Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

System Requirements for EKS Deployment

Read this section to understand the system, resource, port, and licensing requirements for installing Juniper Cloud-Native Router on Amazon Elastic Kubernetes Service (EKS).

Minimum Host System Requirements for EKS

Table 1 lists the host system requirements for installing Cloud-Native Router on EKS.

Table 1: Minimum Host System Requirements for EKS
Component Value/Version
EKS Deployment Self-managed nodes or managed node group
Host OS

Amazon Linux 2

EKS version / Kubernetes 1.26.3, 1.28.x, 1.29.x
Instance Type Any instance type with ENA adapters
Kernel Version 5.10.x, 5.15.x
NIC Elastic Network Adapter (ENA)
AWS CLI version 2.11.9
VPC CNI v1.14.0-eksbuild.3
EBS CSI Driver v1.28.0-eksbuild.1

Node Role

AmazonEBSCSIDriverPolicy

AmazonEKS_CNI_Policy

Multus 3.7.2

(kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/v3.7.2-eksbuild.1/aws-k8s-multus.yaml)

Helm 3.11
Container-RT containerd 1.7.x
Note:

The component versions listed in this table are expected to work with JCNR, but not every version or combination is tested in every release.

Resource Requirements for EKS

Table 2 lists the resource requirements for installing Cloud-Native Router on EKS.

Table 2: Resource Requirements for EKS
Resource Value Usage Notes
Data plane forwarding cores 1 core (1P + 1S)  
Service/Control Cores 0  
UIO Driver VFIO-PCI

To enable, follow the steps below:

cat /etc/modules-load.d/vfio.conf
vfio
vfio-pci

Enable Unsafe IOMMU mode

echo Y > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts
echo Y > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
Hugepages (1G) 6 Gi See Configure the Number of Huge Pages Available on a Node.
Cloud-Native Router Controller cores .5  
Cloud-Native Router vRouter Agent cores .5  

Miscellaneous Requirements for EKS

Table 3 lists additional requirements for installing Cloud-Native Router on EKS.

Table 3: Miscellaneous Requirements for EKS

Requirement

Example

Disable source/destination checks.

Disable source/destination checks on the AWS Elastic Network Interfaces (ENI) interfaces attached to JCNR. JCNR, being a transit router, is neither the source nor the destination of any traffic that it receives.

Attach IAM policy.

Attach the AmazonEBSCSIDriverPolicy IAM policy to the role assigned to the EKS cluster.

Set IOMMU and IOMMU-PT in GRUB.

Add the following line to /etc/default/grub.
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 default_hugepagesz=1G hugepagesz=1G hugepages=64 intel_iommu=on iommu=pt"

Update grub and reboot.

grub2-mkconfig -o /boot/grub2/grub.cfg 
reboot

Additional kernel modules need to be loaded on the host before deploying Cloud-Native Router in L3 mode. These modules are usually available in linux-modules-extra or kernel-modules-extra packages.

Note:

Applicable for L3 deployments only.

Create a /etc/modules-load.d/crpd.conf file and add the following kernel modules to it:

tun
fou
fou6
ipip
ip_tunnel
ip6_tunnel
mpls_gso
mpls_router
mpls_iptunnel
vrf
vxlan

Verify the core_pattern value is set on the host before deploying JCNR.

sysctl kernel.core_pattern
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e

You can update the core_pattern in /etc/sysctl.conf. For example:

kernel.core_pattern=/var/crash/core_%e_%p_%i_%s_%h_%t.gz

Cloud-Native Router ConfigMap for VRRP

You can enable Virtual Router Redundancy Protocol (VRRP) for your Cloud-Native Router cluster.

Note:

When running VRRP, the AWS IAM role for the node hosting the Cloud-Native Router instance needs permission to modify the VPC route table. To provide that permission, add the NetworkAdministrator policy to that IAM role.

You must create a Cloud-Native Router ConfigMap to define the behavior of VRRP for your Cloud-Native Router cluster in an EKS deployment. Considering that AWS VPC supports exactly one next-hop for a prefix, the ConfigMap defines how the VRRP mastership status is used to copy prefixes from routing tables in Cloud-Native Router to specific routing tables in AWS.

We provide an example jcnr-aws-config.yaml manifest below:

Table 4 describes the ConfigMap elements:

Table 4: Cloud-Native Router ConfigMap Elements
Element Description
jcnr-table-name The routing table in Cloud-Native Router from which prefixes should be copied.
jcnr-policy-name A routing policy in Cloud-Native Router that imports the prefixes in the named routing table to copy to the AWS routing table.
jcnr-nexthop-interface-name Name of the Cloud-Native Router interface which should be used as the next-hop by the AWS VPC route table when this instance of the Cloud-Native Router is VRRP master.
vpc-table-tag A freeform tag applied to the VPC route table in AWS to which the prefixes should be copied.

Apply jcnr-aws-config.yaml to the cluster before installing JCNR. The Cloud-Native Router CNI deployer renders the cRPD configuration based on the ConfigMap.

Note:

When not using VRRP, provide an empty list as the data for aws-rttable-map.json.

Port Requirements

Juniper Cloud-Native Router listens on certain TCP and UDP ports. This section lists the port requirements for the cloud-native router.

Table 5: Cloud-Native Router Listening Ports
Protocol Port Description
TCP 8085 vRouter introspect–Used to gain internal statistical information about vRouter
TCP 8070 Telemetry Information- Used to see telemetry data from the Cloud-Native Router vRouter
TCP 8072 Telemetry Information-Used to see telemetry data from Cloud-Native Router control plane
TCP 8075, 8076 Telemetry Information- Used for gNMI requests
TCP 9091 vRouter health check–cloud-native router checks to ensure the vRouter agent is running.
TCP 9092 vRouter health check–cloud-native router checks to ensure the vRouter DPDK is running.
TCP 50052 gRPC port–Cloud-Native Router listens on both IPv4 and IPv6
TCP 8081 Cloud-Native Router Deployer Port
TCP 24 cRPD SSH
TCP 830 cRPD NETCONF
TCP 666 rpd
TCP 1883 Mosquito mqtt–Publish/subscribe messaging utility
TCP 9500 agentd on cRPD
TCP 21883 na-mqttd

TCP

50053

Default gNMI port that listens to the client subscription request

TCP 51051 jsd on cRPD
UDP 50055 Syslog-NG

Download Options

To deploy Cloud-Native Router on an EKS cluster, you can either download the Helm charts from the Juniper Networks software download site (see Cloud-Native Router Software Download Packages) or subscribe via the AWS Marketplace.

Note: Before deploying Cloud-Native Router on an EKS cluster via Helm charts downloaded from the Juniper Networks software download site, you must whitelist the https://enterprise.hub.juniper.net URL as the Cloud-Native Router image repository.

Cloud-Native Router Licensing

You can purchase BYOL licenses for the Juniper Cloud-Native Router software through your Juniper Account Team.

For information on BYOL licenses, see Manage Cloud-Native Router Licenses.