Enable VLAN Subinterface Support on Virtual Interfaces
SUMMARY Virtualized Network Function (VNF) and Containerized Network Function (CNF) workloads often require multiple virtual network services on a single interface. Cloud-Native Contrail® Networking™ supports VLAN subinterfaces on virtual interfaces.
VLAN Subinterface Overview
A VLAN subinterface is a logical division of a virtual (or physical) interface at the network level. VLAN subinterfaces are Layer 3 interfaces that receive and forward 802.1Q VLAN tags. You can assign multiple VLAN tags to a single virtual interface. When a packet arrives at that interface, the packet's associated VLAN tags designate which VLAN the packet routes to. You can use VLAN subinterfaces to route traffic to multiple VLANs for your services.
API Changes
This section provides information about API calls that occur when configuring a VLAN subinterface.
When configuring VLAN subinterfaces in Cloud-Native Contrail Networking, Kubernetes updates
the VirtualMachineInterface
field with new properties
, or
VLAN tags. After an update occurs, the VirtualMachineInterface
object
references other VirtualMachineInterface
objects based on existing VLAN
tags.
Cloud-Native Contrail Networking defines the properties
field from
Contrail Classic as virtualMachineInterfaceProperties
.
Network Definition Changes
This section provides information about the network definition enhancements necessary when creating a subinterface for a virtual interface within a pod.
In kube-manager
, the PodController
watching for pod
events reads the network definition applied to it. Kube-manager
parses each
network selection element and creates an associated VMI (virtual machine interface). Parent
VMIs are the network elements with only the
net.juniper.contrail.interfacegroup
tag attached in the YAML file.
Subinterfaces are the network elements with the
net.juniper.contrail.interfacegroup
and
net.juniper.contrail.vlan
tags attached in the YAML file.
The following two tags enhance the network definition in the cni-args
section:
-
net.juniper.contrail.interfacegroup
-
Interface Group groups two or more interfaces.
-
The parent interface is the network selection element associated with only this tag.
-
The subinterface is the network selection element associated with this tag and a VLAN tag.
-
net.juniper.contrail.vlan
-
Specifies the VLANID on the subinterface.
-
A VLAN subinterface belongs to its parent interface. Users must specify the namespace to which the subinterface attaches. Consider the following example:
Example 1
apiVersion: v1 kind: Pod metadata: name: my-pod namespace: my-namespace annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "parent-vn", "namespace": "vn-ns", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1"} ... }, { "name": "subitf-vn", "namespace": "vn-ns", "cni-args": { "net.juniper.contrail.vlan": 100, "net.juniper.contrail.interfacegroup": "eth1"}, ... }, ...
Example 1 shows specified pod annotations for cni-args
. This example
configuration creates the following three VMIs and three IIPs (interface IPs) within the
pod:
-
VMI, IIP for eth0 on default pod network
-
VMI, IIP for eth1 on
parent-vn
(parent interface) -
VMI, IIP for eth1.100 on
subitf-vn
(subinterface)
Configuration Use Cases
This section provides examples of different valid and invalid parent and subinterface configurations.
Valid Configurations
Valid Configuration 1: One Parent, One Subinterface:
Valid Configuration 2: One Parent, Multiple Subinterfaces:
Valid Configuration 3: Multiple Parents, Multiple Subinterfaces:
Invalid Configurations
Invalid Configuration 1: Multiple Interfaces on Same Network:
Invalid Configuration 2: Two Interfaces with Same interfacegroup but no VLAN
Valid Configuration 1: One Parent, One Subinterface:
apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "vlan-parent-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "100", "net.juniper.contrail.interfacegroup": "eth1" } }, ...
Valid Configuration 2: One Parent, Multiple Subinterfaces:
apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "vlan-parent-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn2", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "200", "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "100", "net.juniper.contrail.interfacegroup": "eth1" } } ]
Valid Configuration 3: Multiple Parents, Multiple Subinterfaces:
apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "vlan-parent-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn2", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "200", "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "100", "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vlan-subintf-vn4", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "100", "net.juniper.contrail.interfacegroup": "eth2" } }, { "name": "vlan-subintf-vn3", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth2" } } ]
Invalid Configuration 1: Multiple Interfaces on Same Network:
apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "vn1", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vn1", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.vlan": "200", "net.juniper.contrail.interfacegroup": "eth1" } }, ]
Invalid Configuration 2: Two Interfaces with Same interfacegroup
but
no VLAN
apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { "name": "vn1", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, { "name": "vn2", "namespace": "vlan-project", "cni-args": { "net.juniper.contrail.interfacegroup": "eth1" } }, ]