Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Contrail Enterprise Multicloud Getting Started Guide - Fabric Management

 

###########################################################################3

This page was used for testing of BUILD / DESIGN / OPERATE as Heading 1’s. This content is now out of date; for latest content see https://uat.juniper.net/documentation/en_US/contrail20/information-products/pathway-pages/getting-started/contrail-getting-started.html.

###########################################################################3

Use this guide to get started with Contrail Enterprise Multicloud. Let’s go!

Before You Begin

The general workflow to setup your data center fabric using Contrail Enterprise Multicloud (CEM) is as follows:

This workflow assumes:

  • All CEM components are installed and running

  • Leaf-spine physical cabling and connections are in place

  • Management network connectivity to all fabric devices and CEM components

BUILD

Onboard a Fabric

You have two options for onboarding the IP fabric devices:

Onboard a New Fabric (Greenfield)

Use the Contrail Command UI to discover devices and create a new IP fabric underlay. To onboard an existing IP fabric, see the next section.

Before you Begin

This workflow assumes:

  • Devices are in a zeroized, factory-default state

  • You have a YAML file that defines devices details (see sample here)

    • Minimum configuration is device serial numbers

    • Adding host names is recommended, otherwise devices are given serial number host names

Procedure

  1. Navigate to INFRASTRUCTURE > Fabrics and click Create.
  2. Select New Fabric and click Provision.
  3. Configure the following fields:
    • Name (what you are calling the fabric)

    • Device credentials (what you want the root user password to be)

    • Overlay ASN (suggest using default but can change if desired)

    • Device Info (upload the YAML file)

    • Underlay ASN range

    • Management subnet and gateway address

    • Fabric subnets (specify a single /24 block; the system will use it to create /30 subnets)

    • Loopback subnet

  4. Click Next. The device discovery process begins. The process may take a few minutes.
  5. When you see the message ‘Job execution completed successfully’ in the log section and the Next button turns from grey to blue, click Next.

Video example: Data Center Fabric Greenfield Onboarding with Juniper Contrail Enterprise Multicloud

Now proceed to the Assign Roles section below.

Onboard an Existing Fabric (Brownfield)

Use the Contrail Command UI to onboard an existing IP fabric underlay. If you do not have an IP fabric underlay and want to use CEM to create one, see the previous section.

Before you Begin

This workflow assumes:

  • Devices are preconfigured with an underlay configuration that includes:

    • A common user account

    • Host name

    • Management, loopback, and fabric interfaces with IP addressing

    • EBGP-based IP fabric

    • Load balancing

    • Routing policy that advertises lo0 addresses throughout the fabric

  • You know the login credentials to the devices

Procedure

  1. Navigate to INFRASTRUCTURE > Fabrics and click Create.
  2. Select Existing Fabric and click Provision.
  3. Configure the following fields:
    • Name (what you are calling the fabric)

    • Overlay ASN (suggest using default but can change if desired)

    • Device credentials (existing username and password to access the devices)

    • Management subnet

    • Loopback subnet

  4. Click Next. The device discovery process begins. The process may take a few minutes.
  5. When you see the message ‘Job execution completed successfully’ in the log section and the Next button turns from grey to blue, click Next.

Video example: Data Center Fabric Brownfield Onboarding with Juniper Contrail Enterprise Multicloud

Now proceed to the Assign Roles section below.

DESIGN

Assign Roles

Assign overlay roles to the onboarded devices. For more information on roles, see here

Before you Begin

This workflow assumes that you know:

  • Which roles to assign to the devices

  • The desired overlay ASN (if not using the default)

Procedure

  1. On the Assign the roles page, select the checkboxes for all spine devices and click the Assign Role icon at upper right.
  2. In the pop-up window that appears, select Physical Role of spine and select Routing Bridging Roles as appropriate for your environment. Then click Assign.
  3. Back on the Assign the roles page, uncheck the boxes for the spine devices.
  4. Now select the checkboxes for all leaf devices and again click the Assign Role icon.
  5. In the pop-up window that appears, select Physical Role of leaf and select Routing Bridging Roles as appropriate for your environment. Then click Assign.
  6. Back on the Assign the roles page, uncheck the boxes for the leaf devices, and click the Autoconfigure button to push the overlay configuration onto the fabric devices based on their assigned roles.
  7. When the devices are configured, and the progress panel says ‘Job summary: Job execution completed successfully’, click Finish.
  8. Back on the Fabric Devices page, review the summary details for the fabric.

Video example: Centrally Routed Bridging (CRB) with Juniper Contrail Enterprise Multicloud

Video example: Edge Routing Bridging (ERB) with Juniper Contrail Enterprise Multicloud

At this point the EVPN-VXLAN overlay should be successfully deployed.

OPERATE

Add Virtual Networks

Configure virtual networks (VNs). A VN is a subnet; end hosts on the same VN can communicate.

Before you Begin

This workflow assumes that you know:

  • Names for each VN

  • Subnet information for each VN

Procedure

  1. Navigate to OVERLAY > Virtual Networks and click Create.
  2. On the Create Virtual Network page:
    • Enter a Name.

    • Add a Subnet; define the address block in the CIDR field.

    • Click Create.

  3. (Optional) Repeat these steps to create more VNs as needed.

Add Logical Routers

Configure a logical router (LR) to interconnect VNs.

Before you Begin

This workflow assumes that you know:

  • Names of each LR

  • Which VNs to assign to each LR

Procedure

  1. Navigate to OVERLAY > Logical Routers and click Create.
  2. On the Create Logical Router page:
    • Enter a Name.

    • Click the Extend to Physical Router drop-down menu and select the fabric devices that perform inter-VN routing.

    • Click the Logical Router Type drop-down menu and select VXLAN Routing.

    • Click the Connected Networks drop-down menu and select the VNs you want to be able to communicate.

    • Click Create.

  3. (Optional) Repeat these steps to create more LRs as needed.

Add Endpoints/BMSs

You have two options for adding endpoints:

Add Endpoints using Virtual Port Groups

Configure virtual port groups (VPGs). A VPG defines leaf device interfaces attached to end hosts. Use this option when

  • you don’t need to view the BMSs as entities in CEM

  • the BMSs use static IP addressing

  • the BMSs use dynamic IP addressing provided by an external DHCP server

Before you Begin

This workflow assumes that you know:

  • Names of the VPGs

  • Associated leaf device/port information

  • Server VLAN ID information (if the endpoints use VLAN tagging)

Procedure

  1. Navigate to OVERLAY > Virtual Port Group and click Create.
  2. On the Create Virtual Port Group page:
    • Enter a Name.

    • Select the Fabric name that contains the device with the desired port

    • Find the desired device and port in the Available Physical Interface list and move it to the Assigned Interface List.

    • In the VLAN section, select the (virtual) Network this VPG should belong to, and either enter a VLAN ID if the server is configured with a VLAN tag or if not click the Native/untagged checkbox.

    • Click Create.

  3. (Optional) Repeat these steps to create more VPGs as needed.

Verify connectivity

Your network should now be up and running. To verify connectivity, perform ping testing as follows:

  • Intra-VN: Ping from an endpoint to its VN gateway (.1 on the subnet), then to another endpoint in the VN

  • Inter-VN: Ping from an endpoint to an endpoint in another VN within the same LR

Add Endpoints using Servers/Instances

Define a BMS in CEM and then create a BMS instance that defines which leaf device interface it is attached to. Use this option when

  • you want to view the BMSs as entities in CEM

  • the BMSs use static IP addressing

  • the BMSs use dynamic IP addressing with CEM as the DHCP server

Before you Begin

This workflow assumes that you know:

  • BMS host name

  • BMS attached interface name and MAC address

  • BMS VLAN ID information (if the endpoints use VLAN tagging)

  • Associated leaf device/port information

  • Which VN the BMS belongs to

Procedure

This configuration option includes two elements:

  • Create BMS profile

  • Create BMS instance

Create BMS profile

  1. Navigate to INFRASTRUCTURE > Servers, and click Create.
  2. On the Create Server page, select mode Detailed, then select workload Baremetal.
  3. Configure the following fields:
    • Host name (of the BMS)

    • Network interfaces (enter name and MAC address of the server interface attached to the leaf device; select leaf device attached interface)

    • Click Create.

  4. (Optional) Repeat these steps to create more BMS profiles as needed.

Create BMS instance

  1. Navigate to WORKLOADS > Instances, and click Create.
  2. On the Create Instance page, select server type Existing Baremetal Server and configure the following fields:
    • Instance name

    • Baremetal node (select the BMS you defined above)

    • Associate interfaces (select server interface defined above; specify VLAN ID or enter 0 if untagged; select VN BMS attaches to)

    • Click Create.

  3. (Optional) Repeat these steps to create more BMS instances as needed.

Verify connectivity

Your network should now be up and running. To verify connectivity, perform ping testing as follows:

  • Intra-VN: Ping from an endpoint to its VN gateway (.1 on the subnet), then to another endpoint in the VN

  • Inter-VN: Ping from an endpoint to an endpoint in another VN within the same LR

(Optional) Add Physical Network Function

Add an SRX device to provide physical network function (PNF) capabilities. The PNF provides interconnectivity between LRs, as well as the ability to implement security policy.

Before You Begin

This workflow assumes:

  • The SRX device has two physical connections to one or more fabric devices

  • The SRX device has a basic configuration, including:

    • User account(s)

    • Host name

    • Management and loopback interfaces and IP addressing

    Note

    Do not preconfigure any elements related to PNF functionality, such as interfaces connecting to the fabric devices, zones and policies related to inter-LR traffic, and so on.

  • You know the following details:

    • Which two interfaces on the PNF device connect to the fabric device(s), and vice-versa

    • The two unique VLAN IDs to assign to the PNF-to-fabric-device connections

    • The /24 subnet to use to connect the PNF device to the fabric

    • The ASN to assign to the PNF device

    • Which LRs to interconnect

Procedure

PNF configuration includes four elements:

Onboard the SRX/PNF device
  1. Navigate to INFRASTRUCTURE > Fabrics and select the fabric you created above.
  2. On the Fabric devices page, click the Action button and select Brownfield wizard.
  3. On the Create Fabric page, configure the following fields:
    • Device credentials (existing username and password to access the devices)

    • Management subnet (use a /32 to specifically identify the SRX device)

    • Loopback subnet

    • Additional configuration - PNF Servicechain subnets (specify a /24 network; CEM will use it to create two /29 subnets during configuration)

  4. Click Next. The device discovery process begins. The process may take a few minutes.
  5. When you see the message ‘Job execution completed successfully’ in the log section and the Next button turns from grey to blue, click Next.
Assign overlay roles
  1. On the Assign the roles page, select the checkbox for the SRX device and click the Assign Role icon at upper right.
  2. In the pop-up window that appears, select Physical Role of pnf and select the Routing Bridging Role PNF-servicechain. Then click Assign.
  3. Back on the Assign the roles page, uncheck the box for the SRX device.
  4. Now select the checkboxes for the device(s) that attach to the PNF and again click the Assign Role icon.
  5. In the pop-up window that appears, select Physical Role of leaf or spine, as appropriate, and select Routing Bridging Roles PNF-Servicechain and CRB-MCAST-Gateway. Then click Assign.
  6. Back on the Assign the Roles page, uncheck the boxes for the devices, and click the Autoconfigure button to push new configuration onto the devices based on their assigned roles.
  7. When the devices are configured, and the progress panel says ‘Job summary: Job execution completed successfully’, click Finish.
  8. Back on the Fabric Devices page, review the summary details to verify PNF elements are in place.
Configure a PNF Service Template

The PNF service template defines the physical connectivity of the PNF to the fabric.

  1. Navigate to SERVICES > Catalog, click the PNF tab, and click Create > Template.
  2. On the Create PNF Service Template page, configure the following fields:
    • Name

    • PNF device (select the SRX device)

    • PNF Left Interface (select one of the interfaces connecting to the fabric)

    • PNF Left Fabric (select the fabric to attach to)

    • PNF Left Attachment Points > Physical Router (select the fabric device with a connection to the PNF)

    • PNF Left Attachment Points > Left Interface (select the interface connecting to the PNF)

    • PNF Right Interface (select a second interface connecting to the fabric)

    • PNF Right Fabric (as above, select the fabric to attach to)

    • PNF Right Attachment Points > Physical Router (select the fabric device with the second connection to the PNF)

    • PNF Right Attachment Points > Right Interface (select second interface connecting to the PNF)

  3. Click Create.
Configure a PNF Service Instance

The PNF service instance uses the template to interconnect the LRs.

  1. Navigate to SERVICES > Deployments, click the PNF tab, and click Create > Instance.
  2. On the PNF Service Instance page, configure the following fields:
    • Name

    • Service Template (select the template created above)

    • PNF eBGP ASN (specify a unique ASN for peering between the fabric and PNF)

    • Left Tenant Logical Router (select an LR)

    • Left Service VLAN (assign a unique VLAN ID)

    • Right Tenant Logical Router (select another LR to connect to the LR above)

    • Right Service VLAN (assign another unique VLAN ID)

  3. Click Create. CEM pushes the configuration elements to the devices; the process may take a few minutes.
Verify Connectivity

The SRX device should now be tied into the fabric to provide PNF services. To verify functionality:

  • Connectivity: Ping from an endpoint in one LR to and endpoint in the other LR

  • PNF: Add security policy configuration to the SRX device to allow or block traffic as desired

Video example: PNF Service Chaining with Contrail Enterprise Multicloud

What’s Next

 
 
c/includes/analytics-bottom.html"-->