Contrail Command
You can launch virtual machines from Contrail Command and test the traffic through the service chain by doing the following: