Enable VLAN Subinterface Support on Virtual Interfaces

https://www.juniper.net/documentation/us/en/software/cn-cloud-native22/cn-cloud-native-feature-guide/cn-cloud-native-network-feature/topics/concept/cn-cloud-native-vlan-subinterfaces.html

15-Aug-22 arrow_backward arrow_forward

SUMMARY Virtualised Network Function (VNF) and Containerised Network Function (CNF) workloads often require multiple virtual network services on a single interface. Cloud-Native Contrail® Networking™ supports VLAN subinterfaces on virtual interfaces. VLAN Subinterface Overview

A VLAN subinterface is a logical division of a virtual (or physical) interface at the network level. VLAN subinterfaces are Layer 3 interfaces that receive and forward 802.1Q VLAN tags. You can assign multiple VLAN tags to a single virtual interface. When a packet arrives at that interface, the packet’s associated VLAN tags designate which VLAN the packet routes to. You can use VLAN subinterfaces to route traffic to multiple VLANs for your services. API Changes

This section provides information about API calls that occur when configuring a VLAN subinterface.

When configuring VLAN subinterfaces in Cloud-Native Contrail Networking, Kubernetes updates the VirtualMachineInterface field with new properties, or VLAN tags. After an update occurs, the VirtualMachineInterface object references other VirtualMachineInterface objects based on existing VLAN tags. Note:

Cloud-Native Contrail Networking defines the properties field from Contrail Classic as virtualMachineInterfaceProperties. Network Definition Changes

This section provides information about the network definition enhancements necessary when creating a subinterface for a virtual interface within a pod.

In kube-manager, the PodController watching for pod events reads the network definition applied to it. Kube-manager parses each network selection element and creates an associated VMI (virtual machine interface). Parent VMIs are the network elements with only the net.juniper.contrail.interfacegroup tag attached in the YAML file. Subinterfaces are the network elements with the net.juniper.contrail.interfacegroup and net.juniper.contrail.vlan tags attached in the YAML file.

The following two tags enhance the network definition in the cni-args section:

net.juniper.contrail.interfacegroup

    Interface Group groups two or more interfaces.

    The parent interface is the network selection element associated with only this tag.

    The subinterface is the network selection element associated with this tag and a VLAN tag.
net.juniper.contrail.vlan

    Specifies the VLANID on the subinterface.

A VLAN subinterface belongs to its parent interface. Users must specify the namespace to which the subinterface attaches. Consider the following example:

Example 1 content_copy zoom_out_map

apiVersion: v1 kind: Pod metadata: name: my-pod namespace: my-namespace annotations: k8s.v1.cni.cncf.io/networks: | [ { “name”: “parent-vn”, “namespace”: “vn-ns”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth1”} … }, { “name”: “subitf-vn”, “namespace”: “vn-ns”, “cni-args”: { “net.juniper.contrail.vlan”: 100, “net.juniper.contrail.interfacegroup”: “eth1”}, … }, …

Example 1 shows specified pod annotations for cni-args. This example configuration creates the following three VMIs and three IIPs (interface IPs) within the pod:

VMI, IIP for eth0 on default pod network

VMI, IIP for eth1 on parent-vn (parent interface)

VMI, IIP for eth1.100 on subitf-vn (subinterface)

Configuration Use Cases

This section provides examples of different valid and invalid parent and subinterface configurations.

Valid Configurations

Valid Configuration 1: One Parent, One Subinterface:

Valid Configuration 2: One Parent, Multiple Subinterfaces:

Valid Configuration 3: Multiple Parents, Multiple Subinterfaces:

Invalid Configurations

Invalid Configuration 1: Multiple Interfaces on Same Network:

Invalid Configuration 2: Two Interfaces with Same interfacegroup but no VLAN Valid Configuration 1: One Parent, One Subinterface: content_copy zoom_out_map

Show more Valid Configuration 2: One Parent, Multiple Subinterfaces: content_copy zoom_out_map

Show more Valid Configuration 3: Multiple Parents, Multiple Subinterfaces: content_copy zoom_out_map

apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { “name”: “vlan-parent-vn”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth1” } }, { “name”: “vlan-subintf-vn2”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.vlan”: “200”, “net.juniper.contrail.interfacegroup”: “eth1” } }, { “name”: “vlan-subintf-vn”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.vlan”: “100”, “net.juniper.contrail.interfacegroup”: “eth1” } }, { “name”: “vlan-subintf-vn4”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.vlan”: “100”, “net.juniper.contrail.interfacegroup”: “eth2” } }, { “name”: “vlan-subintf-vn3”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth2” } } ]

Show more Invalid Configuration 1: Multiple Interfaces on Same Network: content_copy zoom_out_map

apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { “name”: “vn1”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth1” } }, { “name”: “vn1”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.vlan”: “200”, “net.juniper.contrail.interfacegroup”: “eth1” } }, ]

Show more Invalid Configuration 2: Two Interfaces with Same interfacegroup but no VLAN content_copy zoom_out_map

apiVersion: v1 kind: Pod metadata: name: vlan100-0 namespace: vlan-project annotations: k8s.v1.cni.cncf.io/networks: | [ { “name”: “vn1”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth1” } }, { “name”: “vn2”, “namespace”: “vlan-project”, “cni-args”: { “net.juniper.contrail.interfacegroup”: “eth1” } }, ]