Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Contrail Node Roles, Processes, and Ports

This section describes processes that run on various Contrail nodes and the ports used by those processes.

Processes in Logical Roles and Nodes

The following are the processes in each of the logical roles or nodes in Contrail.

Node

Processes

OpenStack node

This node runs non-Neutron OpenStack services, such as nova-api, nova-scheduler, nova-conductor, glance-api, and the like.

Database node

Every instance of a database node runs the following processes:

  • Cassandra

  • Zookeeper

Config node

Every instance of a config node runs the following processes:

  • neutron-server

  • contrail-api

  • ifmap

  • contrail-schema

  • contrail-svc-monitor

  • rabbitmq-server (optionally, this can be located on an external sever)

  • contrail-vcenter-plugin (optional)

Control node

Every instance of a control node runs the following processes:

  • control-node

  • contrail-dns

  • contrail-named

Compute node

Every instance of a compute node runs the following processes:

  • nova-compute

  • contrail-vrouter-agent

  • contrail-tor-agent instances are run on a need basis, one instance per ToR, to manage TORs via OVS.

Analytics node

Every instance of an analytics node runs the following processes:

  • contrail-collector

  • contrail-analytics-api

  • contrail-query-engine .

  • contrail-snmp-collector

  • contrail-topology

Web UI node

Every instance of a Web UI node runs the following processes:

  • contrail-webui

  • contrail-webui-middleware

Roles and Ports

This section presents notes about processes and ports by roles and nodes.

OpenStack Role

Nova

API

  • Ports

    • 8773 - EC2 API

    • 8774 - OpenStack API

    • 8775 - Metadata port

nova-novncproxy

  • Ports

    • 5999

Cinder

  • Ports

    • 8776 - Cinder API

Glance

  • API

    • Ports

      • 9292 Glance API

  • Registry

    • Ports

      • 9191 - Glance API

Keystone

  • Ports

    • 5000 - tenant port

    • 35357 - administrative port

RabbitMQ

  • Ports

    • 5672

MySQL

  • Ports

    • 3306

Configuration Node

Neutron Server

The neutron-server process serves the Openstack Networking (Neutron) API. It connects to contrail-api server and uses that as the backend for serving neutron API. In works in Active/Active mode in multi-node deployments.

  • Service Name - neutron-server

    • Ports

      • 9696 - public port (HAproxy front end port)

      • 9697 - HAproxy back end port

API Server

The contrail-api process exposes a REST-based interface for Contrail API, and:

  • connects to Cassandra on database node(s) for persistence.

  • publishes to IFMAP server for consumption of config information by other nodes.

  • uses AMQP/rabbitmq to communicate with other API servers in multi-node deployment.

  • Service Name - contrail-api

    Ports

    • 8082 - public port, accessible with credentials in auth mode

    • 8095 - debug port, accessible only on localhost in auth mode

    • 8084 - HAproxy front end port

    • 9100 - HAporoxy back end port

IFMAP Server

The IFMAP server process acts as a bulletin board for pubsub (publish-subscribe) purposes. The contrail-control, contrail-schema, and contrail-svc-monitor connect to IFMAP server and act upon configuration change published from the API server.

  • Ports

    • 8443 - basic authentication port

Schema Transformer

The contrail-schema process listens to configuration changes done by user at higher-level constructs such as VirtualNetwork, and generates appropriate system configuration objects, lower-level construct such as RoutingInstance. The contrail-schema uses the REST interface of the API server to manipulate the system objects, and in multi-node deployments it works in Active/Backup mode.

  • Service Name - contrail-schema

    • Ports

      • 8087 - Introspect port

Service Monitor

The contrail-service-monitor process listens to configuration changes in service-template and service-instance, and in response, spawns and monitors virtual machines for services such as firewall, analyzer, and the like, using Nova API to spawn the virtual machines. In multi-node deployments it works in Active/Backup mode. The contrail-service-monitor process also syncs the Keystone tenants to Contrail, and the tenants appear in http://<controller-ip>:8082/projects.

  • Service Name - contrail-svc-monitor

    • Ports

      • 8088 - Introspect port

vCenter Plugin

The contrail-vcenter-plugin process integrates the Contrail controller with VMware vCenter as the orchestrator.

  • Service Name - contrail-vcenter-plugin

    • Ports

      • 8234 - HTTP Introspect port

Analytics Node

Analytics REST API Server

  • Service name - contrail-analytics-api

  • Ports

    • 8081 - public port

Collector

  • Service name - contrail-collector

  • Ports

    • 8086 - public port

Query Engine

  • Service name - contrail-query-engine

Contrail SNMP Collector

  • Service name - contrail-snmp-collector

Contrail Topology

  • Service name - contrail-topology

Redis Server

  • Service name - redis

Web UI Role

webui

  • Service name - contrail-webui

  • Ports

    • 8080 - http port redirects to https

    • 8143 - https port

webui middleware

  • Service name - contrail-webui-middleware

Redis Server

  • Service name - redis

Database Role

Cassandra

  • Service name - contrail-database

  • Ports

    • 9160 - thrift port

    • 9042 - Cassandra Query Language (CQL) native port

Zookeeper

  • Service name - zookeeper

  • Ports

    • 2181 - listen port

Control Role

control-node

  • Service name - contrail-control

  • Ports

    • 8083 - Introspect

    • 5269 - XMPP port

    • 5222 - TLS-based XMPP port

  • Service name - contrail-dns

  • Ports

    • 8092 - Introspect for DNS

    • 8093 - XMPP for DNS

vRouter Role

vRouter Agent

  • Service name - contrail-vrouter

  • Ports

    • 8085

    • 9090 - port for communication between vRouter agent and nova-compute

Contrail ToR Agent

The contrail-tor-agent process runs the OVSDB protocol between a ToR and Contrail. Each contrail-tor-agent manages a single ToR, and multiple contrail-tor-agents can run on a single node. Each contrail-tor-agent service name is suffixed by a unique instance-id.

By default, the introspect service for the contrail-tor-agent is run on port 9009 + instance-id. The default port can be overridden in the fab file.

  • Service name - contrail-tor-agent

  • Ports

    • 9009 + <instance id>