Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Deploying Contrail Multicloud with Contrail Command

Note:

The Infrastructure: Multicloud tab was removed from Contrail Command in Contrail Networking Releases 1912.L1 and 2008. The Infrastructure: Multicloud tab remains available in all other Contrail Networking Release 19 releases and Contrail Networking Release 20 releases through Release 2005.

All functionality provided within the Infrastructure: Multicloud tab in Contrail Command is available for evaluation purposes only. This functionality is not intended for deployment in production networks.

You can provision Contrail Multicloud with the Contrail Command UI.

Contrail supports provisioning of Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

Multicloud gateway (MC-GW) node interconnects different Virtual Private Cloud (VPC)/Virtual Networks (VNets) in cloud. Additionally, MC-GW extends on-premise resources to cloud.

This topic provides steps to configure Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) with the Contrail Command UI.

Prerequisites:

  • Contrail Multicloud is currently supported for deployments using Kubernetes as the orchestration platform only. See Installing Standalone Kubernetes Contrail Cluster using the Contrail Command UI.

  • All the on-premise nodes except the management IPs must have private IPs.

  • It is recommended to add static routes on all the control nodes towards the private subnets on the cloud.

  • Control nodes and compute nodes must be on the same subnet and MC-GW must be on a different subnet.

  • MC-GW node must be provisioned on RHEL 7.7.

  • Compute nodes on the public cloud must be provisioned on RHEL 7.7.

  • Instance type:

    • Azure—Standard_F2.

    • AWS—c4.xlarge or t2.xlarge.

    • Google Cloud Platform(GCP)—n1-standard-2

  • Red Hat subscription with enabled packages must be available for on-premise MC-GW nodes.

  • Time must be synchronized on all the nodes with NTP.

  • contrail-command node must have connectivity to ToRs.

  • You must enable NETCONF on ToRs connected to the on-premise MC-GW nodes.

  • You must configure IPTABLES on the on-premise MC-GW nodes with INPUT and FORWARD and default ACCEPT policy.

  • For Azure deployment, you must have subscription and resource group.

    For details, refer to Creating a Resource Group.

  • For provisioning Microsoft Azure with Contrail Command, you must have Azure account. For details, refer to https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/.

    For provisioning Amazon Web Services (AWS) with Contrail Command, you must have AWS account. For details, refer to https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/.

  • For provisioning Google Cloud Platform (GCP) with Contrail Command, you must have a GCP account. For details, see Creating and managing service accounts within the Cloud Identity and Access Management documentation for GCP.

Sample Topology:

Network architecture for a multicloud environment using Juniper Networks Contrail Multicloud Gateway and AWS. Shows Contrail-enabled Enterprise Cloud, Contrail Multicloud Gateway, AWS Device for Data Center, SSL and IPsec Tunnels, AWS Cloud, VPC, Contrail vRouter, and Docker. Demonstrates secure connectivity and integration between enterprise cloud and AWS.

Deploying Microsoft Azure with Contrail Command

To provision Microsoft Azure:

  1. Login to the desired cluster from the Contrail Command UI.

    • Select the desired cluster from the Selected Cluster drop down list.

    • Enter the Username and Password for the cluster.

  2. Click Multi Cloud.
  3. Click Add.
    1. Select Azure from the drop down list of Type of Cloud.

      Enter Cloud Name and Organization Name.

      Click Expand All

      Creating Azure cloud configuration in Contrail Command; Cloud: srecloud, Organization: Juniper, Region: WestUS, Resource Group: scaleTest.
    2. Enter the required details including Cloud Name, Region Details, VNET Details, Security Groups, Instances.

      Enter the Resource Group which was created earlier by following Creating a Resource Group procedure.

      Cloud management interface for creating cloud configuration in Multi Cloud. Region: WestUS, Resource Group: scaleTest, VNET: vnet1, CIDR: 172.16.1.0/24, Subnet CIDR: 172.16.1.0/25, Zone: 1.Configuration interface for Security Groups in a cloud environment, allowing all inbound and outbound traffic from any IP and protocol.

      Add Subnet for Compute node and Controller node.

      Add Subnet for on-premise gateway nodes.

      User interface for configuring cloud infrastructure in Contrail Command's Multi Cloud section. Options to set instance name, role, subnet, type, and OS. Navigation and action buttons included.

      Keypair Name and SSH Key Directory Path are not required for Azure deployment. Azure generates these values in the back-end.

    3. Click Create.

    You can access the logs at logs/var/log/contrail/cloud.log on the Contrail Command server.

  4. Click Multi Cloud.

    You must see your multi clouds listed here with the Status as color Green.

    Contrail Command interface showing Multi Cloud under Infrastructure menu, with onecloud entry for Juniper as Public. Options to search, refresh, and add entries. Sidebar includes Servers, Cluster, Fabrics, Multi Cloud, Networks.
  5. Click Servers.
    1. Click Create.

      1. Enter the required details for the on-premise gateway nodes.

        Screenshot of Juniper's Contrail Command server creation interface showing navigation menu with options like Servers and Networks. Main section includes server setup modes, hostname b7s12, management IP 10.84.29.16, interface eth0, credential dropdown, MAC address field, disk partitions vda and vdb. Network interface named ens2f1 with IP 192.168.2.16. Create and Cancel buttons are at the bottom. Top bar shows tool name and navigation options.

      2. Click Create.

    You can access the logs at logs/var/log/contrail/cloud.log.

  6. Click Cluster.
    1. Click Subcluster.
    2. Click Add Subcluster.
    3. Click Add Existing VPC.
      Contrail Command dashboard showing selected Subclusters tab with no data and options to add a subcluster or VPC.

      1. Add the required details.

      2. Select the created Azure cloud from the drop down list of Select Existing Cloud.

      3. The Public MultiCloud GW Role must be the name of the earlier created Azure GW.

        From the drop down list, select User Credentials of the on-premise private cloud.

        Add to Cluster interface for cloud management, including fields for cluster name, existing cloud selection, user credentials, BFD settings, private subnets, VPN configuration, public and private multi-cloud gateway roles, BGP peer table, and create and cancel buttons.

      4. Check the deployment logs at /var/log/contrail/cloud.log and /var/log/contrail/deploy.log on the Contrail Command server.

      5. Click Create.

    You can access the logs at logs/var/log/contrail/cloud.log and logs/var/log/contrail/deploy.log on the Contrail Command server.

Deploying Amazon Web Services with Contrail Command

To provision Amazon Web Services (AWS):

  1. Login to the desired cluster from the Contrail Command UI.

    • Select the desired cluster from the Selected Cluster drop down list.

    • Enter the Username and Password for the cluster.

  2. Click Multi Cloud.
  3. Click Add.
    1. Select AWS from the drop down list of Type of Cloud.
    2. Enter the required details including SSH User, Cloud Name, AWS Credentials, Region Details, VPC Details, Security Groups, Instances.
      AWS cloud management interface for configuring a cloud environment. Fields: AWS provider, Cloud Name, Organization Name, SSH details, AWS credentials, region us-west-2, VPC configurations, security rules, instance settings. Options to create or cancel setup.
    3. Click Create.
  4. Assign private Multicloud Gateway nodes.
  5. Add Gateways BGP Peer.
  6. Click Multi Cloud.

    You must see your multi clouds listed here with the Status as color Green.

    Contrail Command interface showing Multi Cloud under Infrastructure menu, with onecloud entry for Juniper as Public. Options to search, refresh, and add entries. Sidebar includes Servers, Cluster, Fabrics, Multi Cloud, Networks.
  7. Click Cluster.
    1. Click Subcluster.
    2. Click Add Subcluster.
    3. Click Add Existing VPC.
      Contrail Command dashboard showing selected Subclusters tab with no data and options to add a subcluster or VPC.

      1. Add the required details.

        Control Command interface for cluster setup in cloud management system with fields for Cluster Name, Cloud Details, BFD Settings, Subnets, Routing Settings, MultiCloud Gateway, Gateway BGP Peer, and Create or Cancel buttons.

      2. Select the created AWS cloud from the drop down list of Select Existing Cloud

      3. The Public MultiCloud GW Role must be the name of the earlier created AWS GW.

      4. Click Create.

Deploying Google Cloud Platform (GCP) with Contrail Command

Starting with Contrail Networking Release 1911, you can provision Google Cloud Platform (GCP) cloud networks within Contrail Command.

To provision Google Cloud Platform (GCP):

  1. Login to the desired cluster from the Contrail Command UI.

    • Select the desired cluster from the Selected Cluster drop down list.

    • Enter the Username and Password for the cluster.

  2. Click Multi Cloud.
  3. Click Create.
    Contrail Command interface showing empty Multi Cloud tab under Infrastructure with options like Servers, Cluster, and a Create button.
  4. Select GCP from the Type of Cloud dropdown list.
  5. Enter a Cloud Name, Organization Name, Version ID, and Project:
  6. Upload the GCP credentials file (google-account.json).

    GCP credentials files are created from Google Cloud. See Creating and managing service account keys in the Cloud Identity and Access Management documentation for the Google Cloud Platform.

    Contrail Command web interface screenshot for configuring a Google Cloud Platform cloud in Multi Cloud section under INFRASTRUCTURE category.
  7. Enter required Region Details and VPC Details.
    Configuring network settings form with region us-central1, VPC vpc-gcp-test, CIDR block 172.16.81.149/2, private subnet subnet-test, and availability zone a. Option to add more subnets.
  8. Enter required Firewall Rules, and Instances. One instance must include the Gateway role.
    Firewall configuration interface displaying rules for egress and ingress traffic; gateway node instance setup with RedHat OS, 20 GB storage, in subnet 172.16.81.149/2.
  9. Click Create.
  10. You are returned to the main Multi Cloud page after the GCP instance is created. Click Multi Cloud if you are not moved to this page.

    Confirm that your GCP instance is created and that the Status is Green.

    Dashboard showing multi-cloud infrastructure management with a table listing active GCP resource for Juniper and a Create button.
  11. Click Cluster.
  12. Click Subcluster.
    Contrail Command UI showing Subclusters tab with no data. Options for Servers, Cluster, Multi Cloud, Networks, and Jobs on left sidebar. Admin user displayed.
  13. Click Add Subclusters.
  14. Click Add Existing VPC.
    UI for managing infrastructure's Cluster section with navigation bar, empty Subclusters table, and buttons for Cluster Import, Advanced Options, and Add Subcluster.
  15. Add the required details.
  16. Select the created GCP cloud from the Select Existing Cloud drop-down list.
  17. Upload the GCP credentials file (google-account.json).

    GCP credentials files are created from Google Cloud. See Creating and managing service account keys in the Cloud Identity and Access Management documentation for the Google Cloud Platform.

    Cloud credentials configuration interface for AWS, Azure, and GCP with name field, dropdowns, and credential input options.
  18. The Public MultiCloud GW Role must be the name of the earlier created GCP GW.
    Configuration interface for MultiCloud Gateway setup including public and private roles, BFD settings, OnPrem subnets, and additional settings.

Related Documentation

Release History Table
Release
Description
1911
Starting with Contrail Networking Release 1911, you can provision Google Cloud Platform (GCP) cloud networks within Contrail Command.