System Requirements for GCP Deployment

Minimum Host System Requirements

This section lists the host system requirements for installing the cloud-native router.

Note:

The settings below are pre-configured when you deploy JCNR via the Google Cloud Marketplace.

Table 1: Cloud-Native Router Minimum Host System Requirements
Component	Value/Version	Notes
GCP Deployment	VM-based
Instance Type	n2-standard-16
CPU	Intel x86	The tested CPU is Intel Cascade Lake
Host OS	Rocky Linux	8.8 (Green Obsidian)
Kernel Version	Rocky Linux: 4.18.X	The tested kernel version is 4.18.0-477.15.1.el8_8.cloud.x86_64
NIC	VirtIO NIC
Kubernetes (K8s)	Version 1.25.x	The tested K8s version is 1.25.5. The K8s version for Google Cloud Marketplace JCNR subscription is v1.27.5.
Calico	Version 3.25.1
Multus	Version 4.0
Helm	3.9.x
Container-RT	containerd

Resource Requirements

This section lists the resource requirements for installing the cloud-native router.

Table 2: Cloud-Native Router Resource Requirements
Resource	Value	Usage Notes
Data plane forwarding cores	2 cores
Service/Control Cores	0
UIO Driver	VFIO-PCI	To enable, follow the steps below: cat /etc/modules-load.d/vfio.conf vfio vfio-pci Enable Unsafe IOMMU mode echo Y > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts echo Y > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
Hugepages (1G)	6 Gi	Add `GRUB_CMDLINE_LINUX_DEFAULT` values in /etc/default/grub and reboot the host. For example: GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=64 intel_iommu=on iommu=pt" Update grub and reboot the host. For example: grub2-mkconfig -o /boot/grub2/grub.cfg Verify the hugepage is set by executing the following commands: cat /proc/cmdline grep -i hugepages /proc/meminfo
JCNR Controller cores	.5
JCNR vRouter Agent cores	.5

Miscellaneous Requirements

This section lists additional requirements for installing the cloud-native router.

Table 3: Miscellaneous Requirements
Cloud-Native Router Release Miscellaneous Requirements
Set IOMMU and IOMMU-PT in `/etc/default/grub` file. For example: GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=64 intel_iommu=on iommu=pt" Update grub and reboot the host. For example: grub2-mkconfig -o /boot/grub2/grub.cfg
Additional kernel modules need to be loaded on the host before deploying JCNR in L3 mode. These modules are usually available in `linux-modules-extra` or `kernel-modules-extra` packages. Run the following commands to add the kernel modules: cat /etc/modules-load.d/crpd.conf tun fou fou6 ipip ip_tunnel ip6_tunnel mpls_gso mpls_router mpls_iptunnel vrf vxlan Note: Applicable for L3 deployments only.
Run the `ip fou add port 6635 ipproto 137` command on the Linux host to enable kernel based forwarding.
Enable IP Forwarding for VMs in GCP. Use one of the two methods to enable it: Specify it as an option while creating the VM. For example: gcloud compute instances create instance-name --can-ip-forward For an exisiting VM, enable IP forwarding by updating the compute instance via a file. For example: gcloud compute instances export transit-jcnr01 --project jcnr-ci-admin --zone us-west1-a --destination=instance_file_1 Edit the instance file to set the value `canIpForward=true`. Update the compute instance from the file: gcloud compute instances update-from-file transit-jcnr01 --project jcnr-ci-admin --zone us-west1-a --source=instance_file_1 --most-disruptive-allowed-action ALLOWED_ACTION
Enable Multi-IP subnet on Guest OS: gcloud compute images create debian-9-multi-ip-subnet \ --source-disk debian-9-disk \ --source-disk-zone us-west1-a \ --guest-os-features MULTI_IP_SUBNET
Add firewall rules for loopback address for VPC. Configure the VPC firewall rule to allow ingress traffic with source filters set to the subnet range to which JCNR is attached, along with the IP ranges or addresses for the loopback addresses. For example: Navigate to Firewall policies on the GCP console and create a firewall rule with the following attributes: `Name`: Name of the firewall rule `Network`: Choose the VPC network `Priority`: 1000 `Direction`: Ingress `Action on Match`: Allow `Source filters`: 10.2.0.0/24, 2.51.2.0/23, 2.51.1.0/24, 2.2.2.2/32, 3.3.3.3/32 `Protocols`: all `Enforcement`: Enabled where 10.2.0.0/24 is the subnet to which JCNR is attached and 2.51.2.0/24, 2.51.1.0/24, 2.2.2.2/32, 3.3.3.3/32 are loopback IP ranges.
JCNR supports only IPv4 for GCP.
JCNR deployment on GCP supports only N8-standard for VM deployments. The N16-standard is not supported.
NetworkManager is a tool in some operating systems to make the management of network interfaces easier. NetworkManager may make the operation and configuration of the default interfaces easier. However, it can interfere with the Kubernetes management and create problems. To avoid the NetworkManager from interfering with the interface configurations, perform the following steps: Create the file, `/etc/NetworkManager/conf.d/crpd.conf`. Add the following content in the file. [keyfile] unmanaged-devices+=interface-name:enp;interface-name:ens Note: enp* indicates all interfaces starting with enp. For specific interface names, provided a comma-separated list. Restart the NetworkManager service by running the command, `sudo systemctl restart NetworkManager`. Edit the `sysctl` file on the host and paste the following content in it: net.ipv6.conf.default.addr_gen_mode=0 net.ipv6.conf.all.addr_gen_mode=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.all.autoconf=0 Run the command `sysctl -p /etc/sysctl.conf` to load the new `sysctl.conf` values on the host.
Verify the core_pattern value is set on the host before deploying JCNR: sysctl kernel.core_pattern kernel.core_pattern = \|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e You can update the core_pattern in `/etc/sysctl.conf`. For example: kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz

Port Requirements

Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.

Table 4: Cloud-Native Router Listening Ports
Protocol	Port	Description
TCP	8085	vRouter introspect–Used to gain internal statistical information about vRouter
TCP	8072	Telemetry Information-Used to see telemetry data from JCNR control plane
TCP	9091	vRouter health check–cloud-native router checks to ensure contrail-vrouter-dpdk process is running, etc.
TCP	50052	gRPC port–JCNR listens on both IPv4 and IPv6
TCP	8081	JCNR Deployer Port
TCP	22	cRPD SSH
TCP	830	cRPD NETCONF
TCP	666	rpd
TCP	1883	Mosquito mqtt–Publish/subscribe messaging utility
TCP	9500	agentd on cRPD
TCP	21883	na-mqttd
TCP	50051	jsd on cRPD
TCP	51051	jsd on cRPD
UDP	50055	Syslog-NG

Download Options

To deploy JCNR on GCP you can either download the helm charts from the Juniper Support Site or subscribe via the Google Cloud Marketplace.

Note: Before deploying JCNR on GCP via helm charts downloaded from the Juniper support site, you must whitelist https://enterprise.hub.juniper.net as the JCNR image registry.

JCNR Licensing

Starting with Juniper Cloud-Native Router (JCNR) Release 22.2, we have enabled our Juniper Agile Licensing (JAL) model. JAL ensures that features are used in compliance with Juniper's end-user license agreement. You can purchase licenses for the Juniper Cloud-Native Router software through your Juniper Account Team. You can apply the licenses by using the CLI of the cloud-native router controller. For details about managing multiple license files for multiple cloud-native router deployments, see Juniper Agile Licensing Overview.