New Features
This section highlights the key features introduced in CN2 Release 23.1. A brief description of each new feature follows.
CN2 on Amazon EKS
-
Multi-cluster CN2—CN2 Release 23.1 supports multi-cluster CN2 on Amazon EKS. In a multi-cluster CN2 deployment, the central cluster provides the networking and CNI for the distributed workload clusters.
-
VPC to CN2 Communication in AWS EKS—Starting in CN2 Release 23.1, you can access a Kubernetes workload from an AWS VPC. Release 23.1 introduces a gateway service instance (GSI), which is a collection of Amazon Web Service (AWS) and Kubernetes resources that work together to seamlessly interconnect CN2 with VPC and external networks.
CN2 on OpenShift
-
OpenShift 4.12—CN2 Release 23.1 supports OpenShift 4.12.
See Upgrade OpenShift.
CN2 Apstra Integration
-
Extend Virtual Networks to Apstra—Starting in CN2 Release 23.1, you can extend virtual networks from your Kubernetes cluster to the data center fabric managed by Apstra
Configure Kubernetes
-
Pod Scheduling—CN2 23.1 supports network-aware pod scheduling using
contrail-scheduler
. This feature enhances the Kubernetes pod scheduler with plugins that analyze the network metrics of a node before scheduling pods.See Pod Scheduling.
Security
-
Namespace Security Policies—Starting in Release 23.1, CN2 supports Namespace security policies. Namespace security policies allows you to define polices from a source endpoint to a destination endpoint within a namespace, or to an external IP address.
See Security Policies.
Advanced Virtual Networking
-
Customize Virtual Networks for Pod Deployments, Services, and Namespaces—Starting in CN2 Release 23.1, you can apply a custom default network for pod Deployments, services, and namespaces. Pods and services that use a custom network are isolated from other networks. This feature also supports environments with Multus CNI enabled.
See Customize Virtual Networks for Pod Deployments, Services, and Namespaces.
-
EVPN Networking—CN2 Release 23.1 supports EVPN-VXLAN Networking using Type 5 routes. The Type 5 route, also called the IP prefix route, enables inter-virtual network connectivity in CN2.
See EVPN Networking.
-
Static Routes—Starting in CN2 23.1, you can configure static routes for your cluster. This release introduces
RouteTable
andInterfaceRouteTable
CRs that configure static routes for a virtual network or VMI.See Static Routes.
-
IPv4 and IPv6 Dual-Stack Networking—CN2 Release 23.1 supports dual-stack networking for services. Release 22.4 supported dual-stack networking for pods, but 23.1 enables you to assign IP addresses to services from an IPv4 or IPv6 network.
Services
-
Floating IP/DNAT for IPv6 Addresses— CN2 23.1 supports floating IP (DNAT) functionality for IPv6 addresses. Your back-end pod VMIs are mapped to an IPv6 floating IP. The vRouter performs DNAT and routes traffic to the next hop, or the translated destination address (back end pod VMI) from external networks to your back-end pod VMIs.