Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

System Requirements for EKS Deployment

Read this section to understand the system, resource, port, and licensing requirements for installing Juniper Cloud-Native Router on Amazon Elastic Kubernetes Service (EKS).

Minimum Host System Requirements

This section lists the host system requirements for installing the cloud-native router.

Table 1: Cloud-Native Router Minimum Host System Requirements
Component Value/Version
EKS Deployment Self-managed Nodes
Host OS

Amazon Linux 2

EKS version 1.25.12
Instance Type Any instance type with ena adapters
Kernel Version The tested kernel version is 5.15.0-1040-aws
NIC Elastic Network Adapter (ENA)
Kubernetes (K8s) 1.26.3, 1.28.x
AWS CLI version 2.11.9
VPC CNI v1.14.0-eksbuild.3
Multus 3.7.2

(kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/v3.7.2-eksbuild.1/aws-k8s-multus.yaml)

Helm 3.11
Container-RT containterd

Resource Requirements

This section lists the resource requirements for installing the cloud-native router.

Table 2: Cloud-Native Router Resource Requirements
Resource Value Usage Notes
Data plane forwarding cores 2 cores (2P + 2S)  
Service/Control Cores 0  
UIO Driver VFIO-PCI To enable, follow the steps below:
cat /etc/modules-load.d/vfio.conf
vfio
vfio-pci

Enable Unsafe IOMMU mode

echo Y > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts
echo Y > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
Hugepages (1G) 6 Gi Add GRUB_CMDLINE_LINUX_DEFAULT values in /etc/default/grub on the host. For example: GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_iommu=on iommu=pt"

Update grub and reboot the host. For example:

grub2-mkconfig -o /boot/grub2/grub.cfg

Verify the hugepage is set by executing the following commands:

cat /proc/cmdline

grep -i hugepages /proc/meminfo

JCNR Controller cores .5  
JCNR vRouter Agent cores .5  

Miscellaneous Requirements

This section lists additional requirements for installing the cloud-native router.

Table 3: Miscellaneous Requirements
Cloud-Native Router Release Miscellaneous Requirements
Disable source/destination checks on the AWS Elastic Network Interfaces (ENI) interfaces attached to JCNR. JCNR being a transit router, is neither the source nor the destination of any traffic that it receives.
Attach the AmazonEBSCSIDriverPolicy IAM policy to the role assigned to the EKS cluster.
Set IOMMU and IOMMU-PT in /etc/default/grub file. For example:
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_iommu=on iommu=pt"
Update grub and reboot the host. For example:
grub2-mkconfig -o /boot/grub2/grub.cfg 

Additional kernel modules need to be loaded on the host before deploying JCNR in L3 mode. These modules are usually available in linux-modules-extra or kernel-modules-extra packages. Add each of following kernel modules on a separate line to /etc/modules-load.d/crpd.conf to load the modules at boot:

cat /etc/modules-load.d/crpd.conf
tun
fou
fou6
ipip
ip_tunnel
ip6_tunnel
mpls_gso
mpls_router
mpls_iptunnel
vrf
vxlan
Note:

Applicable for L3 deployments only.

Verify the core_pattern value is set on the host before deploying JCNR:
sysctl kernel.core_pattern
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e

You can update the core_pattern in /etc/sysctl.conf. For example:

kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz

JCNR ConfigMap for VRRP

You can enable Virtual Router Redundancy Protocol (VRRP) for your JCNR cluster.

You must create a JCNR ConfigMap to define the behavior of VRRP for your JCNR cluster in an EKS deployment. Considering that AWS VPC supports exactly one next-hop for a prefix, the ConfigMap defines how the VRRP mastership status is used to copy prefixes from routing tables in JCNR to specific routing tables in AWS. An example jcnr-aws-config.yaml manifest is provided:

The table provided below describes the ConfigMap elements:

Table 4: JCNR ConfigMap Elements
Element Description
jcnr-table-name The routing table in JCNR from which prefixes should be copied.
jcnr-policy-name A routing policy in JCNR that imports the prefixes in the named routing table to copy to the AWS routing table.
jcnr-nexthop-interface-name Name of the JCNR interface which should be used as the next-hop by the AWS routing table when this instance of the JCNR is VRRP master.
vpc-table-tag A freeform tag applied to the routing table in AWS to which the prefixes should be copied.

The jcnr-aws-config.yaml must be applied to the Kubernetes system before JCNR installation. The JCNR CNI deployer renders the cRPD configuration based on the ConfigMap.

Note:

When not using VRRP, you must provide an empty list as the data for aws-rttable-map.json.

Port Requirements

Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.

Table 5: Cloud-Native Router Listening Ports
Protocol Port Description
TCP 8085 vRouter introspect–Used to gain internal statistical information about vRouter
TCP 8072 Telemetry Information-Used to see telemetry data from JCNR control plane
TCP 9091 vRouter health check–cloud-native router checks to ensure contrail-vrouter-dpdk process is running, etc.
TCP 50052 gRPC port–JCNR listens on both IPv4 and IPv6
TCP 8081 JCNR Deployer Port
TCP 22 cRPD SSH
TCP 830 cRPD NETCONF
TCP 666 rpd
TCP 1883 Mosquito mqtt–Publish/subscribe messaging utility
TCP 9500 agentd on cRPD
TCP 21883 na-mqttd
TCP 50051 jsd on cRPD
TCP 51051 jsd on cRPD
UDP 50055 Syslog-NG

Download Options

To deploy JCNR on an EKS cluster you can either download the helm charts from the Juniper Support Site or subscribe via the AWS Marketplace.

Note: Before deploying JCNR on an EKS cluster via helm charts downloaded from the Juniper support site, you must whitelist https://enterprise.hub.juniper.net as the JCNR image registry.

JCNR Licensing

Starting with Juniper Cloud-Native Router (JCNR) Release 22.2, we have enabled our Juniper Agile Licensing (JAL) model. JAL ensures that features are used in compliance with Juniper's end-user license agreement. You can purchase licenses for the Juniper Cloud-Native Router software through your Juniper Account Team. You can apply the licenses by using the CLI of the cloud-native router controller. For details about managing multiple license files for multiple cloud-native router deployments, see Juniper Agile Licensing Overview.

Note:

Starting with JCNR Release 23.2, the JCNR license format has changed. Request a new license key from the JAL portal before deploying or upgrading to 23.2 or newer releases.