{"id":16139426,"url":"https://github.com/networkop/netris-on-air","last_synced_at":"2026-01-20T03:31:07.757Z","repository":{"id":83590193,"uuid":"484380227","full_name":"networkop/netris-on-air","owner":"networkop","description":"for of https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air","archived":false,"fork":false,"pushed_at":"2022-07-19T12:58:16.000Z","size":1451,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-12T23:45:12.258Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/networkop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-22T09:49:20.000Z","updated_at":"2022-04-22T09:49:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"ea9f07c6-2bae-42df-bfc8-0eb9760dcbad","html_url":"https://github.com/networkop/netris-on-air","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fnetris-on-air","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fnetris-on-air/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fnetris-on-air/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fnetris-on-air/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/networkop","download_url":"https://codeload.github.com/networkop/netris-on-air/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247526675,"owners_count":20953141,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-09T23:49:02.463Z","updated_at":"2026-01-20T03:31:07.713Z","avatar_url":"https://github.com/networkop.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EVPN Services Orchestration with Netris\n\nThis demo combines NVIDIA Cumulus EVPN fabric together with [Netris](https://www.netris.ai/) private cloud orchestration platform. The goal of this demo are summarized below:\n\n* Using a simple GUI, orchestrate EVPN services across Nvidia Cumulus EVPN fabric.\n* Demonstrate how EVPN configuration can be managed declaratively.\n* Show how Netris can implement common cloud network services, like NAT and L4 load-balancing.\n\nHere's the high-level diagram of what we'll be trying to achieve:\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/netris.png)\n\n\nIn order to simplify this demonstration, some things have already been pre-configured, for example:\n* Netris IPAM is pre-populated with subnets.\n* All devices are added to the Netris inventory.\n* Hosts and Internet devices are fully pre-configured.\n* E-BGP peering with the Internet.\n\nAll Netris bootstrapping has been performed using Terraform, all configuration files are saved in the [`./air/bootstrap`](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/tree/main/air/bootstrap) directory.\n\n\u003e **NOTE**: For instructions on how to build the demo, install and configure Netris see the [`./air`]((https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/tree/main/air)) directory. \n\n\n## Lab Details\n\nThe following diagram demonstrates the physical network topology, omitting the out-of-band components.\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/netris-topo.png)\n\nDefault logins and software versions:\n\n| Device/Application | sw version | username | password | \n| -- | -- | -- | -- | \n| oob-mgmt-server | Ubuntu 18.04 | ubuntu | nvidia | \n| netq-ts | NetQ 4.0.0 | cumulus | cumulus | \n| leaf0X, spine0X | CL 3.7.15 | cumulus | CumulusLinux! | \n| host-X, border0X, Internet | Ubuntu 18.04 | ubuntu | nvidia | \n| Netris Controller | 3.0.3 | netris | newNet0ps | \n\nTo interact with the lab, you can connect to lab devices via SSH and to Netris UI via HTTP. In order to enable remote access go to the \"Advanced\" view and\n\n* Click \"Enable SSH\" to expose the `out-of-band` management server to the Internet.\n* Click \"Add Service\" and add a new service of type \"Other\" to the `oob-mgmt-server:eth0` port `8080`. \n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/netris-services.png)\n\nThe web UI is now available at `http://\u003cExternal Hostname\u003e:\u003cExternal Port\u003e`, e.g. http://worker01.air.nvidia.com:27828\n\n\u003e You may see some high load alarms once the lab is up, this is due to initial boot process. They should disappear after a few minutes.\n\n## Walkthrough\n\n\n### 1. EVPN orchestration\n\nIn the first part of this demo we will walk you through how to configure virtual networks ([V-Net](https://www.netris.ai/docs/en/stable/vnet.html)) in Netris, that will get automatically translated into an EVPN instances (EVI) and anycast gateway configurations inside the NVIDIA Cumulus network fabric.\n\n### 1.1 Interactive VNET Operations\n\nV-Net is one of the fundamental concepts in Netris data model and represents a single L2 domain. \n\nCreate a new V-NET by going to `Services-\u003eV-NET` and adding a new instance with the following details:\n\n| Name | Owner | Sites | IPv4 Gateway | Ports | \n| -----|-------|-------|--------------|-------|\n| vnet-one | Admin | Default | 10.0.1.1/24 | swp3@leaf0, swp3@leaf1, swp3@leaf2, swp3@leaf3 |\n\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/vnet.png)\n\nIn the background, Netris translates this high-level V-Net data model to the low-level device configuration and installs it on all required switches in the EVPN fabric. For example, you can see the difference by looking at `/etc/frr/frr.conf` on `leaf0` [before](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/blob/main/images/leaf0-before.txt) and [after](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/blob/main/images/leaf0-after.txt) you've done this change.\n\nA few seconds later, once all device configs have been applied, you can connect to `host-a` and verify connectivity within the new V-Net:\n\n```\nubuntu@host-A:~$ ping -c 2 10.0.1.1\nPING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.\n64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=0.341 ms\n64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=0.356 ms\n\n--- 10.0.1.1 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1031ms\nrtt min/avg/max/mdev = 0.341/0.348/0.356/0.020 ms\nubuntu@host-A:~$ ping -c 2 10.0.1.22\nPING 10.0.1.22 (10.0.1.22) 56(84) bytes of data.\n64 bytes from 10.0.1.22: icmp_seq=1 ttl=64 time=1.38 ms\n64 bytes from 10.0.1.22: icmp_seq=2 ttl=64 time=1.43 ms\n\n--- 10.0.1.22 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1001ms\nrtt min/avg/max/mdev = 1.381/1.409/1.438/0.047 ms\nubuntu@host-A:~$ ping -c 2 10.0.2.11\nPING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.\n\n--- 10.0.2.11 ping statistics ---\n2 packets transmitted, 0 received, 100% packet loss, time 1012ms\n```\n\nWe're still unable to ping `host-b` or `host-d`, this is what we're going to do next.\n\n### 1.2 Declarative VNET Operations\n\n\u003e Declarative APIs describe the desired state of the system instead of a set of imperative steps, relying on the controller to adjust the current state to match the intent.\n\nNetris supports two declarative interfaces. One of them is Terraform via a [custom Netris provider](https://github.com/netrisai/terraform-provider-netris). We won't focus on Terraform here, however you can see example playbooks in it's [github repository](https://github.com/netrisai/terraform-provider-netris/tree/main/examples) or see Terraform files that were used to build this demo in the [`./air/bootstrap`](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/tree/main/air/bootstrap) directory.\n\n\n\nInstead we will demonstrate how to use Kubernetes custom resources to create a second V-Net and establish reachability between all 4 hosts. \n\nConnect to `netq-ts` and create a new Kubernetes manifest:\n\n```\ncumulus@netq-ts:~$ sudo -i\nroot@netq-ts:~# cat \u003c\u003c EOF \u003e vnet.yaml\napiVersion: k8s.netris.ai/v1alpha1\nkind: VNet\nmetadata:\n name: vnet-two\nspec:\n ownerTenant: Admin\n guestTenants: []\n sites:\n   - name: Default\n     gateways:\n       - 10.0.2.1/24\n     switchPorts:\n       - name: swp4@leaf0\n       - name: swp4@leaf1\n       - name: swp4@leaf2\n       - name: swp4@leaf3\nEOF\n```\n\nThis YAML file describes the desired state of a V-Net in a text format, which makes it easy to store in git and apply automatically using GitOps frameworks ([see this](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/kubernetes-on-baremetal-network) for an example of using Flux).\n\nThe new V-Net can now be created with a single command:\n\n```\nroot@netq-ts:~# kubectl apply -f vnet.yaml\nvnet.k8s.netris.ai/vnet-two created\n```\n\nBehind the scenes, Netris creates another EVPN instance (EVI) and configures anycast gateway on all participating switches. \n\nBoth declarative (TF and K8S) and imperative (REST and web UI) interfaces all manage the same state inside the Netris Controller and EVPN fabric, so the new V-Net is now also visible in the web UI:\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/vnet-all.png)\n\nReconnect to `host-a` and verify that both `host-b` and `host-d` are now reachable.\n```\nubuntu@host-A:~$ ping -c 2 10.0.2.11\nPING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.\n64 bytes from 10.0.2.11: icmp_seq=1 ttl=63 time=0.445 ms\n64 bytes from 10.0.2.11: icmp_seq=2 ttl=63 time=0.544 ms\n\n--- 10.0.2.11 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1012ms\nrtt min/avg/max/mdev = 0.445/0.494/0.544/0.054 ms\nubuntu@host-A:~$ ping -c 2 10.0.2.22\nPING 10.0.2.22 (10.0.2.22) 56(84) bytes of data.\n64 bytes from 10.0.2.22: icmp_seq=1 ttl=62 time=1.39 ms\n64 bytes from 10.0.2.22: icmp_seq=2 ttl=62 time=1.32 ms\n\n--- 10.0.2.22 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1001ms\nrtt min/avg/max/mdev = 1.320/1.358/1.397/0.053 ms\n```\n\n### 2. SoftGate Services\n\nIn the second part of this demo we demonstrate some of the capabilities of Netris Softgate, a software routing stack capable of high-speed NAT and L4 load-balancing. In our lab, it's running inside a KVM virtual machine, so you won't see high performance numbers, however, in production it runs on a general purpose x86 server with SmartNIC, such as Nvidia Mellanox Connect-X 5 or 6 series card ([see this](https://www.netris.ai/docs/en/stable/softgate-performance.html) for SoftGate performance numbers).\n\n### 2.2 NAT operations\n\nOur EVPN fabric is connected to the `Internet` node which has two public IPs configured on its loopback interface. Before we do anything, none of the hosts are able to reach them:\n\n```\nubuntu@host-A:~$ ping 8.8.8.8 -c 2\nPING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n\n--- 8.8.8.8 ping statistics ---\n2 packets transmitted, 0 received, 100% packet loss, time 1012ms\n```\n\nIn Netris web UI, create two NAT instances by going to `Net -\u003e Nat` and using the following details:\n\n| Name | Site | Action | Source | Destination | SNAT to IP | IP | \n| -----|-------|-------|--------------|-------|-----------| ---- |\n| nat-1 | Default | SNAT | 10.0.0.0/8 | 1.1.1.1/32 | Yes | 198.51.100.1 |\n| nat-2 | Default | SNAT | 10.0.0.0/8 | 8.8.8.8/32 | Yes | 198.51.100.2 |\n\nHere's an example of how `nat-1` configuration should look like:\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/nat-1.png)\n\nTo validate that NAT now works as expected connect to the [ifconfig.me](https://ifconfig.me/) service running on the Internet router and confirm that the source IP gets changed according our configuration:\n\n```\nubuntu@host-A:~$ curl http://8.8.8.8:8080/ip\n198.51.100.2\nubuntu@host-A:~$ curl http://1.1.1.1:8080/ip\n198.51.100.1\n```\n\n### 2.2 L4 load-balancer operations\n\nCreate a new load-balancer in `Services -\u003e L4 Load Balancer`. This would be a simple round-robin load-balancer exposing SSH ports `host-a` and `host-b` to the `Internet` router on port `2222`.\n\n![](https://gitlab.com/nvidia-networking/systems-engineering/poc-support/netris-on-air/-/raw/main/images/l4-lb.png)\n\nNow from the `Internet` router you can verify that sessions are being load-balanced to different backend hosts.\n\n```\nroot@Internet:~# ssh -b 1.1.1.1 -p 2222 ubuntu@198.51.100.129\nubuntu@198.51.100.129's password:\n\nubuntu@host-B:~$ logout\nConnection to 198.51.100.129 closed.\nroot@Internet:~# ssh -b 8.8.8.8 -p 2222 ubuntu@198.51.100.129\nubuntu@198.51.100.129's password:\n\nubuntu@host-A:~$ logout\nConnection to 198.51.100.129 closed.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Fnetris-on-air","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetworkop%2Fnetris-on-air","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Fnetris-on-air/lists"}