The rapid development of new cloud-based applications and IT services is creating ever-increasing diversity in the market and the multi-cloud has long become a reality. In addition, the enormous demand for connectivity and bandwidth often pushes existing network infrastructures and operations to their limits. On the one hand, this poses significant challenges for service providers to effectively keep up with accelerated development. On the other, it offers opportunities for gaining competitive advantages.
However, service providers need to use the industry’s best innovative business enhancement solutions in order to react with more agility to the needs of the market and also to become more efficient and secure. It is at this point that software-based approaches come into play, allowing rapid and effective responses to new requirements based on intelligent networking, enhanced visibility with analytics and highly automated processes and providing connectivity, security and manageability for complex and widely distributed infrastructures. It is in this context that Juniper Networks offers their Contrail products, SDN-enabled management and control software for simplified service delivery. This tech blog gives an overview of the history of Contrail and the different Contrail products which can help to boost your business.
The beginning of Contrail
Back in 2012, Juniper Networks acquired Contrail Systems, taking a big step forward in software-defined networking (SDN). Contrail was disruptive in the early beginnings of the SDN movement because it introduced the principal of networking-as-a-service, abstracted through a single pane of glass for both, virtual and physical environments.
One year after the acquisition of Contrail Systems, at the end of 2013, Juniper made their Contrail Networking software available as an official commercial product, while also providing a full commercial support service. At the same time, Juniper also open-sourced the Contrail technology under the Apache 2.0 license as OpenContrail. Giving the Contrail technology back to the community has provided developers with the possibility of contributing to this project and given service providers and businesses the flexibility to adjust Contrail to their specific needs.
Tungsten Fabric – OpenContrail migrated to the Linux Foundation
In March 2018 Juniper Networks went another step further and migrated OpenContrail – the Open Source project – to the Linux Foundation to make it even more “open”. This move is a fundamental change for the project as it means that the Linux Foundation is now the owner. In this context, the open source project was given a new name, Tungsten Fabric, which also helps to provide better separation between the Open Source project and Juniper Networks commercial product line, Contrail.
The Contrail product family
|Contrail Networking||Contrail Security||Contrail Service Orchestration||Contrail HealthBot|
|Contrail Cloud||Contrail Enterprise Multicloud
||Contrail SD-WAN||Contrail Edge Cloud|
Contrail Networking is Juniper Networks’ commercial version of Tungsten Fabric. It is a pure software-defined approach that provides multi-cloud and fabric management, automation for infrastructures and service management, as well as analytics in multi-cloud environments. It implements a virtual networking overlay layer that delivers virtual routing, bridging and networking services over any existing physical or cloud network. With regard to the cloud, this approach helps to connect heterogeneous cloud environments.
Contrail Networking consists of the following key components:
- The Contrail SDN Controller which is logically centralised but physically distributed and responsible for providing the management, control and analytics functions of the virtualised network.
- The Contrail vRouter which runs on compute nodes of the infrastructure and gets its information from the control function nodes of the SDN Controller.
- The Web GUI and Plug-ins which integrate orchestration platforms such as Kubernetes, OpenShift, Mesos, OpenStack or VMware vSphere northbound via published REST APIs.
In 2014 Juniper not only announced their vMX – the virtualised version of the MX Router which can run on x86 servers – but also the Contrail Cloud platform which is an extended version of Contrail adjusted for telco cloud environments to run innovative services on high-performance NFV. Contrail Cloud features Red Hat OpenStack (RHOS) combined with Juniper Contrail Networking which brings highly scalable network connectivity and dynamic cloud orchestration together.
Contrail Cloud Architecture
Furthermore, Contrail Cloud leverages AppFormix, which has a built-in automation capability powered by machine learning to run cloud infrastructure and VNFs in the most optimal manner and remediate any potential failures to ensure adherence to SLAs.
Contrail Service Orchestration (CSO)
At the end of 2016 Juniper released Contrail Service Orchestration (CSO) as a comprehensive management and orchestration platform for managing cloud CPE deployments and other virtualised network services. CSO helps businesses and service providers to reduce service delivery times for managed services through a near real-time mouse-click experience by automating the entire service delivery life cycle.
Contrail Service Orchestration comes with the following key components:
- The Network Service Designer, which provides an intuitive point-and-click interface for defining the services of Juniper and third-party virtualised network functions (VNFs).
- The Administration portal, with a monitoring and troubleshooting service on the health and status of customers’ on-premise and hybrid cloud-based services.
- The Customer Portal for end-users is a unified portal with access to functions governed by a role-based access control (RBAC) to provide a per Tenant Admin and Tenant Operator role.
- The Network Service Controller automates the entire CPE management process, including remote activation of the CPE devices, enablement of the overlay VPN topology, and device maintenance and monitoring across all site locations.
- The Network Service Orchestrator automates and orchestrates the entire service creation process, from the time a customer designs, publishes and selects a new network service across the whole network.
- The SD-WAN Controller gives end-customers control and visibility of WAN traffic via the customer portal.
- Security Management provides the ability to orchestrate managed security services.
Juniper’s Contrail SD-WAN solution is a fit for service providers offering end-to-end SD-WAN solutions and larger businesses building their own independent end-to-end overlay-based network. The SD-WAN orchestration and controller functions of the Contrail SD-WAN solution are implemented through Juniper’s Contrail Service Orchestration (CSO) software.
In August 2017 Juniper released their software product Contrail Security for Enterprises and Service Providers to “protect, manage and monitor their cloud-native applications in heterogeneous environments.“ (Press Release August 2017) During recent decades, there has been an explosion in the number of security policies designed on the one hand to handle the wide variety of applications, endpoints and diverse environments and, on the other, the required flexible managing of those policies in case of changes on the other side. This highly complex setting needed an innovative approach to simplify operations and to manage cloud environments effectively.
“Microservices and Cloud-Native Apps Need a Security Revolution. Contrail Security Delivers.” (J-Net Forum)
It is here that Contrail Security steps in, as it offers a consistent and intent-based policy layer which gives you abstraction to extend the same set of policies to different settings so that you, for example, don’t need to rewrite your policies depending on the deployment scenario. Furthermore, Contrail Security comes with visualisations and analytics to track application flows within and across multi-cloud environments, which enables reporting, troubleshooting and compliance. And finally, it also offers scalable and performant L4 and L7 enforcement.
The Cloud Security Platform includes the following two key components:
- The Security Controller is the brain of the Contrail Security solution, with an interface for defining security intents. The controller itself translates high-level abstract intents into lower level constructs, which are propagated to the enforcement elements.
- The Contrail Security vRouter is a virtual enforcement element, which is installed where application workloads might be initiated and enforces security policies inline. The vRouter can also reroute traffic to L7 firewalls if needed.
Contrail Enterprise Multicloud
At the end of 2017 Juniper announced their Contrail Enterprise Multicloud platform for managing virtual network fabrics even across multiple clouds – whether the clouds are private, public or hybrid. This software platform can be used in Greenfield or even Brownfield with devices from other vendors.
“Why Enterprises Should Care About Multicloud Security” (J-Net Forum)
While Contrail Networking with its vRouter is the key element of this platform, the new and intuitive user-interface, Contrail Command, removes the complexity of multi-cloud networking through intent-based abstraction and simplifies managing of multi-cloud environments. Contrail Enterprise Multicloud also comes with AppFormix and is compatible with orchestration platforms such as OpenStack, Kubernetes or OpenShift.
Contrail Edge Cloud
Contrail Edge Cloud was introduced in late 2018 and is a software-based platform specially adjusted to the needs of service providers that want to build and manage new services in the space- and power-constrained network edge. The platform combines the benefits of Contrail Networking, Red Hat Ceph Storage, Red Hat OpenStack (RHOS), Kubernetes and AppFormix. This solution also comes with the virtualised security features provided by Contrail Security and the cSRX container-based firewall.
Contrail HealthBot is a software-based solution for network deployments, introduced in late 2018, and one of the latest developments in the Juniper Networks Contrail product family. The Contrail HealthBot provides network health and diagnostic tools integrated with multiple data collection methods such as Junos Telemetry Interface (JTI), NETCONF, Syslog and SNMP. On a device-level, the tool aggregates and analyses time-sensitive telemetry data for providing a multidimensional and predictive view of the network. By combining telemetry, programmability, advanced algorithms and machine learning capabilities, Contrail HealthBot implements efficient ways to transform analytics data into useful information to optimise network operations.
The web-based Dashboard offers a simple and intuitive visualisation of the current network state and also provides a service designer to intelligently automate service maintenance and sustain overall performance goals. Because of its open programmability, service providers and businesses can customise their health monitoring and diagnostics workflows.
Please find here further information regarding data protection.