System Requirements for OpenShift Deployment
Read this section to understand the system, resource, port, and licensing requirements for installing Juniper Cloud-Native Router on the Red Hat OpenShift Container Platform (OCP).
Minimum Host System Requirements
This section lists the host system requirements for installing the cloud-native router on OCP.
Component | Value/Version | Notes |
---|---|---|
CPU | Intel x86 | The tested CPU is Intel(R) Xeon(R) Silver 4314 CPU @ 2.40GHz 64 core |
Host OS | RHCOS 4.12 | |
Kernel Version | RedHat Enterprise Linux (RHEL): 4.18.X | The tested kernel version for RHEL is 4.18.0-372.40.1.el8_6.x86_64 |
NIC |
|
|
IAVF driver | Version 4.5.3.1 | |
ICE_COMMS | Version 1.3.35.0 | |
ICE | Version 1.9.11.9 | ICE driver is used only with the Intel E810 NIC |
i40e | Version 2.18.9 | i40e driver is used only with the Intel XL710 NIC |
OCP Version | 4.12 | The tested versions are:Client Version: 4.12.0-202301042257.p0.g854f807.assembly.stream-854f807 Kustomize Version: v4.5.7 Server Version: 4.12.0 Kubernetes Version: v1.25.4+77bec7a |
OVN-Kubernetes CNI | ||
Multus | Version 3.8 | |
Helm | 3.12.x | |
Container-RT | crio 1.25x |
Resource Requirements
This section lists the resource requirements for installing the cloud-native router.
Resource | Value | Usage Notes |
---|---|---|
Data plane forwarding cores | 2 cores (2P + 2S) | |
Service/Control Cores | 0 | |
UIO Driver | VFIO-PCI | To enable, follow the steps below: Create a Butane config file,
variant: openshift version: 4.8.0 metadata: name: 100-worker-vfiopci labels: machineconfiguration.openshift.io/role: worker storage: files: - path: /etc/modprobe.d/vfio.conf mode: 0644 overwrite: true contents: inline: | options vfio-pci ids=10de:1eb8 - path: /etc/modules-load.d/vfio-pci.conf mode: 0644 overwrite: true contents: inline: vfio-pci Create and apply the machine config: $ butane 100-worker-vfiopci.bu -o 100-worker-vfiopci.yaml $ oc apply -f 100-worker-vfiopci.yaml |
Hugepages (1G) | 6 Gi | Configure hupages on the worker nodes using the following
commands:oc create -f hugepages-tuned-boottime.yaml # cat hugepages-tuned-boottime.yaml apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: hugepages namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Boot time configuration for hugepages include=openshift-node [bootloader] cmdline_openshift_node_hugepages=hugepagesz=1G hugepages=8 name: openshift-node-hugepages recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: "worker-hp" priority: 30 profile: openshift-node-hugepages oc create -f hugepages-mcp.yaml # cat hugepages-mcp.yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfigPool metadata: name: worker-hp labels: worker-hp: "" spec: machineConfigSelector: matchExpressions: - {key: machineconfiguration.openshift.io/role, operator: In, values: [worker,worker-hp]} nodeSelector: matchLabels: node-role.kubernetes.io/worker-hp: "" |
JCNR Controller cores | .5 | |
JCNR vRouter Agent cores | .5 |
Miscellaneous Requirements
This section lists additional requirements for installing the cloud-native router.
Cloud-Native Router Release Miscellaneous Requirements |
---|
Enable VLAN driver at system boot using the
command:cat /etc/modules-load.d/vlan.conf 8021qVerify by executing the command: lsmod | grep 8021q |
Enable VFIO-PCI driver at system boot |
Enable the host with SR-IOV and VT-d in the system's BIOS. |
Set IOMMU and IOMMU-PT
Create a MachineConfig object that defined a kernel argument: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 100-worker-iommu spec: config: ignition: version: 3.2.0 kernelArguments: - intel_iommu=on iommmu=pt $ oc create -f 100-worker-kernel-arg-iommu.yaml |
Disable Spoofcheck on VFs allocated to JCNR. For example: ip link set
<interfacename> vf 1 spoofcheck off .Note:
Applicable only on L2 deployments. |
Set trust on VFs allocated to JCNR. For example: ip link set
<interfacename> vf 1 trust on Note:
Applicable only on L2 deployments. |
Additional kernel modules need to be loaded on the host before deploying JCNR in
L3 mode. These modules are usually available in
cat /etc/modules-load.d/crpd.conf tun fou fou6 ipip ip_tunnel ip6_tunnel mpls_gso mpls_router mpls_iptunnel vrf vxlan Note:
Applicable for L3 deployments only. |
Run the |
NetworkManager is a tool in some operating systems to make the management of network interfaces easier. NetworkManager may make the operation and configuration of the default interfaces easier. However, it can interfere with the Kubernetes management and create problems. To avoid the NetworkManager from interfering with the interface configurations, perform the following steps:
|
Verify the core_pattern value is set on the host before deploying
JCNR:sysctl kernel.core_pattern kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e You
can update the core_pattern in kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz |
Port Requirements
Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.
Protocol | Port | Description |
---|---|---|
TCP | 8085 | vRouter introspect–Used to gain internal statistical information about vRouter |
TCP | 8070 | Telemetry information-Used to see telemetry data from cloud-native router |
TCP | 9091 | vRouter health check–cloud-native router checks to ensure contrail-vrouter-dpdk process is running, etc. |
TCP | 50052 | gRPC port–JCNR listens on both IPv4 and IPv6 |
TCP | 8081 | JCNR Deployer Port |
TCP | 22 | cRPD SSH |
TCP | 830 | cRPD NETCONF |
TCP | 666 | rpd |
TCP | 1883 | Mosquito mqtt–Publish/subscribe messaging utility |
TCP | 9500 | agentd on cRPD |
TCP | 21883 | na-mqttd |
TCP | 50051 | jsd on cRPD |
TCP | 51051 | jsd on cRPD |
UDP | 50055 | Syslog-NG |
Download Options
To deploy JCNR on OCP you can download the helm charts from the Juniper Support Site.
JCNR Licensing
Starting with Juniper Cloud-Native Router (JCNR) Release 22.2, we have enabled our Juniper Agile Licensing (JAL) model. JAL ensures that features are used in compliance with Juniper's end-user license agreement. You can purchase licenses for the Juniper Cloud-Native Router software through your Juniper Account Team. You can apply the licenses by using the CLI of the cloud-native router controller. For details about managing multiple license files for multiple cloud-native router deployments, see Juniper Agile Licensing Overview.
Starting with JCNR Release 23.2, the JCNR license format has changed. Request a new license key from the JAL portal before deploying or upgrading to 23.2 or newer releases.