- play_arrow Overview
- play_arrow Understanding Contrail Controller
-
- play_arrow Installing and Upgrading Contrail
- play_arrow Supported Platforms and Server Requirements
- play_arrow Installing Contrail and Provisioning Roles
- Introduction to Containerized Contrail Modules
- Downloading Installation Software
- Installing the Operating System and Contrail Packages
- Installing Containerized Contrail Clusters Using Server Manager
- Installing Containerized Contrail Using Server Manager Lite (SM-Lite)
- Supporting Multiple Interfaces on Servers and Nodes
- Configuring the Control Node with BGP
- Adding a New Node to an Existing Containerized Contrail Cluster
- Using contrailctl to Configure Services Within Containers
- Contrail Global Controller
- Role and Resource-Based Access Control
- play_arrow Installation and Configuration Scenarios
- Setting Up and Using a Simple Virtual Gateway with Contrail 4.0
- Simple Underlay Connectivity without Gateway
- Configuring MD5 Authentication for BGP Sessions
- Configuring the Data Plane Development Kit (DPDK) Integrated with Contrail vRouter
- Configuring Single Root I/O Virtualization (SR-IOV)
- Provisioning DPDK SRIOV with Server Manager
- Configuring Virtual Networks for Hub-and-Spoke Topology
- Configuring Transport Layer Security-Based XMPP in Contrail
- Configuring Graceful Restart and Long-lived Graceful Restart
- play_arrow Using Contrail with Kubernetes
- play_arrow Using VMware vCenter with Containerized Contrail, Release 4.0.1 and Greater
- play_arrow Using Contrail with Red Hat
- Deploying Contrail with Red Hat OpenStack Platform Director 10
- Installing Red Hat OpenShift Container Platform with Contrail Networking
- Upgrade Procedure for RHOSP-based Contrail 3.2.x to Contrail 4.1
- Upgrade Procedure for RHOSP-based Contrail 4.1.1 to Contrail 4.1.2
- Upgrade Procedure for RHOSP-based Contrail 4.1.2 to Contrail 4.1.3
- Upgrade Procedure for RHOSP-based Contrail 4.1.3 to Contrail 4.1.4
- Restoring Contrail Nodes in a RHOSP-based Environment
- play_arrow Using Server Manager to Automate Provisioning
- play_arrow Extending Contrail to Physical Routers, Bare Metal Servers, Switches, and Interfaces
- Using ToR Switches and OVSDB to Extend the Contrail Cluster to Other Instances
- Configuring High Availability for the Contrail OVSDB ToR Agent
- Using Device Manager to Manage Physical Routers
- SR-IOV VF as the Physical Interface of vRouter
- Using Gateway Mode to Support Remote Instances
- REST APIs for Extending the Contrail Cluster to Physical Routers, and Physical and Logical Interfaces
- play_arrow Installing and Using Contrail Storage
- play_arrow Upgrading Contrail Software
- Upgrading Contrail 4.0 to 4.1
- Upgrade Procedure for RHOSP-based Contrail 4.1.2 to Contrail 4.1.3
- Upgrade Procedure for Ubuntu-based Contrail 4.1.3 to Contrail 4.1.4 Using Juju with Netronome SmartNIC
- Upgrade Procedure for RHOSP-based Contrail 4.1.3 to Contrail 4.1.4
- Dynamic Kernel Module Support (DKMS) for vRouter
- Backup and Restore Contrail Configuration Database
-
- play_arrow Monitoring and Troubleshooting Contrail
- play_arrow Configuring Traffic Mirroring to Monitor Network Traffic
- play_arrow Understanding Contrail Analytics
- play_arrow Configuring Contrail Analytics
- Analytics Scalability
- High Availability for Analytics
- Role-Based Access Control for Analytics
- System Log Receiver in Contrail Analytics
- Sending Flow Messages to the Contrail System Log
- More Efficient Flow Queries
- Ceilometer Support in a Contrail Cloud
- User Configuration for Analytics Alarms and Log Statistics
- Alarms History
- Node Memory and CPU Information
- Role- and Resource-Based Access Control for the Contrail Analytics API
- Configuring Analytics as a Standalone Solution
- Configuring Secure Sandesh and Introspect for Contrail Analytics
- play_arrow Using Contrail Analytics to Monitor and Troubleshoot the Network
- Monitoring the System
- Debugging Processes Using the Contrail Introspect Feature
- Monitor > Infrastructure > Dashboard
- Monitor > Infrastructure > Control Nodes
- Monitor > Infrastructure > Virtual Routers
- Monitor > Infrastructure > Analytics Nodes
- Monitor > Infrastructure > Config Nodes
- Monitor > Networking
- Query > Flows
- Query > Logs
- Understanding Flow Sampling
- Example: Debugging Connectivity Using Monitoring for Troubleshooting
- play_arrow Common Support Answers
-
- play_arrow Contrail Commands and APIs
- play_arrow Contrail Commands
- play_arrow Contrail Application Programming Interfaces (APIs)
-
Example: Creating a Transparent Service Chain
This example provides step-by-step instructions to create a transparent service chain by using the Contrail user interface.
Hardware and Software Requirements
The following are the minimum requirements needed:
Hardware
Processor: 4 core x86
Memory: 32GB RAM
Storage: at least 128GB hard disk
Software
Contrail Release 3.2 or later
Overview
A service chain is a set of services that are connected across networks. A service chain consists of service instances, left and right virtual networks, and a service policy attached to the networks. A service chain can have in-network services, in-network-nat services, and transparent services. A transparent service chain is used for services that do not modify packets that are bridged between service instance interfaces. For more information, see Service Chaining.
Configuration
These topics provide instructions to create a transparent service chain.
- Create Primary Virtual Network
- Create Secondary Virtual Network
- Create Virtual Machine
- Configure Service Template
- Add Service Instance
- Create Service Policy
- Attach Service Policy
- Launch Virtual Machine
Create Primary Virtual Network
Step-by-Step Procedure
Use the Contrail user interface to create three primary virtual networks-–left virtual network, right virtual network, and management virtual network. You attach service policies to the primary virtual networks that you create.
To create a virtual network:
Click Configure>Networking>Networks.
The Networks page is displayed.
Figure 1: Networks PageClick the add (+) icon to create a network.
The Network tab of the Create page is displayed.
Figure 2: Create PageEnter a name for the network in the Name field.
Click Subnets and click add (+) to add subnets.
Step-by-Step Procedure
In the row that is displayed:
Click the arrow in the IPAM field and select the left-ipam that you created for that left virtual network, or select the right-ipam that you created for the right virtual network, or select the mgmt-ipam that you created for the management network.
Management network is not used to route packets. This network is used to help debug issues with the virtual machine.
Note:You can also create a new IPAM by following the steps given below:
Step-by-Step Procedure
Click Configure>Networking>IP Address Management and click the add (+) icon.
The IPAM tab of the Create page is displayed.
In the Name field, enter a name for the IPAM.
Click Save.
The IP Address Management page is displayed.
In the CIDR field, enter valid IPv4 or IPv6 subnet or mask.
Click Save.
The Networks page is displayed. All virtual networks that you created are displayed in the Networks page.
Create Secondary Virtual Network
Step-by-Step Procedure
Use the Contrail user interface to create three secondary virtual networks-–left virtual network, right virtual network, and management virtual network. You associate the secondary virtual network to the transparent service instance that you create. For more information on creating virtual networks, see Create Primary Virtual Network.
Create Virtual Machine
Step-by-Step Procedure
You use OpenStack to create virtual machines with left, right, and management interfaces.
Follow these steps to create virtual machines for left, right, and management networks.
Click Project>Compute>Instances.
The Instances page is displayed.
Figure 3: Instances PageClick Launch Instance to create an instance.
The Details tab of the Launch Instance page is displayed.
Figure 4: Launch InstanceEnter a name for the virtual machine in the Instance Name field and click the Source tab.
The Source tab of the Launch Instance page is displayed.
Select an image file from the Available list by clicking the add (+) icon next to the image file.
Click the Flavor tab. See Figure 4.
The Flavor tab of the Launch Instance page is displayed.
Select a flavor from the Available list by clicking the add (+) icon next to the flavor name.
Click the Networks tab. See Figure 4.
The Network tab of the Launch Instance page is displayed.
Select the secondary network you want to associate with the virtual machine instance by clicking the add (+) icon next to the network name.
Click Launch Instance to launch the virtual machine instance. See Figure 4.
The Instances page is displayed.
All virtual machine instances that you created are displayed on the Instances page.
Configure Service Template
Step-by-Step Procedure
Follow these steps to configure a service template:
Click Configure>Services>Service Templates.
The Service Templates page is displayed.
Click the add (+) icon to create a service template. See Figure 5.
The Service Template tab of the Create page is displayed.
Enter the following information as given in Table 1:
Table 1: Add Service Template Fields Field
Action
Name
Enter a name for the service template.
Version
Select v2 as the version type.
Note:Starting with Release 3.2, Contrail supports only Service Chain Version 2 (v2).
Virtualization Type
Select Virtual Machine as the virtualization type.
Service Mode
Select Transparent as the service mode.
Service Type
Select Firewall as the service type.
Interface(s)
Click the add (+) icon and add the following interfaces:
management
left
right
Note:The interfaces created on the virtual machine must follow the same sequence as that of the interfaces in the service template.
Figure 5: Create Service TemplateClick Save to save the service template.
The Service Templates page is displayed. All service templates that you created are displayed in the Service Templates page.
Add Service Instance
Step-by-Step Procedure
Follow these steps to add a service instance:
Click Configure>Services>Service Instances.
The Service Instances page is displayed.
Click the add (+) icon to add a service instance. See Figure 6.
The Service Instance tab of the Create page is displayed.
Enter the following information as given in Table 2:
Table 2: Add Service Instance Fields Field
Action
Name
Enter a name for the service instance.
Service Template
Select transparent - [transparent (management, left, right)] - v2 as the service template.
Virtual Network
Select the virtual network for each interface type as given below:
management—Select the secondary management virtual network that you created.
left—Select the secondary left virtual network that you created.
right—Select the secondary right virtual network that you created.
Port Tuples
Click Port Tuples and click the add (+) icon to add new port tuples. See Figure 7.
Click the arrow next to the newly added port tuple to select the virtual machine instance for each interface type as given below:
management —Select the management virtual machine instance that you created.
left—Select the left virtual machine instance that you created.
right—Select the right virtual machine instance that you created.
Figure 6: Create Service InstanceFigure 7: Create Port TuplesClick Save to save the service instance.
The Service Instances page is displayed. All service instances that you created are displayed in the Service Instances page.
Create Service Policy
Step-by-Step Procedure
Follow these steps to create a service policy:
Click Configure>Networking>Policies.
The Policies page is displayed.
Figure 8: Policies PageClick the add (+) icon to add a service policy. See Figure 8.
The Policy tab of the Create page is displayed.
Figure 9: Create Policy PageEnter a name for the service policy in the Policy Name field.
Click add (+) in the Policy Rule(s) table to add a policy rule.
A row is added to the Policy Rule(s) table. See Figure 9.
In the row that is added:
Click the Source column and select Network from the source list.
From the networks list, select the primary left virtual network that you created.
Click the Destination column and select Network from the destination list.
From the networks list, select the primary right virtual network that you created.
Select the Services check box to enable services.
The Service Instance field is enabled.
Click the Service Instance field and select transparent from the service instance list.
Click Save to add the service policy.
The Policies page is displayed. All policies that you created are displayed in the Policies page.
Attach Service Policy
Step-by-Step Procedure
Follow these steps to attach a service policy to a network:
Click Configure>Networking>Networks.
The Networks page is displayed.
Add service policy to the left and right primary virtual networks.
Step-by-Step Procedure
To add a service policy to a virtual network:
Click the settings icon given at the end of the row of the virtual network.
In the list that is displayed, click Edit. See Figure 10.
The Edit page is displayed. See Figure 11.
Figure 10: Networks PageFigure 11: Edit Network PageClick Network Policy(s) and select the network policy you want to add to the virtual network. See Figure 11.
Click Save.
The policy is assigned to the network.
Repeat steps a through d to assign policies to other virtual networks.
Launch Virtual Machine
Step-by-Step Procedure
You can launch virtual machines from OpenStack and test the traffic through the service chain by doing the following:
Launch the left virtual machine in the primary left virtual network. For more information, see Create Virtual Machine.
Launch the right virtual machine in the primary right virtual network. For more information, see Create Virtual Machine.
Ping the right virtual machine IP address from the left virtual machine.
Follow these steps to ping a virtual machine:
Click Project > Compute > Instances.
All virtual machine instances that you created are displayed on the Instances page.
From the list of virtual machines, click the left virtual machine.
The Instances / Left Instance page is displayed.
Click the Console tab.
The Instance Console is displayed.
Ping the right virtual machine IP address from the Instance Console.