- play_arrow Overview
- play_arrow Understanding Contrail Controller
-
- play_arrow Installing and Upgrading Contrail
- play_arrow Supported Platforms and Server Requirements
- play_arrow Installing Contrail and Provisioning Roles
- Introduction to Containerized Contrail Modules
- Introduction to Contrail Microservices Architecture
- Downloading Installation Software
- Overview of contrail-ansible-deployer used in Contrail Command for Installing Contrail with Microservices Architecture
- Installing Contrail with OpenStack and Kolla Ansible
- Configuring the Control Node with BGP
- Contrail Global Controller
- Role and Resource-Based Access Control
- play_arrow Installation and Configuration Scenarios
- Setting Up and Using a Simple Virtual Gateway with Contrail 4.0
- Configuring MD5 Authentication for BGP Sessions
- Configuring the Data Plane Development Kit (DPDK) Integrated with Contrail vRouter
- Configuring Contrail DPDK vRouter to Run in a Docker Container
- Configuring Single Root I/O Virtualization (SR-IOV)
- Configuring Virtual Networks for Hub-and-Spoke Topology
- Configuring Transport Layer Security-Based XMPP in Contrail
- Configuring Graceful Restart and Long-lived Graceful Restart
- Remote Compute
- Dynamic Kernel Module Support (DKMS) for vRouter
- play_arrow Upgrading Contrail Software
- play_arrow Backup and Restore Contrail Software
- play_arrow Multicloud Contrail
- play_arrow Using Contrail with Kubernetes
- Contrail Integration with Kubernetes
- Installing and Managing Contrail 5.0 Microservices Architecture Using Helm Charts
- Provisioning of Kubernetes Clusters
- Using Helm Charts to Provision Multinode Contrail OpenStack Ocata with High Availability
- Using Helm Charts to Provision All-in-One Contrail with OpenStack Ocata
- Accessing a Contrail OpenStack Helm Cluster
- Frequently Asked Questions About Contrail and Helm Charts
- Contrail Deployment with Helm
- Verifying Configuration for CNI for Kubernetes
- Kubernetes Updates to IP Fabric
- Implementation of Kubernetes Network Policy with Contrail Firewall Policy
- play_arrow Using VMware vCenter with Containerized Contrail
- vCenter Integration for Contrail Release 5.0
- vCenter Integration for Contrail Release 5.0.1
- vCenter Integration for Contrail Release 5.0.2
- Underlay Network Configuration for ContrailVM
- Using the Contrail and VMware vCenter User Interfaces to Manage the Network For Contrail Releases 5.0 and 5.0.1
- Using the Contrail and VMware vCenter User Interfaces to Manage the Network For Contrail Release 5.0.2
- Integrating Contrail Release 5.0.X with VMware vRealize Orchestrator
- Installing and Provisioning Contrail VMware vRealize Orchestrator Plugin
- play_arrow Using Contrail with Red Hat
- play_arrow Contrail and AppFormix Kolla/Ocata OpenStack Deployment
- Contrail and AppFormix Deployment Requirements
- Preparing for the Installation
- Run the Playbooks
- Accessing Contrail in AppFormix Management Infrastructure in UI
- Notes and Caveats
- Example Instances.yml for Contrail and AppFormix OpenStack Deployment
- Installing AppFormix for OpenStack
- Installing AppFormix for OpenStack in HA
- play_arrow Using Contrail with Juju Charms
- play_arrow Contrail Command
- play_arrow Extending Contrail to Physical Routers, Bare Metal Servers, Switches, and Interfaces
- Understanding Bare Metal Server Management
- Configuring High Availability for the Contrail OVSDB ToR Agent
- Using Device Manager to Manage Physical Routers
- SR-IOV VF as the Physical Interface of vRouter
- Using Gateway Mode to Support Remote Instances
- REST APIs for Extending the Contrail Cluster to Physical Routers, and Physical and Logical Interfaces
- play_arrow Contrail for Data Center Automation and Fabric Management
-
- play_arrow Contrail Security
- play_arrow Contrail Security
-
- play_arrow Monitoring and Troubleshooting Contrail
- play_arrow Configuring Traffic Mirroring to Monitor Network Traffic
- play_arrow Understanding Contrail Analytics
- play_arrow Configuring Contrail Analytics
- Analytics Scalability
- High Availability for Analytics
- System Log Receiver in Contrail Analytics
- Sending Flow Messages to the Contrail System Log
- Ceilometer Support in a Contrail Cloud
- User Configuration for Analytics Alarms and Log Statistics
- Alarms History
- Node Memory and CPU Information
- Role- and Resource-Based Access Control for the Contrail Analytics API
- Configuring Analytics as a Standalone Solution
- Configuring Secure Sandesh and Introspect for Contrail Analytics
- play_arrow Using Contrail Analytics to Monitor and Troubleshoot the Network
- Monitoring the System
- Debugging Processes Using the Contrail Introspect Feature
- Monitor > Infrastructure > Dashboard
- Monitor > Infrastructure > Control Nodes
- Monitor > Infrastructure > Virtual Routers
- Monitor > Infrastructure > Analytics Nodes
- Monitor > Infrastructure > Config Nodes
- Monitor > Networking
- Query > Flows
- Query > Logs
- Understanding Flow Sampling
- Example: Debugging Connectivity Using Monitoring for Troubleshooting
- play_arrow Common Support Answers
-
- play_arrow Contrail Commands and APIs
- play_arrow Contrail Commands
- play_arrow Contrail Application Programming Interfaces (APIs)
-
ON THIS PAGE
Example: Creating an In-Network-NAT Service Chain by Using Contrail Command
This example provides instructions to create an in-network-nat service chain by using the Contrail Command user interface (UI).
Prerequisites
Hardware and Software Requirements
Hardware
Processor: 4 core x86
Memory: 32GB RAM
Storage: at least 128GB hard disk
Software
Contrail Release 3.2 or later
Note:For Contrail Networking Release 3.2 through Release 4.1, you use the Contrail Web UI. For more information, see Example: Creating a In-Network-NAT Service Chain by Using Contrail Web UI.
Create Network IPAM (IP Address Management)
Click Overlay>IPAM.
The IP Address Management page is displayed.
Click Create to create a new network IPAM.
Enter a name for the IPAM in the name field.
Select Default from the DNS list.
Enter valid IP address in the NTP Server IP field.
Enter domain name in the Domain Name field.
Click Create.
The IP Address Management page is displayed.
Overview
A service chain is a set of services that are connected across networks. A service chain consists of service instances, left and right virtual networks, and a service policy attached to the networks. A service chain can have in-network services, in-network-nat services, and transparent services.
In an in-network-nat service chain, packets are routed between service instance interfaces. In-network-nat service chain does not require return traffic to be routed to the source network. When a packet is routed through the service chain, the source address of the packet entering the left interface of the service chain is updated and is not the same as the source address of the packet exiting the right interface. For more information, see Service Chaining.
Configuration
These topics provide instructions to create an in-network-nat service chain.
- Create Virtual Network
- Create Virtual Machine
- Configure Service Template
- Add Service Instance
- Create Service Policy
- Attach Service Policy
- Launch Virtual Machine
Create Virtual Network
Step-by-Step Procedure
Use the Contrail Command UI to create a left virtual network, right virtual network, and management virtual network.
To create a left virtual network:
Click Overlay>Virtual Networks.
The All Networks page is displayed.
Click Create to create a network.
The Create Virtual Network page is displayed.
In the Name field enter test-left-VN for the left virtual network.
Select (Default) User defined subnet only from the Allocation Mode list.
Click +Add in the Subnets section to add subnets.
Step-by-Step Procedure
In the row that is displayed,
Select an IPAM for the virtual network from the Network IPAM list.
Enter 192.0.2.0/24 in the CIDR field.
Click Create.
The All Networks page is displayed. All virtual networks that you created are displayed in this page.
Note:Management network is not used to route packets. This network is used to help debug issues with the virtual machine.
Repeat steps 2 through 6 to create the right virtual network (test-right-VN) and management virtual network (test-mgmt-VN).
Create Virtual Machine
Step-by-Step Procedure
Follow these steps to create a left virtual machine by using the Contrail Command UI.
Click Workloads > Instances.
The Instances page is displayed.
Click Create.
The Create Instance page is displayed.
Select Virtual Machine option button as the serve type.
Enter test-left-VM for the left virtual machine in the Instance Name field.
Select Image as the boot source from the Select Boot Source list.
Note:vSRX image with M1.large flavor is recommended for in-network-nat virtual machine.
Select vSRX image file from the Select Image list.
Select M1.large flavor from the Select Flavor list.
Select the network you want to associate with the left virtual machine by clicking > next to the name of the virtual machine listed in the Available Networks table.
For the left virtual machine, select test-left-VN. For the right virtual machine, select test-right-VN. For the management virtual machine, select test-mgmt-VN.
The network is added to the Allocated Networks table.
Select nova from the Availability Zone list.
Note:You can choose any other availability zone.
Select 5 from the Count (1-10) list.
Note:You can choose any value from 1 through 10.
Click Create to launch the left virtual machine instance.
The Instances page is displayed. The virtual machine instances that you created are listed on the Instances page.
Repeat steps 2 through 11 to create right virtual machine instance (test-right-VM) and management virtual machine instance (test-mgmt-VM).
Configure Service Template
Step-by-Step Procedure
Follow these steps to create a service template by using the Contrail Command UI:
Click Services>Catalog.
The VNF Service Templates page is displayed.
Click Create.
The Create VNF Service Template page is displayed.
Enter test-service-template in the Name field.
Select v2 as the version type.
Note:Starting with Release 3.2, Contrail supports only Service Chain Version 2 (v2).
Select Virtual Machine as the virtualization type.
Select In-Network Nat as the service mode.
Select Firewall as the service type.
From the Interface section,
Select left as the interface type from the Interface Type list.
Click + Add.
The Interface Type list is added to the table.
Select right as the interface type.
Click + Add again.
Another Interface Type list is added to the table.
Select management as the interface type.
Note:The interfaces created on the virtual machine must follow the same sequence as that of the interfaces in the service template.
Click Create to create the service template.
The VNF Service Templates page is displayed. The service template that you created is displayed in the VNF Service Templates page.
Add Service Instance
Step-by-Step Procedure
Follow these steps to add a service instance by using the Contrail Command UI:
Click Services>Deployments.
The VNF Service Instances page is displayed.
Click Create.
The Create VNF Service Instance page is displayed.
Enter test-service-instance in the Name field.
Select test-service-template - [in-network-nat, (left, right, management)] - v2 from the Service Template list.
The Interface Type and Virtual Network fields are displayed.
Select the virtual network for each interface type as given below.
left—Select the left virtual network (test-left-VN) that you created.
right—Select the right virtual network (test-right-VN) that you created.
management—Select the management virtual network (test-management-VN) that you created.
Click the Port Tuples section and click +Add.
Select the virtual machine instance for each interface type as given below.
left—Select the left virtual machine instance that you created.
right—Select the right virtual machine instance that you created.
management—Select the management virtual machine instance that you created.
Click Create to create the service instance.
The VNF Service Instances page is displayed. The service instance that you created is displayed in the VNF Service Instances page.
Create Service Policy
Step-by-Step Procedure
Follow these steps to create a service policy by using the Contrail Command UI.
Click Overlay > Network Policies.
The Network Policies page is displayed.
Click Create.
The Network Policy tab of the Create Network Policy page is displayed.
Enter test-network-policy in the Policy Name field.
In the Policy Rule(s) section,
Select pass from the Action list.
Select ANY from the Protocol list.
Select Network from the Source Type list.
Select the test-left-VN from the Source list.
In the Source Port field, leave the default option, Any, as is.
Select < > from the Direction list.
Select Network from the Destination Type list.
Select the test-right-VN from the Destination list.
In the Destination Ports field, leave the default option, Any, as is.
Click Create to create the service policy.
The Network Policies page is displayed. All policies that you created are displayed in the Network Policies page.
Attach Service Policy
Step-by-Step Procedure
Follow these steps to attach a service policy:
Click Overlay>Virtual Networks.
The All networks page is displayed.
Attach service policy to the left virtual network (test-left-VN) and right virtual network (test-right-VN) that you created.
Step-by-Step Procedure
To attach service policy,
Select the check box next to the name of the virtual network.
Hover over to the end of the selected row and click the Edit icon.
The Edit Virtual Network page is displayed.
Select the network policy from the Network Policies list.
Click Save to save the changes.
The Virtual Networks page is displayed.
Launch Virtual Machine
Step-by-Step Procedure
You can launch virtual machines from Contrail Command and test the traffic through the service chain by doing the following:
Launch the left virtual machine in left virtual network. See Create Virtual Machine.
Launch the right virtual machine in right virtual network. See Create Virtual Machine.
Ping the left virtual machine IP address from the right virtual machine.
Follow these steps to ping a virtual machine:
Step-by-Step Procedure
Click Workloads>Instances.
The Instances page is displayed.
Click the open console icon next to test-right-VM.
The Console page is displayed.
Log in using root user credentials.
Ping the left virtual machine IP address (190.0.2.3) from the Console.