Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Creating Layer 3 PNF Service Chains for Inter-LR Traffic

 

Contrail Networking provides layer 3 physical network functions (PNF) support to create service chains for inter-LR (logical router) traffic. Contrail Networking automates configuration of QFX and SRX devices to allow movement of inter-LR traffic between bare metal servers through layer 3 PNF.

Figure 1: Example Topology
Example Topology

Figure 1 shows an example topology of how a PNF device (SRX5600) is used to allow inter-LR traffic to pass through a service chain. You can use the SRX device as a layer 3 PNF device after you have configured the device during device onboarding. The PNF device is connected to border leaf or spine devices.

Getting Started

The general workflow to create a PNF service chain is as follows:

These topics provide instructions to create a PNF service chain.

Onboard Fabric Devices

Follow the steps provided in the Onboard Brownfield Devices topic to onboard brownfield fabric devices and assign roles to the devices.

While onboarding devices, ensure that you enter the IP subnet in the PNF Servicechain subnets field to establish EBGP session between PNF device and Spine switch.

See Table 1 for an example configuration of a centrally-routed bridging (CRB) architecture that includes PNF functionality. The SRX device uses the physical role, pnf, and routing-bridging role, PNF-Servicechain. The border leaf device uses PNF-Servicechain routing-bridging role.

Table 1: Assign Roles to Devices

Device

Physical Role

Routing-Bridging Role

Spine devices

spine

CRB-Gateway, Route-Reflector, CRB-MCAST-Gateway

Border leaf

leaf

PNF-Servicechain

Leaf devices

leaf

CRB-Access

SRX Device

pnf

PNF-Servicechain

Configure Virtual Networks

Follow the steps provided in the Create Virtual Network topic to create virtual networks.

After you have created the virtual networks, you create a network policy. For more information on creating a network policy and attaching the network policy to the virtual network, see Create Network Policy.

Configure Virtual Port Groups

Follow the steps provided in the Configuring Virtual Port Groups topic to configure virtual port groups. A virtual port group defines leaf device interfaces attached to end hosts

Ensure that you assign the virtual port group to the virtual network that you created.

For example, when you create two virtual networks, VN-A and VN-B, you will have to create one virtual port group for VN-A and another for VN-B.

Configure Logical Routers

Follow the steps provided in the Create Logical Routers topic to configure logical routers.

While creating logical router, ensure that you

  • Select VXLAN Routing as the Logical Router Type.

  • Select the virtual network(s) from the Connected Networks list.

  • Select the physical routers (the spine devices) to which you want to extend the logical router.

Configure PNF

Configuring PNF includes the following:

  • Creating a PNF Service Template to define the physical connectivity of the PNF to the fabric.

  • Creating a PNF Service Instance to define the interconnection of the two logical routers.

Follow these steps to create PNF service template and PNF service instance by using the Contrail Command UI.

  1. Navigate to Services>Deployments.

    The VNF Service Instances page is displayed.

  2. Click the PNF tab.

    The PNF Service Instances page is displayed.

  3. Click Create and select Instance (with Template) from the list.

    The Create PNF Service Instance page is displayed.

  4. Enter the following information in the PNF Service Template pane.

    Table 2: Enter PNF Service Template Information

    Field

    Action

    Name

    Enter a name for the PNF template.

    PNF Device

    Select the PNF device you want to use for this service chain.

    PNF Left Interface

    Select the left interface of the PNF device.

    PNF Left Fabric

    Select the fabric connected to the left interface of the PNF device.

    PNF Left Attachment Points

    Select the physical router attached to the left interface of the PNF device from the Physical Router list.

    Select the left interface of the physical router from the Left Interface list.

    PNF Right Interface

    Select the right interface of the PNF device.

    PNF Right Fabric

    Select the fabric connected to the right interface of the PNF device.

    PNF Right Attachment Points

    Select the physical router attached to the right interface of the PNF device from the Physical Router list.

    Select the right interface of the physical router from the Right Interface list.

  5. Click Next to confirm.

    The PNF Service Instance pane is displayed.

    After you create the PNF service template, you can use the PNF service template to enable the PNF service instance.

  6. Enter the following information in the PNF Service Instance Pane.

    Table 3: Enter PNF Service Instance Information

    Field

    Action

    Name

    Enter a name for the PNF service instance.

    Service Template

    The PNF service template is selected by default.

    PNF eBGP ASN

    Enter the PNF eBGP AS number.

    (Optional) Configure Static RP

    Select Configure Static RP check box to configure static rendezvous point (RP).

    The RP IP Address field is enabled. The RP is the router that receives multicast traffic.

    This field is required only when sending multicast traffic through the PNF service chain.

    (Optional) RP IP Address

    Enter the RP IP address iof the router that receives multicast traffic.

    This field is required only when sending multicast traffic through the PNF service chain.

    Left Tenant Logical Router

    Select the left tenant logical router. This interface is where the service chain starts.

    PNF Left BGP Peer ASN

    Displays the BGP AS number of the border leaf that the PNF device is connected to.

    Left Service VLAN

    Enter left service VLAN ID.

    The VLAN ID must be unique.

    Right Tenant Logical Router

    Select the right tenant logical router. This interface is where the service chain ends.

    PNF Right BGP Peer ASN

    Displays the BGP AS number of the border leaf that the PNF device is connected to.

    Right Service VLAN

    Enter right service VLAN ID.

    The VLAN ID must be unique.

  7. Click Finish to complete configuration.

    The PNF Service Instances page is displayed. For a sample resulting configuration, see Figure 2.

    Figure 2: Resulting Configuration
    Resulting Configuration

View Service Appliance Sets and Service Appliances

(Optional) Follow these steps to view Service Appliance Sets and Service Appliances by using the Contrail Command UI:

  1. Click Services > Appliances.

    The Appliances page is displayed.

  2. Click Service Appliance Sets tab to view the list of available service appliance sets.
  3. Click Service Appliance tab to view the list of available service appliances.

Alternatively, you can also navigate to the Monitoring>Operations page to verify the status of the job.

Related Documentation