What's New
Learn about new features introduced in CN2 Release 23.2.
CN2 on Rancher RKE2
-
Starting in Release 23.2, CN2 is supported on a Rancher RKE2 cluster. See the Installation and Life Cycle Management Guide for Rancher RKE2.
CN2 on Upstream Kubernetes
-
Starting in Release 23.2, CN2 is supported on Kubernetes v1.26.
Configure Kubernetes
-
Priority Classes—Starting in Release 23.2, CN2 supports Priority Classes for critical CN2 components. CN2 introduces the
PriorityClass
object, which lets you map a priority, in the form of an integer value, to a priority class name. CN2's essential components use these default classes so thatkube-scheduler
prioritizes these pods for scheduling and resource allocation. -
Multi-Cluster Pod Scheduling—Starting in CN2 Release 23.2, CN2 supports network-aware pod scheduling for multi-cluster deployments. CN2 introduces the
MetricsConfig
controller and theCentralCollector
controller. These controllers reconcile and manage a custom metrics collector CR and a central collector CR. These custom resources enable thecontrail-scheduler
to schedule multi-cluster pods based on important network metrics.
Advanced Virtual Networking
-
Fast Convergence—Starting in Release 23.2, CN2 supports Fast Convergence. CN2 provides an SDN solution that offers network virtualization at the compute node-level through overlay networking. In an SDN, failures can occur in the overlay or in the underlay. The vRouter detects, rectifies, and propagates any failure to the gateways by using health checks. Fast convergence improves the convergence time in case of failures in a cluster managed by CN2.
-
Graceful Restart and Long-Lived Graceful Restart—Starting in Release 23.2, you can configure graceful restart and long-lived graceful restart (LLRG) in CN2. LLGR is a mechanism used to preserve routing details for a longer period of time in the event of a failed peer. Graceful restart and LLGR ensure that routes learnt are not immediately deleted and withdraw from advertised peers. Instead, the routes are kept and marked as stale. Consequently, if sessions come back up and routes are relearned, the overall impact to the network is minimized.
[See Configure Graceful Restart and Long-Lived Graceful Restart].
-
BFD Health Check for BGPaaS Sessions—Starting in CN2 Release 23.2, you can configure Bidirectional Forwarding and Detection (BFD) health check for BGP as a Service (BGPaaS) sessions. When you configure BFD health check, you associate the health check service with a BGPaaS object. This association triggers the establishment of BFD sessions to all BGPaaS neighbors for that service. If the BFD session goes down, the resulting BGPaaS session terminates and the routes are withdrawn.
-
Stickiness for Load-Balanced Flows—Starting in Release 23.2, CN2 supports flow stickiness. Flow stickiness helps minimize flow remapping across ECMP groups in a load-balanced system. Flow stickiness reduces the flow being remapped and retains the flow with the original path when the ECMP group's member change. When a flow is affected by a member change, the vRouter reprograms the flow table and rebalances the flow.
Analytics
- Extend TLS to Analytics—Starting in Release 23.2, you can enable TLS certificates for
analytics components in CN2. TLS is a security protocol used for certificate exchange,
mutual authentication, and negotiating ciphers to secure the stream from potential
tampering and eavesdropping. By default, the certificate and secrets for the control plane
and vRouter are automatically generated in Contrail certificate manager. When you install
the components with Helm, certificate manager automatically creates the certificates and
secrets needed for each analytic component.
[See Extend TLS Analytics].
-
Flow-based traffic mirroring—Starting in CN2 Release 23.2, CN2 can selectively mirror network traffic on the basis of flow when vRouter is in flow mode. This network traffic flow is specified by the security policy and is sent to the network analyzer that monitors and analyzes the data. The network analyzer is specified with
mirrorDestination
resource. It also supports themirrorDestination
resource present outside the cluster.If the security policy defines
SecondaryAction
at the rule level, then flows matching the rules withmirror destination
are mirrored.[See Flow-Based Mirroring].
CN2 Pipelines
CN2 Pipelines is a CI/CD tool to enable GitOps-based workflows to automate CN2 configuration, testing, and qualification. CN2 Pipelines runs alongside CN2 clusters starting with CN2 Release 23.1 (Tech Preview). In Release 23.2, CN2 Pipelines supports customer container network functions (CNFs), auto-generates bearer token for authentication, discovers cluster nodes dynamically and uses discovered data during test execution.