Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Creating VNF Service Chains for Inter-LR Traffic

 

Contrail Networking Release 1912 extends the service chaining functionality to bare metal servers (BMS). In earlier releases, Contrail Networking supports traffic flow between a virtual machine in one virtual network and a virtual machine in another virtual network. However, traffic flow between a virtual machine and BMS through a service chain was not supported. With Release 1912, Contrail Networking supports the movement of inter-LR traffic by using virtual network functions (VNF). This EVPN-based VXLAN (Ethernet VPN-based Virtual Extensible LAN) service chain supports bidirectional traffic flow through a service virtual machine.

VNF service chaining uses EVPN with VXLAN to enable traffic flow between:

  • Two bare metal servers.

    Figure 1: Traffic Flow Between Two Bare Metal Servers
    Traffic Flow Between Two Bare Metal Servers

    Figure 1 shows traffic flowing between two bare metal servers. Each bare metal server is connected to a logical router (virtual routing engine). These logical routers are configured in order to send traffic from the bare metal server in the red virtual network to the bare metal server in the green virtual network, through the service virtual machine.

  • A bare metal server and a virtual machine.

    Figure 2: Traffic Flow Between a Bare Metal Server and a Virtual Machine
    Traffic Flow Between a Bare Metal Server
and a Virtual Machine

    Figure 2 shows traffic flowing between a bare metal server and a virtual machine. The bare metal server and the virtual machine are connected to logical routers. These logical routers are configured in order to send traffic from the bare metal server in the red virtual network to the virtual machine in the green virtual network, through the service virtual machine.

  • A virtual machine and a bare metal server.

    Figure 3: Traffic Flow Between a Virtual Machine and a Bare Metal Servers
    Traffic Flow Between a Virtual Machine
and a Bare Metal Servers

    Figure 3 shows traffic flowing between a virtual machine and a bare metal server. The virtual machine and the bare metal server and are connected to logical routers. These logical routers are configured in order to send traffic from the virtual machine in the red virtual network to the bare metal server in the green virtual network, through the service virtual machine.

These topics provide instructions to create an EVPN-based VXLAN service chain.

Note

Greenfield device discovery is not supported.

Onboard Devices

Follow these steps to onboard brownfield devices from the Contrail Command user interface (UI):

  1. Click Fabrics.

    The Fabrics page is displayed.

  2. Click Create.

    You are prompted to select a provisioning option.

  3. Click Existing Fabric to import existing (brownfield) devices by discovery.
    Figure 4: Select Provisioning Option
    Select Provisioning Option
  4. Click Provision.

    The Create Fabric page is displayed.

  5. Enter the following information:

    Table 1: Provision Existing Fabric

    Field

    Action

    Name

    Enter a name for the fabric.

    Username

    Enter a username for the device.

    Password

    Enter a password for the device.

    Overlay ASN (iBGP)

    Enter autonomous system (AS) number in the range of 1-65,535.

    If you enable 4 Byte ASN in Global Config, you can enter 4-byte AS number in the range of 1-4,294,967,295.

    Node profiles

    Add node profiles.

    You can add more than one node profile.

    All preloaded node profiles are added to the fabric by default. You can remove a node profile by clicking X on the node profile.

    Management subnets

    Enter the following information:

    CIDR—Enter CIDR network address.

    Gateway—Enter gateway address.

    Note: You enter the CIDR address range in the Management subnets field to search for devices. Any device that has a previously configured management IP on the subnet is discovered.

    Underlay ASNs (eBGP)

    Enter autonomous system (AS) number in the range of 1-65,535.

    If you enable 4 Byte ASN in Global Config, you can enter 4-byte AS number in the range of 1-4,294,967,295.

    • Enter minimum value in ASN From field.

    • Enter maximum value in ASN To field.

    Fabric subnets (CIDR)

    Enter fabric CIDR address.

    Note: Fabric subnets are used to assign IP addresses to interfaces that connect to leaf or spine devices.

    Loopback subnets (CIDR)

    Enter loopback address.

    Note: Loopback subnets are used to auto-assign loopback IP addresses to the fabric devices.

    PNF Servicechain subnets (CIDR)

    Enter PNF device CIDR address.

    Note: Starting in Contrail Networking Release 5.1, enter the subnet for allocating IP addresses in the PNF Servicechain subnets field to establish EBGP session between PNF device and SPINE switch.

  6. Click Next.

    The Discovered devices page is displayed.

    The Device discovery progress bar on the Discovered devices page displays the progress of the device discovery job.

    Figure 5: Device Discovery Progress Bar
    Device Discovery Progress Bar

    The list of devices discovered are listed in the Discovered devices page.

  7. Select the device(s) you want to add to the fabric and then click Add.

    The device is added to the fabric.

  8. Click Next to assign roles.

    The Assign to devices page is displayed.

  9. Click the Assign icon at the end of the row to assign roles.

    The Assign role to devices pop-up is displayed.

  10. Assign physical roles and routing bridging roles.

    For Spine Devices:

    • Select spine from the Physical Role list.

    • Select CRB-Gateway from the Routing Bridging Roles list.

    For Leaf Devices:

    • Select leaf from the Physical Role list.

    • Select CRB-Access from the Routing Bridging Roles list.

    For PNF Devices:

    • Select PNF from the Physical Role list.

    • Select CRB-Access and PNF-Servicechain from the Routing Bridging Roles list.

    Note

    The number of PNF instances you can create depends on the subnet mask of the pnf-servicechain-subnet that you provided during fabric onboarding. You can create multiple /29 subnets from the pnf-servicechain-subnet.

    For example, if a /24 subnet is provided for the pnf-servicechain-subnet, then, you can create 25= 32(29-24=5) subnets out of it. Each PNF uses a pair of /29 subnets. Thus, for a /24 subnet, you can have a maximum of 16 PNFs.

    For VNF Devices:

    • Select VNF from the Physical Role list.

    • Select CRB-Access from the Routing Bridging Roles list.

      Note

      ERB-UCAST-Gateway routing bridging role is also supported.

  11. Click Assign to confirm selection and then click Autoconfigure to initiate the auto-configuration job.

    The Autoconfigure page is displayed.

Create Virtual Network

Follow these steps to create a Virtual Network from the Contrail Command user interface (UI).

  1. Click Overlay>Virtual Networks.

    The All Networks page is displayed.

  2. Click Create to create a network.

    The Create Virtual Network page is displayed.

  3. Enter a name for the network in the Name field.
  4. Select network policies from the Network Policies list. You can select more than one network policy.
  5. Select any one of the following preferred allocation mode.
    • Flat subnet only

    • Flat subnet preferred

    • (Default) User defined subnet only

    • User defined subnet preferred

    An allocation mode indicates how you choose a subnet. You select Flat subnet only or Flat subnet preferred allocation mode when the subnet is shared by multiple virtual networks. However, you select (Default) User defined subnet only or User defined subnet preferred allocation mode when you want to define a subnet range.

  6. Enter VXLAN network identifier in the VxLAN Network Identifier field.

    Range: 1 through 16,777,215

  7. Enter valid IPv4 subnet or mask in the CIDR field.
  8. Enter valid IPv4 address in the Gateway field.
  9. Click Create.

    The All Networks page is displayed. The virtual networks that you created are displayed in this page.

Configuring Virtual Port Groups

This topic describes how to create virtual port groups from Contrail Command UI.

To create virtual port groups:

  1. Navigate to Overlay > Virtual Port Group > Create Virtual Port Group.

    The Create Virtual Port Group page is displayed.

  2. Enter the VLAN ID and network to which the VLAN is associated and select a security group to which the VLAN is to be attached.

    You can select multiple VLANs to include in the virtual port group. Based on the need, you can add or remove VLANs from virtual port group by using the Edit Virtual Port Group function.

  3. Select the fabric from the Fabric Name list.

    The available physical interfaces on the devices in the selected fabric are listed.

  4. From the Available Physical Interface box, select the physical interfaces to be included in the virtual port group by clicking the arrow next each physical interface. The available physical interfaces are the interfaces available on TORs that are already onboarded.

    The selected interfaces are displayed in the Assigned Physical Interface box.

    If you select more than one interface on the same TOR as shown in Figure 6, a link aggregation group (LAG) is automatically created on the device.

    Figure 6: Select Interfaces on the Same TOR
    Select Interfaces on the Same TOR
  5. Click Create.

    The newly created virtual port group is displayed on the Virtual Port Group page with details of the interfaces and the TORs as shown in Figure 7.

    Figure 7: Virtual Port Groups
    Virtual Port Groups

    You can delete a virtual port group by clicking the delete icon against the virtual port group. To delete a virtual port group, you must first remove the referenced VMI and the associated BMS instance from the virtual port group.

Create Logical Routers

Follow these steps to create a logical router (LR).

  1. Click Overlay>Logical Routers.

    The Logical Routers page is displayed.

  2. Click Create.

    The Create Logical Router page is displayed.

  3. Enter the following information.

    Field

    Action

    Name

    Enter a name for the Logical Router.

    Admin State

    Select Up.

    Extend to Physical Router

    Select the routers from the list.

    Logical Router Type

    Select VXLAN Routing from the list.

    Connected Networks

    Select the networks from the list.

    Public Logical Router

    (Optional) Select this check box if you want the logical router to function as a public logical router.

    VxLAN Network Identifier

    Enter VXLAN network identifier.

    Range: 1 through 16,777,215

    Route Target(s)

    Click +Add to add route targets.

    Enter Autonomous System (AS) number in the ASN field.

    • Enter ASN in the range of 1-4,294,967,295, when 4 Byte ASN is enabled in Global Config.

    • Enter ASN in the range of 1-65,535, when 4 Byte ASN is disabled.

    • You can also add suffix L or l (lower-case L) at the end of a value in the ASN field to assign an AS number in 4-byte range. Even if the value provided in the ASN field is in the range of 1-65,535, adding L or l (lower-case L) at the end of the value assigns the AS number in 4-byte range. If you assign the ASN field a value in the 4-byte range, you must enter a value in the range of 0-65,535 in the Target field.

    Enter route target in the Target field.

    • Enter route target in the range of 0-65,535, when 4 Byte ASN is enabled and ASN field is assigned a 4-byte value.

    • Enter route target in the range of 0-4,294,967,295, when the ASN field is assigned a 2-byte value.

  4. Click Create to create the logical router.

    The Logical Routers page is displayed.

  5. Repeat Step 3 and Step 4 to create another logical router.

Create VNF Service Template

Follow these steps to create a service template by using the Contrail Command UI:

  1. Click Services>Catalog.

    The VNF Service Templates page is displayed.

  2. Click Create.

    The Create VNF Service Template page is displayed.

  3. Enter a name for the service template in the Name field.
  4. Select v2 as the version type.Note

    Starting with Release 3.2, Contrail supports only Service Chain Version 2 (v2).

  5. Select Virtual Machine as the virtualization type.
  6. Select a service mode from the Service Mode list.
  7. Select a service type from the Service Type list.
  8. From the Interface section,
    • Select left as the interface type from the Interface Type list.

    • Click + Add.

      The Interface Type list is added to the table.

      Select right as the interface type.

    • Click + Add again.

      Another Interface Type list is added to the table.

      Select management as the interface type.

    Note

    The interfaces created on the virtual machine must follow the same sequence as that of the interfaces in the service template.

  9. Click Create to create the service template.

    The VNF Service Templates page is displayed. The service template that you created is displayed in the VNF Service Templates page.

Create VNF Service Instance

Follow these steps to add a service instance by using the Contrail Command UI:

  1. Click Services>Deployments.

    The VNF Service Instances page is displayed.

  2. Click Create.

    The Create VNF Service Instance page is displayed.

  3. Enter a name for the service instance in the Name field.
  4. Select the service template that you created from the Service Template list.

    The Interface Type and Virtual Network fields are displayed.

  5. Select the virtual network for each interface type as given below.
    • left—Select the left virtual network that you created.

    • right—Select the right virtual network that you created.

    • management—Select the management virtual network that you created.

  6. Click Create to create the service instance.

    The VNF Service Instances page is displayed. The service instance that you created is displayed in the VNF Service Instances page.

Release History Table
Release
Description
Contrail Networking Release 1912 extends the service chaining functionality to bare metal servers (BMS).