Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Use Case: Configuring Fat Flows from Contrail Command

This topic provides step-by-step instructions to create an in-network service chain and configure fat flows.

A service chain is a set of services that are connected across networks. A service chain consists of service instances, left and right virtual networks, and a service policy attached to the networks. In an in-network service chain, packets are routed between service instance interfaces. When a packet is routed through the service chain, the source address of the packet entering the left interface of the service chain and source address of the packet exiting the right interface is the same. For more information, see Service Chaining. You can also configure fat flows while you create an in-network-NAT or transparent service chain.

Overview

Service Providers provide services to several subscribers and as a result, large volume of flows are processed at the Contrail vRouter-level and Contrail Agent-level. Processing large volume of flows affects the flow setup rate and increases latency. Fat flow helps reduce the number of flows that are handled by Contrail.

Contrail Networking enables you to configure the Ignore Address field that reduces the number of flows. You can also create fat flows by configuring prefix length. Service provider subscribers in a common IP address pool can access any IP address in the pool. Contrail Networking also supports prefix-based fat flows. Prefix-based fat flow supports mask processing, where you can create flows based on a group of subscribers. This ensures that continuous flows in the same subnet are grouped into a common fat flow that is configured with the same protocol and port numbers. You can apply prefix length-based fat flow on source IP address while the Ignore Address option is configured on the destination IP address, resulting in a reduction of flow processing.

Topology Information

These topologies provide information on how you can configure the Ignore Address field to reduce the number of flows.

Ignore Address - Source, Destination

Figure 1 depicts a scenario where you have selected the following options from the Ignore Address list.

  • Destination—for the test-left-VN (subscribers network).

  • Source—for the test-right-VN (service provider network).

Figure 1: Ignore Source, DestinationIgnore Source, Destination

Understanding Source and Destination

  • Source—For packets from the local virtual machine, source refers to the source IP of the packet.

  • Destination—For packets from the local virtual machine, destination refers to the destination IP of the packet.

By choosing Destination in the subscribers network, the Prefix Aggregation Source fields are enabled in the network. And by choosing Source in the service providers network, the Prefix Aggregation Destination fields are enabled in the network. When you configure Ignore Address, Contrail Networking helps you to aggregate multiple flows into a single flow by ignoring source and/or destination ports.

To create fat flows in subscribers network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Source Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the source subnet. The flows matching the source subnet is aggregated to 192.0.2.X/24 flows.

Similarly to create fat flows in service provider network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Destination Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the destination subnet. The flows matching the destination subnet is aggregated to 192.0.2.X/24 flows.

Ignore Address - None

Figure 2 depicts a scenario where you have selected None from the Ignore Address list.

Figure 2: Ignore NoneIgnore None

By choosing None in the subscribers network and service providers network, the Prefix Aggregation Destination fields and Prefix Aggregation Source fields are enabled in both networks.

In this scenario, the subnet that you enter in the Source Subnet field of the subscribers network matches the subnet that you enter in Destination Subnet field of the service providers network. Similarly, the subnet that you enter in the Destination Subnet field of the subscribers network matches the subnet that you enter in the Source Subnet field of the service providers network.

Prerequisites

Before you begin, ensure that the following prerequisites are met.

  • Hardware Requirements

    • Processor: 4 core x86

    • Memory: 32GB RAM

    • Storage: at least 128GB hard disk

  • Software Requirements

    • Contrail Networking Release 5.0 or later

  • Create three network IPAMs (IP Address Management).

    You can create a new Network IPAM by following these steps:

    1. Click Overlay>IPAM.

      The IP Address Management page is displayed.

    2. Click Create to create a new network IPAM.

    3. In the Name field, enter a name for the IPAM.

      For left network, enter test-left-IPAM. For right network, enter test-right-IPAM. For management network, enter mgmt-right-IPAM.

    4. Select Default from the DNS list.

    5. Enter valid IP address in the NTP Server IP field.

    6. Enter domain name in the Domain Name field.

    7. Click Create.

      The IP Address Management page is displayed.

Getting Started

The instructions provided in the topics given below will help you to

  1. Create the following virtual networks:

    • Left Virtual Network

    • Right Virtual Network

    • Management Virtual Network

    For steps to create virtual networks, see Create Virtual Network.

  2. Create three virtual machines.

    Each virtual machine must be created with left, right, and management interfaces.

    • Left Virtual Machine

    • Right Virtual Machine

    • Management Virtual Machine

    For steps to create virtual machines by using OpenStack, see Create Virtual Machines by using OpenStack.

    For steps to create virtual machines by using Contrail Command, see Create Virtual Machines by using Contrail Command.

  3. Create a service template.

    For steps to create a service template, see Create Service Template.

  4. Add a service instance.

    For steps to add a service instance, see Add Service Instance.

  5. Configure fat flows for these virtual networks.

    • Left Virtual Network

    • Right Virtual Network

    For steps to configure fat flows, see Configure Fat Flow.

  6. Create a service policy for the left virtual network and right virtual network.

    For steps to create a service policy, see Create Service Policy.

  7. Attach the service policy to the left virtual network and right virtual network.

    For steps to attach a service policy to a virtual network, see Attach Service Policy.

  8. Ping right virtual machine from left virtual machine.

    For steps to ping the right virtual machine by using OpenStack, see Launch a Virtual Machine from OpenStack.

    For steps to ping the right virtual machine by using Contrail Command, see Launch a Virtual Machine from Contrail Command.

Configuration

These topics provide instructions to configure fat flows by creating an in-network service chain.

Create Virtual Network

Use the Contrail Command UI to create a left virtual network, right virtual network, and management virtual network.

To create a left virtual network:

  1. Click Overlay>Virtual Networks.

    The All Networks page is displayed.

  2. Click Create to create a network.

    The Create Virtual Network page is displayed.

  3. In the Name field enter test-left-VN for the left virtual network.
  4. Select (Default) User defined subnet only from the Allocation Mode list.
  5. Click +Add in the Subnets section to add subnets.

    In the row that is displayed,

    1. Click the arrow in the Network IPAM field and select left-ipam for the left virtual network.

      For the right virtual network, select right-ipam and for the management network, select mgmt-ipam.

      Note:

      Management network is not used to route packets. This network is used to help debug issues with the virtual machine.

  6. Enter 192.0.2.0/24 in the CIDR field.
  7. Click Create.

    The All Networks page is displayed. All virtual networks that you created are displayed in this page.

Repeat steps 2 through 7 to create the right virtual network (test-right-VN) and management virtual network (test-mgmt-VN).

Create Virtual Machine

You use OpenStack or Contrail Command to create virtual machines for left, right, and management networks. You create the virtual networks with left, right, and management interfaces.

Create Virtual Machines by using OpenStack

Follow these steps to create left virtual machine by using OpenStack.

  1. Click Project>Compute>Instances.

    The Instances page is displayed.

  2. Click Launch Instance to create an instance.

    The Details tab of the Launch Instance page is displayed.

  3. Enter test-left-VM for the left virtual machine in the Instance Name field and click the Source tab.

    The Source tab of the Launch Instance page is displayed.

  4. Select an vSRX image from the Available list by clicking the add (+) icon next to the image file.
  5. Click the Flavor tab.

    The Flavor tab of the Launch Instance page is displayed.

    Note:

    vSRX image with M1.large flavor is recommended for in-network virtual machine.

  6. Select M1.large as the flavor from the Available list by clicking the add (+) icon next to the flavor name.
  7. Click the Networks tab.

    The Network tab of the Launch Instance page is displayed.

  8. Select a network you want to associate with the virtual machine instance by clicking the add (+) icon next to the network name.

    For the left virtual machine, select test-left-VN. For the right virtual machine, select test-right-VN. For the management virtual machine, select test-mgmt-VN.

  9. Click Launch Instance to launch the virtual machine instance.

    The Instances page is displayed.

    All virtual machine instances that you created are displayed on the Instances page.

Repeat steps 2 through 9 to create the right virtual machine (test-right-VM) and management virtual machine (test-mgmt-VM).

Create Virtual Machines by using Contrail Command

Follow these steps to create a left virtual machine by using the Contrail Command UI.

  1. Click Workloads > Instances.

    The Instances page is displayed.

  2. Click Create.

    The Create Instance page is displayed.

  3. Select Virtual Machine option button as the serve type.
  4. Enter test-left-VM for the left virtual machine in the Instance Name field.
  5. Select Image as the boot source from the Select Boot Source list.
    Note:

    vSRX image with M1.large flavor is recommended for in-network virtual machine.

  6. Select vSRX image file from the Select Image list.
  7. Select M1.large flavor from the Select Flavor list.
  8. Select the network you want to associate with the left virtual machine by clicking > next to the name of the virtual machine listed in the Available Networks table.

    For the left virtual machine, select test-left-VN. For the right virtual machine, select test-right-VN. For the management virtual machine, select test-mgmt-VN.

    The network is added to the Allocated Networks table.

  9. Select nova from the Availability Zone list.
    Note:

    You can choose any other availability zone.

  10. Select 5 from the Count (1-10) list.
    Note:

    You can choose any value from 1 through 10.

  11. Click Create to launch the left virtual machine instance.

    The Instances page is displayed. The virtual machine instances that you created are listed on the Instances page.

Repeat steps 2 through 11 to create right virtual machine instance (test-right-VM) and management virtual machine instance (test-mgmt-VM).

Create Service Template

Follow these steps to create a service template by using the Contrail Command UI:

  1. Click Services>Catalog.

    The VNF Service Templates page is displayed.

  2. Click Create.

    The Create VNF Service Template page is displayed.

  3. Enter test-service-template in the Name field.
  4. Select v2 as the version type.
    Note:

    Contrail Networking supports only Service Chain Version 2 (v2).

  5. Select Virtual Machine as the virtualization type.
  6. Select In-Network as the service mode.
  7. Select Firewall as the service type.
  8. From the Interface section,

    • Select left as the interface type from the Interface Type list.

    • Click + Add.

      The Interface Type list is added to the table.

      Select right as the interface type.

    • Click + Add again.

      Another Interface Type list is added to the table.

      Select management as the interface type.

    Note:

    The interfaces created on the virtual machine must follow the same sequence as that of the interfaces in the service template.

    Figure 3: Adding InterfacesAdding Interfaces
  9. Click Create to create the service template.

    The VNF Service Templates page is displayed. The service template that you created is displayed in the VNF Service Templates page.

Add Service Instance

Follow these steps to add a service instance by using the Contrail Command UI:

  1. Click Services>Deployments.

    The VNF Service Instances page is displayed.

  2. Click Create.

    The Create VNF Service Instance page is displayed.

  3. Enter test-service-instance in the Name field.
  4. Select test-service-template - [in-network, (left, right, management)] - v2 from the Service Template list.

    The Interface Type and Virtual Network fields are displayed.

  5. Select the virtual network for each interface type as given below.

    • left—Select the left virtual network (test-left-VN) that you created.

    • right—Select the right virtual network (test-right-VN) that you created.

    • management—Select the management virtual network (test-management-VN) that you created.

    Figure 4: Adding Service InstanceAdding Service Instance
  6. Click Create to create the service instance.

    The VNF Service Instances page is displayed. The service instance that you created is displayed in the VNF Service Instances page.

Configure Fat Flow

In Contrail Networking, you can configure fat flow at the virtual network (VN) level. When you configure fat flow from the VN level, the fat flow configuration is applied to all VMIs under the configured VN.

For more information, see Fat Flows.

Follow these steps to configure fat flows by using the Contrail Command UI.

  1. Click Overlay>Virtual Networks.

    The Virtual Networks page is displayed.

  2. Select test-left-VN by selecting the check box next to the name of the virtual network, and then click the Edit icon.

    The Edit Virtual Network page is displayed.

    Note:

    You must configure fat flows on all the virtual networks that you created.

  3. Click Fat Flow(s) to display the fields that you can edit.

    You can edit the fields listed in Table 1.

    Table 1: Edit Fat Flow(s)

    Field

    Action

    Protocol

    Select ICMP from the Protocol list.

    You can select ICMP for both IPv4 and IPv6 traffic.

    Port

    Edit the Port field to any value between 0 through 65,535.

    Enter 0 to ignore both source and destination port numbers.

    Note:

    If you select ICMP as the protocol, the PORT field is not enabled.

    Ignore Address

    Select None from the Ignore Address list.

    For more information on Destination and Source options, see Fat Flows.

    Note:

    Fat flow in Contrail Networking supports aggregation of multiple flows into a single flow by ignoring source and destination ports or IP addresses.

    Prefix Aggregation Source

    Source Subnet

    For test-left-VN, enter 192.0.2.0/24 in the Source Subnet field. See Figure 5.

    For test-right-VN, enter 198.51.100.0/24 in the Source Subnet field. See Figure 6.

    Prefix

    Enter 24 in the Prefix field.

    Prefix Aggregation Destination

    Destination Subnet

    For test-left-VN, enter 198.51.100.0/24 in the Source Subnet field. See Figure 5.

    For test-right-VN, enter 192.0.2.0/24 in the Source Subnet field. See Figure 6.

    Prefix

    Enter 24 in the Prefix field.
    Figure 5: Configure Fat Flows for test-left-VNConfigure Fat Flows for test-left-VN
    Figure 6: Configure Fat Flows for test-right-VNConfigure Fat Flows for test-right-VN
  4. Click Save to update new configuration information.

    The All Networks page is displayed.

    Repeat steps 2 through 4 to configure fat flows for the test-right-VN.

Create Service Policy

Follow these steps to create a service policy by using the Contrail Command UI.

  1. Click Overlay > Network Policies.

    The Network Policies page is displayed.

  2. Click Create.

    The Network Policy tab of the Create Network Policy page is displayed.

  3. Enter test-network-policy in the Policy Name field.
  4. In the Policy Rule(s) section,

    • Select pass from the Action list.

    • Select ANY from the Protocol list.

    • Select Network from the Source Type list.

    • Select the test-left-VN from the Source list.

    • In the Source Port field, leave the default option, Any, as is.

    • Select < > from the Direction list.

    • Select Network from the Destination Type list.

    • Select the test-right-VNfrom the Destination list.

    • In the Destination Ports field, leave the default option, Any, as is.

  5. Click Create to create the service policy.

    The Network Policies page is displayed. All policies that you created are displayed in the Network Policies page.

Attach Service Policy

Follow these steps to attach a service policy:

  1. Click Overlay>Virtual Networks.

    The All networks page is displayed.

  2. Attach service policy to the left virtual network (test-left-VN) and right virtual network (test-right-VN) that you created.

    To attach service policy,

    1. Select the check box next to the name of the virtual network.
    2. Hover over to the end of the selected row and click the Edit icon.

      The Edit Virtual Network page is displayed.

    3. Select the network policy from the Network Policies list.
  3. Click Save to save the changes.

    The Virtual Networks page is displayed.

Launch Virtual Machine

You can launch a virtual machine from OpenStack or from Contrail Command UI.

Launch a Virtual Machine from OpenStack

You can launch virtual machines from OpenStack and test the traffic through the service chain by doing the following:

  1. Launch the left virtual machine in left virtual network. See Create Virtual Machines by using OpenStack.
  2. Launch the right virtual machine in right virtual network. See Create Virtual Machines by using OpenStack.
  3. Ping the left virtual machine IP address from the right virtual machine.

    Follow these steps to ping a virtual machine:

    1. Click Project > Compute > Instances.

      All virtual machine instances that you created are displayed on the Instances page.

    2. From the list of virtual machines, click test-right-VM.

      The Overview tab of the test-right-VM is displayed.

    3. Click the Console tab.

      The Instance Console is displayed.

    4. Log in using the root user credentials.

    5. Ping the left virtual machine IP address (190.0.2.3) from the Instance Console.

      See Figure 7 for a sample output.

Launch a Virtual Machine from Contrail Command

You can launch virtual machines from Contrail Command and test the traffic through the service chain by doing the following:

  1. Launch the left virtual machine in left virtual network. See Create Virtual Machines by using Contrail Command.
  2. Launch the right virtual machine in right virtual network. See Create Virtual Machines by using Contrail Command.
  3. Ping the left virtual machine IP address from the right virtual machine.

    Follow these steps to ping a virtual machine:

    1. Click Workloads>Instances.

      The Instances page is displayed.

    2. Click the open console icon next to test-right-VM.

      The Console page is displayed.

    3. Log in using the root user credentials.
    4. Ping the left virtual machine IP address (190.0.2.3) from the Console.

      See Figure 7 for a sample output.

    Figure 7: Ping test-left-VMPing test-left-VM

Related Documentation