System Requirements for EKS Deployment
Minimum Host System Requirements
This section lists the host system requirements for installing the cloud-native router.
Component | Value/Version |
---|---|
EKS Deployment | Self-managed Nodes |
Host OS |
Amazon Linux 2 |
EKS version | 1.25.12 |
Instance Type | Any instance type with ena adapters |
Kernel Version | The tested kernel version is 5.15.0-1040-aws |
NIC | Elastic Network Adapter (ENA) |
Kubernetes (K8s) | 1.26.3, 1.28.x |
AWS CLI version | 2.11.9 |
VPC CNI | v1.14.0-eksbuild.3 |
Multus | 3.7.2 ( |
Helm | 3.11 |
Container-RT | containterd |
Resource Requirements
This section lists the resource requirements for installing the cloud-native router.
Resource | Value | Usage Notes |
---|---|---|
Data plane forwarding cores | 2 cores (2P + 2S) | |
Service/Control Cores | 0 | |
UIO Driver | VFIO-PCI | To enable, follow the steps below:cat /etc/modules-load.d/vfio.conf vfio vfio-pci Enable Unsafe IOMMU mode echo Y > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts echo Y > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode |
Hugepages (1G) | 6 Gi | Add GRUB_CMDLINE_LINUX_DEFAULT values in
/etc/default/grub on the host. For example:
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0
default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_iommu=on
iommu=pt" Update grub and reboot the host. For example:
Verify the hugepage is set by executing the following commands:
|
JCNR Controller cores | .5 | |
JCNR vRouter Agent cores | .5 |
Miscellaneous Requirements
This section lists additional requirements for installing the cloud-native router.
Cloud-Native Router Release Miscellaneous Requirements |
---|
Disable source/destination checks on the AWS Elastic Network Interfaces (ENI) interfaces attached to JCNR. JCNR being a transit router, is neither the source nor the destination of any traffic that it receives. |
Attach the AmazonEBSCSIDriverPolicy IAM policy to the role
assigned to the EKS cluster. |
Set IOMMU and IOMMU-PT in /etc/default/grub file. For example:
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_iommu=on iommu=pt"Update grub and reboot the host. For example: grub2-mkconfig -o /boot/grub2/grub.cfg |
Additional kernel modules need to be loaded on the host before deploying JCNR in
L3 mode. These modules are usually available in
cat /etc/modules-load.d/crpd.conf tun fou fou6 ipip ip_tunnel ip6_tunnel mpls_gso mpls_router mpls_iptunnel vrf vxlan Note:
Applicable for L3 deployments only. |
Verify the core_pattern value is set on the host before deploying
JCNR:sysctl kernel.core_pattern kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e You
can update the core_pattern in kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz |
JCNR ConfigMap for VRRP
You can enable Virtual Router Redundancy Protocol (VRRP) for your JCNR cluster.
You must create a JCNR ConfigMap to define the behavior of VRRP for your JCNR cluster in an EKS deployment. Considering that AWS VPC supports exactly one next-hop for a prefix, the ConfigMap defines how the VRRP mastership status is used to copy prefixes from routing tables in JCNR to specific routing tables in AWS. An examplejcnr-aws-config.yaml
manifest is
provided:apiVersion: v1 kind: ConfigMap metadata: name: jcnr-aws-config namespace: jcnr data: aws-rttable-map.json: | [ { "jcnr-table-name":"default-rt.inet.0", "jcnr-policy-name": "default-rt-to-aws-export", "jcnr-nexthop-interface-name":"eth4", "vpc-table-tag":"jcnr-aws-vpc-internal-table" }, { "jcnr-table-name":"default-rt.inet6.0", "jcnr-policy-name":"default-rt-to-aws-export", "jcnr-nexthop-interface-name":"eth4", "vpc-table-tag":"jcnr-aws-vpc-internal-table" } ]
The table provided below describes the ConfigMap elements:
Element | Description |
---|---|
jcnr-table-name |
The routing table in JCNR from which prefixes should be copied. |
jcnr-policy-name |
A routing policy in JCNR that imports the prefixes in the named routing table to copy to the AWS routing table. |
jcnr-nexthop-interface-name |
Name of the JCNR interface which should be used as the next-hop by the AWS routing table when this instance of the JCNR is VRRP master. |
vpc-table-tag |
A freeform tag applied to the routing table in AWS to which the prefixes should be copied. |
The jcnr-aws-config.yaml
must be applied to the Kubernetes system
before JCNR installation. The JCNR CNI deployer renders the cRPD configuration based on the
ConfigMap.
When not using VRRP, you must provide an empty list as the data for
aws-rttable-map.json
.
Port Requirements
Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.
Protocol | Port | Description |
---|---|---|
TCP | 8085 | vRouter introspect–Used to gain internal statistical information about vRouter |
TCP | 8072 | Telemetry Information-Used to see telemetry data from JCNR control plane |
TCP | 9091 | vRouter health check–cloud-native router checks to ensure contrail-vrouter-dpdk process is running, etc. |
TCP | 50052 | gRPC port–JCNR listens on both IPv4 and IPv6 |
TCP | 8081 | JCNR Deployer Port |
TCP | 22 | cRPD SSH |
TCP | 830 | cRPD NETCONF |
TCP | 666 | rpd |
TCP | 1883 | Mosquito mqtt–Publish/subscribe messaging utility |
TCP | 9500 | agentd on cRPD |
TCP | 21883 | na-mqttd |
TCP | 50051 | jsd on cRPD |
TCP | 51051 | jsd on cRPD |
UDP | 50055 | Syslog-NG |
Download Options
To deploy JCNR on an EKS cluster you can either download the helm charts from the Juniper Support Site or subscribe via the AWS Marketplace.
https://enterprise.hub.juniper.net
as the
JCNR image registry.JCNR Licensing
Starting with Juniper Cloud-Native Router (JCNR) Release 22.2, we have enabled our Juniper Agile Licensing (JAL) model. JAL ensures that features are used in compliance with Juniper's end-user license agreement. You can purchase licenses for the Juniper Cloud-Native Router software through your Juniper Account Team. You can apply the licenses by using the CLI of the cloud-native router controller. For details about managing multiple license files for multiple cloud-native router deployments, see Juniper Agile Licensing Overview.
Starting with JCNR Release 23.2, the JCNR license format has changed. Request a new license key from the JAL portal before deploying or upgrading to 23.2 or newer releases.