cSRX Pods With External Network
Know About cSRX Pods with External Network
You can connect cSRX Container Firewall with external network with two additional interfaces. Both interfaces are attached into srxpfe and handled by FLOW.
cSRX can leverage Linux native CNI to connect to external network.
cSRX use Multus plugin to support multiple interfaces connect to the external network.
Applications which monitor network traffic are directly connected to the physical network.
You can use the macvlan network driver to assign a MAC address to each
container’s virtual network interface, making it appear to be a physical network interface
directly connected to the physical network. In this case, you need to designate a physical
interface on your Docker host to use for the macvlan, as well as the subnet
and gateway of the macvlan. You can even isolate your macvlan networks
using different physical network interfaces.
Connect cSRX to External Network
macvlan functions like a switch that is already
connected to the host interface. A host interface gets enslaved with
the virtual interfaces sharing the physical device but having distinct
MAC addresses. Since each macvlan interface has its own MAC address,
it makes it easy to use with existing DHCP servers already present
on the network.
To connect cSRX with external network using macvlan:
Configure Nodeport Service for cSRX Pods
You can deploy cSRX with Nodeport service type. All the traffic is forwarded to worker node by Kubernetes in the external network.
To create a NodePort service: