Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


What's New

Learn about new features introduced in CN2 Release 23.3.

CN2 on OpenShift

  • Advanced Cluster Management (ACM) — Starting with Release 23.3, you have the option of installing CN2 using Advanced Cluster Management. ACM consists of a hub cluster that provides centralized control of managed clusters. After you set up the hub cluster, you use ACM to install or import the CN2 clusters that you want to manage.

    See Install Using Advanced Cluster Management.

  • Single Node OpenShift — Starting with Release 23.3, CN2 can run on a single node OpenShift deployment. A single node OpenShift deployment consists of a single node that runs both the control plane and the workloads.

    See Install Single Node OpenShift.

  • Seamless User Management — Starting with Release 23.3, you can configure CN2 to use the Dex OpenShift connector for authentication of CN2 Web UI users. With this option, OCP users can access the CN2 Web UI seamlessly without further configuration.

    See Configure User Management.

Advanced Virtual Networking

  • Subinterface Support with Multus—Starting with Release 23.3, CN2 supports multiple network subinterfaces using the Multus "meta" plugin. The "meta" references the Multus multi-vendor support. To configure subinterfaces on pods, use the network definition tags and in the annotations cni-args section of the YAML.

    See Subinterface Support with Multus.

  • Immutable IP Address—Starting in CN2 Release 23.3, an immutable IP address for the vhost0 interface is supported. No user configuration is required for this behavior change.

Configure Services

  • Support Color Communities in CN2—Starting with CN2 Release 23.3, BGP color extended communities are supported. CN2 supports configuration of a color extended community using color:0:<tag> or color:<tag> versus the hexadecimal value. Color communities are attached to the routes using routing policies.

    See Configure BGP Color Extended Communities.

Configure eBPF

  • eBPF Kernel Data Plane (Tech Preview)—Starting in CN2 Release 23.3, CN2 supports an extended Berkeley Packet Filter (eBPF) data plane for the Linux kernel. An eBPF-based data plane enables programs to be loaded into the kernel for high-performance applications.

    See eBPF Kernel Data Plane (Tech Preview).

CN2 Security

  • Routing Policies—Starting in CN2 Release 23.3, you can apply dynamic routing policies to network traffic. Routing Policies modify a route's path and attributes dynamically. With release 23.3, the manipulation and filtering of routes is more granular.

    See Routing Policies.

  • Enable Namespace Isolation by Default—Starting in CN2 Release 23.3, a default tag for isolated namespaces is supported. With CN2, you can enable a cluster to create isolated namespaces by default.

    See Enable Namespace Isolation by Default.

  • Global Security Policy—Starting in CN2 Release 23.3, the selectors field for global Contrail security policies is supported. The selectors field is a combination of the podSelector and namespaceSelector fields. Global Contrail security policies define allow and deny rules for ingress and egress traffic between workloads (pods) across clusters.

    See Global Security Policy.