How to Configure Agent Networking to Support Full IP Domain Isolation
- 27 Nov 2023
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
How to Configure Agent Networking to Support Full IP Domain Isolation
- Updated on 27 Nov 2023
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
The main purpose of IP domain isolation is to make sure every container running on the same host has the same IP configuration. This ensures the deployment is simple to understand.
The diagram below illustrates how each TWAMP Session over L3VPN uses the same IP configuration (IP source/destination, reflector port is the same for each reflector side). The only differentiator will be the VLAN.
The diagram also shows a deployment example of two companion computes with three Sensor-Agents each. Every Sensor agent is responsible for a client VLAN, and each of these VLANs are an L3VPN.
Agent (Networking : NAT Management + Trunk 802.1q MACVLAN over Namespace)
This deployment assumes there is a main network card where you will create a VLAN interface and that the host operating system is Debian/ubuntu.
Pre-requisites:
#base tool installation
#make sure kernel 4.15.15 and up is installed
sudo apt-get install iproute2 docker.io net-tools
- Base tool installation
- Ensure kernel 4.15.15 and up is installed
- sudo apt-get install iproute2 docker.io net-tools
Step 1: Host Networking Creation
The following script commands will create a Network namespace with a VLAN interface for VLAN 10.
Note: The interface name and VLAN can be changed to fit the need of your environment.
#Using docker command environment to create stack interface vlan10 over eth0
docker network create -d macvlan -o parent=eth0.10 -o macvlan_type=vepa vlan10
#Creating vlan10 namespace
sudo ip netns add vlan10
#Attaching eth0.10 inside the namespace
sudo ip link set eth0.10 netns vlan10
#Set ip address and subnet on the interface
sudo ip netns exec vlan10 ip addr add 192.168.20.10/24 dev eth0.10
#Bringing up the interface to be functionnal
sudo ip netns exec vlan10 ip link set dev eth0.10 up
Step 2: Agent docker-compose Creation
The following is an example of parameters you need to add to a Sensor-agent yaml file to ensure that you connect the Namespace and interface correctly; so that it can be used for session creation, (for this type of configuration WE DO NOT USE HOST MODE NETWORKING).
sensor-actuate:
container_name: "Actuate_vlan10"
image: gcr.io/sky-agents/agent-actuate-amd64:r23.07
cap_add:
- ALL
environment:
- AGENT_MANAGEMENT_PROXY=192.168.5.1 <---- RoadRunner IP
- AGENT_MEASUREMENT_NETNS=vlan10
- AGENT_SOURCE_INTERFACE=eth0.10
- AGENT_INNER_IPC_PORT=52302
- AGENT_REFLECTORS_DEFAULT_STATE=true
- AGENT_METADATA_ne-id=PE-1 <---- NE_ID endpoint metadata
- AGENT_METADATA_vlan-id=10 <---- VLAN_ID endpoint metadata
privileged: true
volumes:
- secrets:/run/secrets
- /var/run/netns/vlan10:/var/run/netns/vlan10 <---- Map the namespace into agent
Step 3: Starting the Reflector
This command can be used in the deployment step of the agent in order to enable the reflector udp port at 862.
#Enable reflector from the docker directly on port 862
docker exec -it Actuate_vlan10 actuateStatus reflector_enable_twamp ipv4 862
© 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®, the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/.
Was this article helpful?
