Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

System Requirements for OpenShift Deployment

Read this section to understand the system, resource, port, and licensing requirements for installing Juniper Cloud-Native Router on the Red Hat OpenShift Container Platform (OCP).

Minimum Host System Requirements

This section lists the host system requirements for installing the cloud-native router on OCP.

Table 1: Cloud-Native Router Minimum Host System Requirements
Component Value/Version Notes
CPU Intel x86 The tested CPU is Intel(R) Xeon(R) Silver 4314 CPU @ 2.40GHz 64 core
Host OS RHCOS 4.12  
Kernel Version RedHat Enterprise Linux (RHEL): 4.18.X The tested kernel version for RHEL is 4.18.0-372.40.1.el8_6.x86_64
NIC
  • Intel E810 with Firmware 4.00 0x80014411 1.3236.0

  • Intel E810-CQDA2 with Firmware 4.000x800144111.3236.0

  • Intel XL710 with Firmware 9.00 0x8000cead 1.3179.0

 
IAVF driver Version 4.5.3.1  
ICE_COMMS Version 1.3.35.0  
ICE Version 1.9.11.9 ICE driver is used only with the Intel E810 NIC
i40e Version 2.18.9 i40e driver is used only with the Intel XL710 NIC
OCP Version 4.12 The tested versions are:Client Version: 4.12.0-202301042257.p0.g854f807.assembly.stream-854f807 Kustomize Version: v4.5.7 Server Version: 4.12.0 Kubernetes Version: v1.25.4+77bec7a
OVN-Kubernetes CNI    
Multus Version 3.8  
Helm 3.12.x  
Container-RT crio 1.25x  

Resource Requirements

This section lists the resource requirements for installing the cloud-native router.

Table 2: Cloud-Native Router Resource Requirements
Resource Value Usage Notes
Data plane forwarding cores 2 cores (2P + 2S)  
Service/Control Cores 0  
UIO Driver VFIO-PCI To enable, follow the steps below:

Create a Butane config file, 100-worker-vfiopci.bu, binding the PCI device to the VFIO driver.

variant: openshift
version: 4.8.0
metadata:
  name: 100-worker-vfiopci
  labels:
    machineconfiguration.openshift.io/role: worker 
storage:
  files:
  - path: /etc/modprobe.d/vfio.conf
    mode: 0644
    overwrite: true
    contents:
      inline: |
        options vfio-pci ids=10de:1eb8 
  - path: /etc/modules-load.d/vfio-pci.conf 
    mode: 0644
    overwrite: true
    contents:
      inline: vfio-pci

Create and apply the machine config:

$ butane 100-worker-vfiopci.bu -o 100-worker-vfiopci.yaml
$ oc apply -f 100-worker-vfiopci.yaml
Hugepages (1G) 6 Gi Configure hupages on the worker nodes using the following commands:
oc create -f hugepages-tuned-boottime.yaml 
# cat hugepages-tuned-boottime.yaml  
apiVersion: tuned.openshift.io/v1 
kind: Tuned 
metadata: 
  name: hugepages  
  namespace: openshift-cluster-node-tuning-operator 
spec: 
  profile:  
  - data: | 
      [main] 
      summary=Boot time configuration for hugepages 
      include=openshift-node 
      [bootloader] 
      cmdline_openshift_node_hugepages=hugepagesz=1G hugepages=8 
    name: openshift-node-hugepages 
  recommend: 
  - machineConfigLabels:  
      machineconfiguration.openshift.io/role: "worker-hp" 
    priority: 30 
    profile: openshift-node-hugepages 
oc create -f hugepages-mcp.yaml  
# cat hugepages-mcp.yaml  
apiVersion: machineconfiguration.openshift.io/v1 
kind: MachineConfigPool 
metadata: 
  name: worker-hp 
  labels: 
    worker-hp: "" 
spec: 
  machineConfigSelector: 
    matchExpressions: 
      - {key: machineconfiguration.openshift.io/role, operator: In, values: [worker,worker-hp]} 
  nodeSelector: 
    matchLabels: 
      node-role.kubernetes.io/worker-hp: "" 
JCNR Controller cores .5  
JCNR vRouter Agent cores .5  

Miscellaneous Requirements

This section lists additional requirements for installing the cloud-native router.

Table 3: Miscellaneous Requirements
Cloud-Native Router Release Miscellaneous Requirements
Enable VLAN driver at system boot using the command:
cat /etc/modules-load.d/vlan.conf
8021q
Verify by executing the command:
lsmod | grep 8021q
Enable VFIO-PCI driver at system boot
Enable the host with SR-IOV and VT-d in the system's BIOS.
Set IOMMU and IOMMU-PT

Create a MachineConfig object that defined a kernel argument:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker 
  name: 100-worker-iommu 
spec:
  config:
    ignition:
      version: 3.2.0
  kernelArguments:
      - intel_iommu=on iommmu=pt
$ oc create -f 100-worker-kernel-arg-iommu.yaml
Disable Spoofcheck on VFs allocated to JCNR. For example: ip link set <interfacename> vf 1 spoofcheck off.
Note:

Applicable only on L2 deployments.

Set trust on VFs allocated to JCNR. For example: ip link set <interfacename> vf 1 trust on
Note:

Applicable only on L2 deployments.

Additional kernel modules need to be loaded on the host before deploying JCNR in L3 mode. These modules are usually available in linux-modules-extra or kernel-modules-extra packages. Run the following commands to add the kernel modules:

cat /etc/modules-load.d/crpd.conf
tun
fou
fou6
ipip
ip_tunnel
ip6_tunnel
mpls_gso
mpls_router
mpls_iptunnel
vrf
vxlan
Note:

Applicable for L3 deployments only.

Run the ip fou add port 6635 ipproto 137 command on the Linux host to enable kernel based forwarding.

NetworkManager is a tool in some operating systems to make the management of network interfaces easier. NetworkManager may make the operation and configuration of the default interfaces easier. However, it can interfere with the Kubernetes management and create problems.

To avoid the NetworkManager from interfering with the interface configurations, perform the following steps:

  1. Create the file, /etc/NetworkManager/conf.d/crpd.conf.
  2. Add the following content in the file.
    [keyfile]
     unmanaged-devices+=interface-name:enp*;interface-name:ens*
    Note: enp* indicates all interfaces starting with enp. For specific interface names, provided a comma-separated list.
  3. Restart the NetworkManager service by running the command, sudo systemctl restart NetworkManager.
  4. Edit the sysctl file on the host and paste the following content in it:
    net.ipv6.conf.default.addr_gen_mode=0
    net.ipv6.conf.all.addr_gen_mode=0
    net.ipv6.conf.default.autoconf=0
    net.ipv6.conf.all.autoconf=0
  5. Run the command sysctl -p /etc/sysctl.conf to load the new sysctl.conf values on the host.
  6. Create the bond interface manually. For example:

    ifconfig ens2f0 down
    ifconfig ens2f1 down
    ip link add bond0 type bond mode 802.3ad
    ip link set ens2f0 master bond0
    ip link set ens2f1 master bond0
    ifconfig ens2f0 up ; ifconfig ens2f1 up; ifconfig bond0 up
Verify the core_pattern value is set on the host before deploying JCNR:
sysctl kernel.core_pattern
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e

You can update the core_pattern in /etc/sysctl.conf. For example:

kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz

Port Requirements

Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.

Table 4: Cloud-Native Router Listening Ports
Protocol Port Description
TCP 8085 vRouter introspect–Used to gain internal statistical information about vRouter
TCP 8070 Telemetry information-Used to see telemetry data from cloud-native router
TCP 9091 vRouter health check–cloud-native router checks to ensure contrail-vrouter-dpdk process is running, etc.
TCP 50052 gRPC port–JCNR listens on both IPv4 and IPv6
TCP 8081 JCNR Deployer Port
TCP 22 cRPD SSH
TCP 830 cRPD NETCONF
TCP 666 rpd
TCP 1883 Mosquito mqtt–Publish/subscribe messaging utility
TCP 9500 agentd on cRPD
TCP 21883 na-mqttd
TCP 50051 jsd on cRPD
TCP 51051 jsd on cRPD
UDP 50055 Syslog-NG

Download Options

To deploy JCNR on OCP you can download the helm charts from the Juniper Support Site.

JCNR Licensing

Starting with Juniper Cloud-Native Router (JCNR) Release 22.2, we have enabled our Juniper Agile Licensing (JAL) model. JAL ensures that features are used in compliance with Juniper's end-user license agreement. You can purchase licenses for the Juniper Cloud-Native Router software through your Juniper Account Team. You can apply the licenses by using the CLI of the cloud-native router controller. For details about managing multiple license files for multiple cloud-native router deployments, see Juniper Agile Licensing Overview.

Note:

Starting with JCNR Release 23.2, the JCNR license format has changed. Request a new license key from the JAL portal before deploying or upgrading to 23.2 or newer releases.