Contrail underlay and overlay correlation

1. Overview
The cloud data centers are built with large collection of interconnected servers that provide computing and/or storage capacity to run various applications. Servers are connected with redundant ToR switches, which are connected to spine routers. Multiple tenants usually share the cloud deployment. Each tenant needs multiple isolated networks, which is provided by overlay networks by forming tunnels (gre/ip-in-ip/mac-in-mac) over the underlay or physical connectivity. As data flows in the overlay network, we want to provide statistics and visualization of such traffic in the underlay network.

Some of the applications that are relevant to this feature are listed in this section.
1.1 Topology view of the underlay network
Provide a view of the physical underlay network and the connected servers. The feature should support both the current snapshot of the topology, and a historical view.

1.2 View the underlay path of an overlay flow
Given an overlay flow, get the underlay path used for that flow and map the path in the topology view.

Also show where there are drops or high utilization on the interfaces in the above paths.

1.3 Given tunnel endpoints, show the underlay path
Use SIP and DIP together to look at path followed by a given tunnel between 2 vrouters, and show the same in the topology view.

Also show where there are drops or high utilization on the interfaces in the above paths.

1.4 Given a physical interface, find all tunnels
Find all tunnels (SIP/DIP combinations) that traverse through a given interface on a given prouter.

3 External Interfaces
3.1 New daemons/services
contrail-snmp-collector and contrail-topology are the new daemons and services that are added to contrail-analytics node. contrail-analytics package will carry these daemons and associate files. contrail-status will display these new services.
root@a7s37:~# contrail-status
== Contrail Control ==
supervisor-control: active
contrail-control active
…

== Contrail Analytics ==
supervisor-analytics: active
…
contrail-query-engine active
contrail-snmp-collector active
contrail-topology active

service command can be used to start/stop/restart these services.

root@a7s37:~# service contrail-snmp-collector status
contrail-snmp-collector RUNNING pid 12179, uptime 1 day, 14:59:11

3.2 Setting up
Typical physical topology will have
• servers connected to the TOR switches
• TOR switches connected to Spine switches, and
• Spine switches connected to Core switches

3.2.1 SNMP Configuration
On the physical routers, snmp should be configured so the contrail-snmp-collector can read snmp data. An example configuration from a Juniper router is as follows.

set snmp community public authorization read-only

3.2.2 LLDP Configuration
lldp also needs to be configured on the physical router, so the contrail-snmp-collector can read the neighbor information of the routers. An example configuration of lldp from a Juniper router is as follows.

set protocols lldp interface all
set protocols lldp-med interface all

3.2.3 IPFix/SFlow configuration

Flow samples need to be sent to the contrail-collector by the physical routers. Today contrail-collector supports SFlow and IPFix protocols to receive flow samples. The physical routers need to be configured to send samples using either of the SFlow or IPFix protocols.

Sample sflow configuration is as below

root@a7-ex3> show configuration protocols sflow | display set
set protocols sflow polling-interval 0
set protocols sflow sample-rate ingress 10
set protocols sflow source-ip 10.84.63.114
set protocols sflow collector 10.84.63.130 udp-port 6343
set protocols sflow interfaces ge-0/0/0.0
set protocols sflow interfaces ge-0/0/1.0
set protocols sflow interfaces ge-0/0/2.0
set protocols sflow interfaces ge-0/0/3.0
set protocols sflow interfaces ge-0/0/4.0

Sample IPFix configuration is as below

root@a7-mx80-1> show configuration chassis | display set
set chassis tfeb slot 0 sampling-instance sample-ins1
set chassis network-services all-ethernet

root@a7-mx80-1> show configuration chassis tfeb | display set
set chassis tfeb slot 0 sampling-instance sample-ins1

root@a7-mx80-1> show configuration services flow-monitoring | display set
set services flow-monitoring version-ipfix template t1 flow-active-timeout 30
set services flow-monitoring version-ipfix template t1 flow-inactive-timeout 30
set services flow-monitoring version-ipfix template t1 template-refresh-rate packets 10
set services flow-monitoring version-ipfix template t1 ipv4-template

root@a7-mx80-1> show configuration interfaces | display set | match sampling
set interfaces ge-1/0/0 unit 0 family inet sampling input
set interfaces ge-1/0/1 unit 0 family inet sampling input

root@a7-mx80-1> show configuration forwarding-options sampling | display set
set forwarding-options sampling instance sample-ins1 input rate 1
set forwarding-options sampling instance sample-ins1 family inet output flow-server 10.84.63.130 port 4739
set forwarding-options sampling instance sample-ins1 family inet output flow-server 10.84.63.130 version-ipfix template t1
set forwarding-options sampling instance sample-ins1 family inet output inline-jflow source-address 10.84.27.41

3.5 PRouter UVE
PRouter UVEs are accessed from the contrail-analytics-api using the following REST API
http://<ip>:8081/analytics/uves/prouters

Sample output is as follows:
[
    {
        "href": "http://localhost:8081/analytics/uves/prouter/a7-mx80-1?flat",
        "name": "a7-mx80-1"
    },
    ...
    {
        "href": "http://localhost:8081/analytics/uves/prouter/a7-ex2?flat",
        "name": "a7-ex3"
    },
    {
        "href": "http://localhost:8081/analytics/uves/prouter/a7-qfx3?flat",
        "name": "a7-qfx3"
    }
]

Details of a PRouter UVE is obtained using the following link and sample output is given below.

http://<ip>:8081/analytics/uves/prouter/a7-ex3?flat

{
    "PRouterEntry": {
        "arpTable": [
            {
                "ip": "128.0.0.1",
                "localIfIndex": 38,
                "mac": "00:0b:ca:fe:00:00"
            },
            {
                "ip": "128.0.0.16",
                "localIfIndex": 38,
                "mac": "00:0b:ca:fe:00:00"
            },
            {
                "ip": "128.0.0.32",
                "localIfIndex": 38,
                "mac": "00:0b:ca:fe:00:00"
...