Overview:
Contrail Networking is a simple, open, and agile cloud network automation product that implements an SDN architecture. With its scale-out microservices architecture, Contrail orchestrate virtual network overlays at the performance and scale of even the most dynamic and large clouds. Service providers can use Contrail Networking to accelerate the deployment of innovative new services, while enterprises can use it to increase agility by enabling the migration of applications and IT resources to more flexible hybrid cloud environments.
Product Description
Enterprise IT is under increasing pressure to become agile and accelerate value to the business by adopting hybrid cloud architectures and delivering Infrastructure as a Service (IaaS), Container as a Service (CaaS), and Platform as a Service (PaaS) to their stakeholder lines of business.
Service providers are also challenged to rapidly monetize new and differentiated services to generate revenue while reducing CapEx and OpEx. For many traditional network service providers as well as new cloud service providers, expanding their portfolio to meet the needs of Network Functions Virtualization (NFV) and XaaS (i.e., IT as a Service, Software as a Service, etc.) is seen as the path to increasing monetization and differentiation.
Enterprises and service providers expect to seamlessly migrate their existing physical infrastructure—incorporating millions of dollars of equipment and years of operational experience—to the cloud era without having to “rip-and-replace.”
Juniper Networks Contrail Networking addresses these challenges with a pure softwaredefined approach that spans the boundaries and use cases of most physical infrastructure, orchestration systems, DevOps tooling, virtualization runtimes, and operating systems. It unifies policy for network automation across those variables with seamless integrations for systems such as: Kubernetes, OpenShift, Mesos, OpenStack, VMware, a variety of popular DevOps tools like Ansible, and a variety of Linux operating systems with or without virtualization like KVM and Docker containers. Contrail Networking reduces the friction of migrating to cloud by providing a virtual networking overlay layer that delivers virtual routing, bridging, and networking services (IPAM, NAT, security, load balancing, VPNs, etc.) over any existing physical or cloud IP network. It also provides multitenant structure and API compatibility with multitenant public clouds like Amazon Web Services (AWS) virtual private clouds (VPCs) for truly unifying policy semantics for hybrid cloud environments.
For service providers, Contrail Networking automates network resource provisioning and orchestration to dynamically create highly scalable virtual networks and to chain a rich set of Juniper or third-party virtualized network functions (VNFs) and physical network functions (PNFs) to form differentiated service chains on demand. Integrated with a cloud IaaS stack such as OpenStack and OpenNFV, Contrail Networking enables the agile creation and dynamic scaling of service instances with high availability and reliability. Contrail Networking also makes it really simple to onboard network functions onto the platform without requiring any API integration or modifications to third-party VNF software.
Contrail Networking is equipped with always-on advanced analytics capabilities to provide deep insights into application and infrastructure performance for better visualization, easier diagnostics, rich reporting, custom application development, and machine automation. It also supports integration with other analytics platforms like Juniper Networks AppFormix and streaming analytics through technologies like Apache Kafka and its API.
Contrail Networking’s control and management systems are also designed as scale-out cloud-native software with a containerbased microservices architecture that supports in-service upgrades. Because of its capacity to scale, Contrail Networking can orchestrate virtualized, automated networking for the most demanding elastic cloud and NFV use cases. Based on proven open networking standards, open APIs, and the OpenContrail open-source project, Contrail Networking integrates with orchestration systems through plug-ins that accompany the control and management systems; for example, the OpenStack Neutron plug-in allows you to drive SDN equally well from the OpenStack or Contrail Networking GUIs and APIs. Delivering predictable business agility and a low cost of ownership, this cloud networking platform will enhance and future-proof your investment in creating IT as a Service (ITaaS) with DevOps automation and bringing applications to the cloud.
On the journey to an agile and connected future, it’s best to work with an innovative technology leader who understands the enterprise and service provider industries intimately—a partner with significant experience in both networking and IT who builds solutions based on open principles. Contrail Networking stands out by delivering software-defined cloud networking and cloud service automation in a way that gives customers freedom of choice, intelligent automation, and always-on reliability.
Figure 1. Juniper Networks Contrail Networking
Architecture and Key Components:
Contrail Networking is comprised of the following key components:
Contrail Networking management Web GUI and plug-ins integrate with orchestration platforms such as Kubernetes, OpenShift, Mesos, OpenStack, VMware vSphere, and with service provider operations support systems/business support systems (OSS/BSS). Many of these integrations are built, certified, and tested with technology alliances like Red Hat, Mirantis, Canonical, NEC, and more. Contrail Networking sits under such orchestration systems and integrates northbound via published REST APIs. It can be automatically driven through the APIs and integrations, or managed directly using the Web GUI.
Contrail Networking control and management systems, commonly called the controller, have several functions. Chief among them are the following functions:
- Configuration Nodes: This function accepts requests from the API to provision workflows like adding new virtual networks, new endpoints, and much more. It converts these abstract high-level requests, with optional detail, into lowlevel directions that map to the internal data model.
- Control Nodes: This function maintains a scalable, highly available network model and state by federating with other peer instances of itself. It directs network provisioning for the Contrail Networking vRouters using Extensible Messaging and Presence Protocol (XMPP). It can also exchange network connectivity and state with peer physical routers using open industry-standard MP-BGP which is useful for routing the overlay networks and north-south traffic through a high-performance cloud gateway router.
- Analytics Nodes: This function collects, stores, correlates, and analyzes data across network elements. This information, which includes statistics, logs, events, and errors, can be consumed by end-user or network applications through the northbound REST API or Apache Kafka. Through the Web GUI, the data can be analyzed with SQL style queries.
Contrail Networking vRouter runs on the compute nodes of the cloud or NFV infrastructure. It gets network tenancy, VPN, and reachability information from the control function nodes and ensures native Layer 3 services for the Linux host on which it runs or for the containers or virtual machines of that host. Each vRouter is connected to at least two control nodes to optimize system resiliency. The vRouters run in one of two highperformance implementations: as a Linux kernel module or as an Intel Data Plane Development Kit (DPDK)-based process.
Features and Benefits:
Key Features
- Routing and Bridging: The forwarding plane provides line-rate L3 routing and L2 bridging in multitenant and virtualized or containerized environments. It is based in the software vRouter and hence completely agnostic to the underlay network.
- Load Balancing: Equal-cost multipath (ECMP) load balancing with session affinity is built right into the vRouter’s forwarding plane. It distributes traffic across endpoints like VNF network services, such as virtualized firewalls for example. There is also an application-layer load balancing function built-in, as well as integrated with several external providers like F5 and Avi Networks.
- Security and Multitenancy: The use of tenant domains and L3 VPNs to create virtual networks inherently provides a secure segregated environment, where virtual networks cannot talk to each other without policies. The vRouter has built-in distributed L3 and L4 firewall capabilities that allow users to define simple and abstract security policies between virtual networks. The policies can specify additional VNF services in the path to create what are commonly called service chains; for example, the Juniper Networks vSRX virtual firewall can sit between a public network and a private network or between two networks that need tight security supervision. Networking can also scale out instances of such VNFs with load balancing as the service chain traffic load requires it.
- Elastic, Resilient VPN: L3VPN, Ethernet VPN (EVPN), and site-to-site IPsec are all delivered in software.
- Gateway Services: Contrail interoperates with most physical or VM-based routing and switching equipment that supports L3VPN or EVPN with the appropriate overlay network encapsulation standards (VXLAN, MPLSoGRE, MPLSoUDP). This includes interoperability with Juniper Networks MX Series 3D Universal Edge Routers and QFX Series switches, as well as other vendors’ devices to seamlessly connect to the WAN or legacy networks and workloads.
- High Availability: Contrail Networking components are made highly available and offer active/active redundancy.
- Analytics Services: Insightful visualization and diagnostics of virtual overlay and physical underlay networks enable real-time and historical infrastructure analytics that can be consumed through REST APIs or Apache Kafka. Users can also very easily set up live packet captures of traffic between virtual networks using built-in GUI features.
- API Services: REST APIs for configuration, operation, and analytics provide seamless integration with popular or customized orchestration systems. This includes AWS VPC API compatibility for seamless deployment of applications in a hybrid cloud platform.
Key Benefits
- Simple: Contrail Networking is built with simplicity in mind. It is easy to learn, intuitive to use, and well automated for a simple day-1 setup with most cloud orchestration systems. • Open: Contrail Networking is developed in the OpenContrail open-source project and community of developers and users. Furthermore, by design it eliminates the risk of lock-in by leveraging long-standing, well-proven open industry standards.
- High Scale and Performance: Contrail Networking is in production, standing up to the challenge of some of the most massive data center clouds.
- United Hybrid Cloud Policy: Hybrid cloud is the ideal platform, but to achieve one IT platform, there must be functional and nonfunctional similarity between application platforms in both private and public cloud. Contrail Networking is an excellent choice of SDN solution to implement private cloud with software-defined infrastructure, and it can also be deployed atop any cloud, private or public, to create parity of environments, maximizing DevOps automation and application portability within the hybrid cloud platform.
- Seamless Integration: Contrail Networking is well integrated, tested, and certified with a wide variety of software for orchestration, automation, operating systems, and virtualization or containerization. This means it is one SDN solution for all of your needs, cutting down the variables and assuring you compatibility with common legacy, current, and future technologies. Contrail Networking is also interoperable with industry-standard routing and switching systems to bridge from the overlay virtual networks to any other networks you have.
Key Functionality
Open Source, Open Standards for Seamless Interoperability: Contrail Networking eliminates the need for rip-and-replace by supporting many standards-based protocols, enabling interoperability in a multivendor physical infrastructure to maximize investment protection. Contrail Networking’s only requirement of the underlay network is IP connectivity, which is simple to design at scale in an interoperable way. In addition, complete source code and product binaries are available under the Apache v2.0 open-source license for all customers and partners. For more details, please visit www.opencontrail.org.
Network Virtualization: Contrail Networking provides a robust network virtualization solution by leveraging the L3VPN standard for L3 IP overlays, the EVPN standard for L2 overlays, and a multitude of data encapsulation standards like MPLS over generic routing encapsulation protocol (MPLSoGRE), MPLS over User Datagram Protocol (MPLSoUDP), Virtual Extensible LAN (VXLAN), etc. The virtual network segments provide a clean approach to microsegmentation and multitenancy and alleviate the challenges associated with a VLAN-based or L2-based segmentation approach.
Dynamic Service Chaining: Contrail Networking provides dynamic service chaining of virtualized or physical network functions that simplifies the creation, deployment, and management of differentiated network services. Connecting these network functions through proven open networking standards, Contrail Networking simplifies integration with Juniper and third-party service software and has nurtured a rich technology ecosystem of partners who offer services on top of the platform. It is a key ingredient that enables service personalization and deployment of massively scalable and highly available VNFs for NFV.
Network Programmability and Automation: Contrail Networking implements the concept of “SDN as a compiler” by translating abstract high-level workflows into specific rules/policies to automate the provisioning of workloads and enable service chaining of network and security services. For example, you can request virtual machine connectivity without getting into the details of underlying elements like ports, VLANs, subnets, switches, routers, etc. In addition, a unified model for configuration, operation, and analytics is exposed through REST APIs, as well as libraries in various programming languages such as Python, Go, Javascript, and Java, to name a few.
Infrastructure Analytics and Visualization: Contrail Networking provides insights into virtual and physical networks to simplify operations and decision making through proactive planning and predictive diagnostics. The analytics engine is designed for very large-scale ingest and querying of structured and unstructured data. It is exposed using REST APIs and a GUI-based query engine. This gives the user better insights to easily diagnose issues in the infrastructure, as it provides both real-time and historical information on application usage, infrastructure utilization, system logs, network statistics like flows, latencies, jitter, etc. In addition, users can employ REST APIs and modern bid data frameworks like Hadoop to write custom applications for reporting and infrastructure automation.
Contrail Networking Use Cases
Contrail Networking provides both service providers and enterprises with a dynamic and scalable network architecture to provision applications in a matter of seconds. Enterprises and service providers can use Contrail Networking to:
- Deploy private or public clouds
- Provide multitenancy with complete isolation and rolebased access control (RBAC) capabilities
- Automate for rapid network provisioning and services like connectivity and load balancing
- Enable self-service for application developers and DevOps teams
- Deploy hybrid clouds and create VPCs in a service provider public cloud
- Connect data centers and clouds and move workloads seamlessly between private and public clouds
- Ensure virtual network services API compatibility with third-party cloud providers like AWS
- Automate NFV through service chaining of any network and security service
- Provide service orchestration of any Juniper or third-party network and security service (physical or virtual)
- Enable cloud customer premises equipment (CPE) and managed network services like security, guest access, etc. for service provider IP-VPN customers
- Enable virtualized evolved packet core (EPC) for consolidation of services such as mobility management entity/Serving GPRS Support Node (MME/SGSN), S-GW, etc.
- Provide virtualized subscriber or business edge with chaining of services, including deep packet inspection (DPI), security (firewall, anti-DDoS), proxies, and caching
Specifications:
Minimum System Recommendations and Operating Environment
- Hardware: 64-bit dual x86 processor, minimum memory 12 GB RAM
- Storage: 30 GB Serial Advanced Technology Advancement (SATA), Serial Attached SCSI (SAS), or solid-state drive (SSD); Volume storage: 2 disks with 2 TB SATA
- Network: 1 GB interface card (1)
- OS: Linux OS (CentOS, RHEL, Ubuntu)
