In today’s fast-paced digital world, businesses demand agility and efficiency from their IT infrastructure. This blog explores how the integration of Juniper Apstra™ with Red Hat® OpenShift and Ansible® Automation Platform empowers organizations to unlock the full potential of their cloud-native deployments. By automating the provisioning and management of SR-IOV networks, this solution simplifies operations, reduces manual intervention, and accelerates time-to-market for new applications.
Overview of the architecture
At its core, the Apstra/OpenShift solution consists of:
- A three-node OpenShift cluster (combined master and worker nodes) connected to the Juniper spine-and-leaf fabric managed by the Apstra controller.
- Ansible Event-Driven Automation (EDA), which listens to OpenShift events and triggers playbook creation via Ansible Tower.
- SR-IOV (Single Root I/O Virtualization), enabling OpenShift applications to leverage secondary CNIs for high-performance virtual networking.
This architecture ensures end-to-end connectivity between OpenShift workloads while maintaining a logical topology of applications and their respective network mappings.
Single Root I/O Virtualization (SR-IOV) is a technology that allows a single physical network device or the NIC to be shared among multiple virtual machines or containers. By dividing a physical function (PF) into multiple virtual functions (VFs), SR-IOV enables direct, high-speed I/O access to the network device.
In the context of OpenShift/Kubernetes, SR-IOV can be used to provide high-performance networking for demanding applications such as 5G user-plane functions and centralized routing/firewall functions. By assigning SR-IOV-enabled network devices to pods, you can bypass the overhead of traditional network virtualization, resulting in significantly lower latency and higher throughput.
Traditionally, Kubernetes SR-IOV networks and data center switching fabrics have been managed as separate entities. This siloed approach often requires manual intervention to connect virtual networks and workloads, reducing the agility and automation benefits of cloud-native infrastructures.
Juniper Apstra is well known for its intent-based, multi-vendor management of data center switching fabrics. The most commonly deployed templates set up a cloud-scale EVPN-VXLAN fabric. It provides Day 0, Day 1 and Day 2 operations for customers’ DC EVPN-VXLAN-based fabrics commonly used in multi-tenant on-premises cloud data center use cases.
By seamlessly integrating Kubernetes SR-IOV networks and data center switching fabrics, Juniper Apstra offers a unified approach to network management. This eliminates the need for manual intervention and empowers organizations to achieve greater agility and automation.
Now integrated, Red Hat OpenShift/Kubernetes and Juniper Apstra together automate, secure and simplify networking east-west between SR-IOV, and other application workloads, including Kubevirt Virtual Machines. Connecting virtual networks and workloads across these layers is now automated, dynamic, and effortless for the NetOps team that manages Apstra and the physical fabric.
Harmonizing OpenShift/Kubernetes SR-IOV Networks and Apstra underlay fabrics
Apstra by itself is completely unaware of Kubernetes SR-IOV-based networks. These overlays can come together for east-west or north-south switching/routing with EVPN as the control plane and VXLAN as a data plane encapsulation.
OpenShift/Kubernetes events provide valuable insights into cluster activity. Red Hat Event-Driven Ansible (EDA) is integrated with OpenShift/Kubernetes events to dynamically create Apstra objects, ensuring seamless integration between the underlay and overlay networks. This allows Apstra EDA collection to provide automated responses for network changes.
Why Event Driven Ansible?
Event Driven Ansible (EDA) is a powerful automation tool that enables organizations to react to real-time events and trigger automated actions. By automating routine tasks and streamlining workflows, EDA improves operational efficiency, reduces human error, and accelerates response times to incidents. This empowers organizations to proactively address issues, optimize resource utilization, and enhance overall IT agility.
Use cases for enterprises and telco cloud
A simple use case that applies to almost any environment is the interconnection of legacy bare-metal, VM or physical networking appliances into the modern Kubernetes world. Juniper Apstra with EDA powering the overlay Kubernetes networking can extend the reach of a single subnet (intra-virtual network style) or route across subnets (inter-virtual network style) into one or many existing Apstra virtual networks, uniting networking from Kubernetes containers to legacy endpoints.
This automated connectivity saves a lot of time in the networking of Kubernetes SR-IOV-based workloads. The Apstra EDA add-on watches the Kubernetes API for “SR-IOV Network” objects and SR-IOV-bound pods whereby it completely automates all the fabric networking through Apstra. Juniper Apstra topologies, with spine-and-leaf, can now stitch together Apstra and OpenShift/Kubernetes virtual networks. Furthermore, EDA actively monitors the Kubernetes API for SR-IOV-bound pod creation and deletion. Upon detecting these events, EDA automatically provisions the necessary network configurations on the underlying physical fabric, including dynamically binding connectivity template ports and establishing the required connectivity to the backend fabric. This dynamic provisioning ensures that SR-IOV workloads (pods/deployments) can scale up and down seamlessly without manual network intervention, leading to improved agility and operational efficiency.
SR-IOV’s ability to provide low-latency, high-throughput network connectivity is essential for machine learning applications leveraging RDMA technologies like RoCE. Telco cloud environments frequently utilize SR-IOV for 5G components. In both enterprise and telco cloud scenarios, SR-IOV workloads may coexist with or interact with regular Kubernetes workloads and control plane components.
How it works
Apstra EDA streamlines this process, automating the configuration and management of fabrics based on OpenShift/Kubernetes events. This automation enables faster and more reliable deployment of high-performance workloads, which can scale dynamically up or down, and which rely on SR-IOV’s low-latency and high-throughput capabilities.
This architecture integrates OpenShift with Juniper Apstra, leveraging EDA, Ansible Tower, and Ansible Galaxy. EDA monitors OpenShift for events such as the creation or deletion of Namespaces, SR-IOV Networks, or pods/deployments. Upon detecting an event, EDA triggers a playbook within Ansible Tower. This playbook orchestrates the creation or management of corresponding network configurations within Juniper Apstra, which in turn controls the underlying fabric switches. For further details, watch the short video below which helps to explain and demonstrate the capabilities of this power pack Apstra feature.
