Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


瞻博网络云原生路由器控制器 (cRPD)

阅读本章,了解瞻博网络云原生路由器控制器(云原生路由器控制器或 cRPD)、瞻博网络云原生路由器控制平面。


cRPD 在瞻博网络云原生路由器解决方案中发挥着控制平面的作用。cRPD 为用户 (CLI) 和应用程序 (API) 等提供配置接口。您可以使用这些接口来配置或编程 JCNR-vRouter 转发平面。您可以使用 JCNR 控制器配置许多内容:

  • 虚拟功能 (VF) 交换矩阵接口

  • VF 工作负载接口

  • 中继接口

  • 接入接口

  • L2 ACL(防火墙规则)

  • 网桥域

  • 以太网交换

  • Vlan

cRPD 会执行以下功能:

  • 支持 JCNR-vRouter 作为转发平面

  • 维护 vRouter 接口的配置,包括中继接口和接入接口、虚拟功能接口 (VF)、VLAN 等

  • 维护网桥域的配置

  • 维护 L2 防火墙的配置

  • 维护网桥域、VLAN、虚拟交换机等的配置

  • 通过 vRouter 代理将配置信息传递给 vRouter

  • 存储许可证密钥信息


在部署期间,您可以通过更改包含在软件分配 TAR 文件中的值.yaml 文件中的键:值对来配置 cRPD。

部署后,建议将 NETCONF 协议与 PyEZ 一起用于配置 cRPD。请参阅 ,了解有关 PyEZ 的详细信息。或者,您可以直接 SSH 到 TCP 端口 24 上的 cRPD,或者在 TCP 端口 830 上使用 NETCONF。最后,配置云原生路由器的另一个选项是使用 Kubernetes 命令访问 cRPD 上的 Junos CLI,以连接到 cRPD Pod。

访问 CLI

In this procedure we provide CLI commands that you run on the host server. We do not show a prompt before the commands so you can copy and paste the commands into your own cloud-native router.

The output should look like:

The command to access the cRPD CLI has the form: kubectl exec -n kube-system -it <full cRPD Pod name> -- bash. If we use the output from above, the command appears as: kubectl exec -n kube-system -it kube-crpd-worker-ds-89wzg -- bash.

The output from the command above (when you use the full name of your cRPD Pod) should look like:

This output indicates that you have attached to the cRPD CLI. At this point, your access level is root and you are in shell mode. Just as when you connect as root to any Junos OS-based device, you must enter the cli command to access the Junos CLI in operation mode.

有用的 CLI 命令

本节提供一些 CLI 命令及其输出示例。我们还提供一些命令完成示例输出。这些输出允许您查看可用的命令层次结构,您可以在云原生路由器系统上探索这些层次结构。

您可以看到带有命令的网桥命令层次结构, show bridge ? 如下所示。

If you look further into the hierarchy, you see:

If you use the <[Enter]> option, you see something like:

The show bridge mac-table command displays the L2 MAC table which is dynamically learned by the vRouter.

If you look at the other option, statistics, you see:

If you use the <[Enter]> option, you see something like:

The show bridge statistics command displays the L2 VLAN traffic statistics per interface within a bridge domain.

To see the firewall (ACL) configuration:

Once configured, you must apply your firewall filters to a bridge domain using a cRPD configuration command similar to:set routing-instances vswitch bridge-domains bd3001 forwarding-options filter input filter1. Then you must commit the configuration for the firewall filter to take effect.

To see the how many packets matched the filter (per VLAN) you can use the cRPD CLI and issue the command:

The output from the above command looks like:

In this example we applied the filter to the bridge domain bd3001. The filter has not yet matched any packets.