Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Task 7: Connect overlay networking with underlay fabric using Contrail and gateway router

 

Goal

In this task, you will see how Contrail can extend overlay networks to communicate with the underlay infrastructure. Since we created the red and green instances in Task 1 of this series, we will now see how to link these overlay instances running in OpenStack to the underlay infrastructure.

Disclaimer: The steps in this task are only applicable to Juniper’s Cloud Software Trial tool.

Some values and/or information may vary for users executing this task using a non-Juniper trial tool.

 

Step-by-Step Procedure

  1. Open the Contrail web interface in the browser by navigating to this URL: https://192.168.250.1:8143.

  2. Log in to the Contrail web interface using the credentials below.

    Username: admin

    Password: contrail123

    Domain: (leave blank)

  3. Within the web interface, click the “Configure” tab, shown by the purple wrench icon, located in the top left navigation panel. Click on Networking > Networks, listed in the left navigation panel.

  4. Click on the (+) icon on the right top corner to create a new virtual network. Name it “red-network” and choose a subnet range.

    Click “Save”.

    In this task, a virtual network with name “red-network” & subnet with CIDR block “1.1.1.0/24” is created. The gateway will be automatically populated.

  5. Verify that the “red-network” is created successfully. Now that the virtual network is created in Contrail, an instance needs to be attached to the network. To create the instance, you need to go to the OpenStack Dashboard. Open a new tab and go to https://192.168.250.1/horizon

    Username: admin
    Password: contrail123
  6. In your OpenStack Dashboard, navigate to Project > Compute > Instances. Select the project as “admin”, since you have created the Contrail virtual network in the “admin” project in the previous step.

    a. Provide a name for the instance , “red-instance”

    b. Under the “images” tab in the left navigation bar and select an image source. Choose “cirros” from the list of available images, as shown below.

    c. Under the “Flavor” tab in the left navigation bar, select a flavor of your choice. Choose “m1.tiny” from the list of available flavors.

    d. Under the “Networks” tab in the left navigation bar, select the virtual network in which you want to launch the virtual machine. Since, this VM is called “red-instance”, launch in the “red-network”.

    e. Click on “Launch” instance button and confirm that the VM was spawned without any errors.

  7. To confirm that IP address was properly assigned to the “red-instance”, click on the “instance” and navigate to the “console” tab. Once in the “console” tab, log in to the instance and type “ifconfig”. Use the following credentials to log in.

    Username: cirros

    Password: cubswin:)

    As you can see in the below screenshot, the “red-instance” is assigned an IP address of 1.1.1.4 which is in the 1.1.1.0/24 subnet range.

  8. Now, we will try to get access the “Contrail vRouter introspect” service which runs on port 8085 on every compute node.

    We first need to find the compute node’s IP address. To get the IP address, open Contrail Web-UI and navigate to “Monitor > Infrastructure > Virtual Routers”

    Under this tab, you will find all the Contrail vRouters in the cluster. Note the IP address associated with the vRouter. This will be the compute node’s IP address as well.

    The IP address is 172.16.250.101

  9. Login to “red-instance” and try to initiate a HTTP request to the IP address obtained from the previous step and port 8085

    In the “red-instance” console type the following command,

    (red-instance)$ curl 172.16.250.101:8085 -m 10

    The above command will fail if HTTP response is not received within 10 seconds

  10. The request will not go through since the overlay virtual networks are isolated from the fabric infrastructure

  11. Last step is to associate the service instance with the individual virtual networks.

  12. Now, in order for the overlay workloads (virtual-machine’s) to access fabric infrastructure we need to create a link local service or a metadata service. Login to the Contrail web interface and navigate to Configure > Infrastructure > Link Local Services.

    Click on the (+) icon on the right-most side under the “Link Local Service(s)” section to create a new Link Local Service

    Enter the below parameters to configure the link local service,

    Service Name: DNS name to access the service (eg. vrouter.introspect.com)

    Service IP Address: Use address 169.254.169.X

    Service Port: Choose a port > 1024 (eg. since the fabric port is 8085, it is good practice to use the same port here. Hence, we use 8085)

    Address Type: IP

    Fabric IP: Choose the IP address of the underlying fabric (eg. Compute node’s IP address obtained from previous step)

    Fabric Port: Choose a port used by the underlying fabric (eg. 8085 is the port used by Contrail vRouter introspect service)

  13. Once the Link Local service is configured, virtual machines can access the service running on the fabric using the 169.254.169.X address

    Login to “red-instance” again and initiate a HTTP request to the DNS name configured in the previous step and port 8085

    In the “red-instance” console type the following command and verify that you can access the Contrail vRouter introspect service running on the compute node (red-instance)$ nslookup vrouter.introspect.com (red-instance)$ curl vrouter.introspect.com:8085 -m 10