cSRX Pod With External Network
Understanding cSRX Pod with External Network
You can connect cSRX with external network with two additional interfaces. Both of those interfaces are attached into srxpfe and handled by FLOW.
cSRX can leverage Linux native CNI to connect to external network.
cSRX use Multus plugin to support multiple interfaces connect
to the external network. Applications which monitor network traffic
are directly connected to the physical network. You can use the macvlan
network driver to assign a MAC address to each container’s
virtual network interface, making it appear to be a physical network
interface directly connected to the physical network. In this case,
you need to designate a physical interface on your Docker host to
use for the macvlan
, as well as the subnet and gateway
of the macvlan
. You can even isolate your macvlan networks
using different physical network interfaces.
Connecting cSRX to External Network
macvlan
functions like a switch that is already
connected to the host interface. A host interface gets enslaved with
the virtual interfaces sharing the physical device but having distinct
MAC addresses. Since each macvlan interface has its own MAC address,
it makes it easy to use with existing DHCP servers already present
on the network.
To connect cSRX with external network using macvlan
:
Configuring Nodeport service for cSRX Pods
You can deploy cSRX with Nodeport service type. All the traffic will be forward to worker node by Kubernetes in the external network.
To create a NodePort service: