The document serves as an introduction to Juniper Networks' Contrail, which focuses on network virtualization and its application in cloud environments. It discusses various use cases, such as connecting private and public clouds and service chaining, while emphasizing the role of virtual networks and network function virtualization. Additionally, it presents the technology's architecture, key abstractions, and integration with open-source projects like OpenStack and CloudStack.

1. JUNIPER CONTRAIL VNS
A BASIC INTRODUCTION
Hartmut Schroeder
Consultant Systems Engineer
Oct 2014

2. CONFIDENTIALITY & LEGAL NOTICES:
This material contains information that is confidential and proprietary to
Juniper Networks, Inc. Recipient may not distribute, copy, or repeat
information in the document.
This statement of product direction sets forth Juniper Networks’ current
intention and is subject to change at any time without notice. No
purchases are contingent upon Juniper Networks delivering any feature
or functionality depicted in this presentation.
2 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

3. WHY CONTRAIL?
3 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

4. CONTRAIL USE CASES
Public Cloud
VPN VPN
WAN
Gateway
Private Cloud Private Cloud
Access
Core
Cloud : Network Virtualization
• Private Clouds, Public Cloud, and Virtual Private Cloud
• Network Virtualization
• Application Policies
• Network Function Virtualization and Service chaining
• Rich Analytics
Cloud : Interconnect
• Connect Private Cloud to Private Cloud (DCI)
• Connect Private Cloud to Public Cloud (bursting)
• Connect Campus to Private Cloud
Network Function Virtualization
• Virtualize Network Functions
• Service Chaining
• Attach Service Chain to Physical Network
• Application-Aware and Subscriber-Aware Steering
4 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

5. VIRTUALIZATION
Internet /
WAN
Web
Servers
Application
Servers
Database
Servers +
Storage
VLAN
Static Silos of Dedicated
5 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Physical Resources
Internet /
WAN
Physical
Network
Virtual Compute
Virtual Storage
Virtual Networks
Dynamic Pool of
Virtual Resources
CloudStack Dynamic Orchestration

6. CONTRAIL KEY ABSTRACTIONS
"LEGO BLOCKS"
VM VM
VN
VN
VN
Virtual Machines
Cloud Tenants and Virtual Network Functions
Virtual Networks
Connect Virtual Machines
Gateway Devices
Connect the Virtual to the Physical
6 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

7. NETWORK VIRTUALIZATION
Virtual Network
Red
Blue
Virtual Network
Green
Virtual Network
VM VM
VM VM
VM VM
7 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
VM VM
VM VM
Switches
Virtualized Servers
Bare Metal Servers
Dynamic Network Virtualization at Scale
Without the complexity, scaling limitations, and stability issues of VLANs

8. VIRTUAL NETWORK POLICIES
Green
Virtual Network
VM VM VM
Red
Virtual Network
Virtual Network Policies
At a high level of abstraction, applied at the boundaries of virtual networks.
8 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
VM VM VM
Policy
only HTTP
NAT

9. SERVICE CHAINING
Virtual Network
Policy
only HTTP
NAT + DPI + Cache + Firewall
Service Chaining
Green
Virtual Network
VM VM VM
Red
Policy based application of virtual and physical services with scale-out.
Firewall, Intrusion Prevention, Load balancer, Cache, WAN optimizer, proxy, ...
9 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
VM VM VM
Virtual
Service
DPI
Virtual
Service
Cache
Physical
Service
Firewall

10. OpenStack
Contrail
Controller
NETWORK VIRTUALIZATION
VM
G1
VM
R1
Routing Instance Overlay Tunnel
Red
Virtual Network
VM VM VM VM
10 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
REST APIs
Contrail Controller
XMPP
VM
G2
VM
R2
Virtualized
Server
Contrail vRouter
Hypervisor
MPLS/GRE, MPLS/UDP, VXLAN
Underlay Switch
Logical Abstraction Physical Realization
Green
Virtual Network
VM VM VM VM

11. POLICY AND SERVICE CHAINING
Logical Abstraction Physical Realization
Virtual Network
VM
G1
Green
VM
G2
VM
G3
Virtual Network
VM
R1
Red
VM
R2
VM
R3
Contrail
Controller
VM
G
11 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
XMPP
VM
R
OpenStack

12. Contrail
Controller
VM
R1
12 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
VM
R2
Physical
L3VPN
BGP + Netconf
L3VPN
Overlay Tunnel
MPLS/GRE
Red
Virtual Network
VM VM VM VM
Route
Reflector
LSP (RSVP, LDP)
BGP
Gateway Router (PE Router)
GATEWAY TO L3VPN
Logical Abstraction Physical Realization
OpenStack

13. L3VPN FOR CLOUD INTERCONNECT
Data Center 1
Virtual Network
VM
G1
Green
VM
G2
VM
G3
Virtual Network
VM
R1
Red
VM
R2
VM
R3
L3VPN
L3VPN
13 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Data Center 2
VM
G4
VM
G5
VM
G6
Green
Virtual Network
VM
R4
VM
R5
VM
R6
Red
Virtual Network

14. Contrail
Controller
VM
R1
14 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
OVSDB + BGP
L3VPN or E-VPN
VM
R2
Overlay Tunnel
VXLAN
Red
Virtual Network
VM VM
Gateway Switch
Bare Metal Server
(Non-Virtualized Server)
GATEWAY TO BARE METAL SERVER
Logical Abstraction Physical Realization
OpenStack

15. SDN AS A COMPILER
North Bound Interface (REST)
15 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Contrail SDN Controller
South Bound Protocols
South Bound
Protocol 1
South Bound
Protocol 2
South Bound
Protocol N
High Level (Service) Data Model
Configuration State Operational State
Transformation Engine
Low Level (Technology) Data Model
Configuration State Operational State
South Bound
Protocol 3
Analytics
Analytics

16. HIGHLY AVAILABLE SCALE-OUT
REST REST
Configuration
Nodes
IF-MAP
Control
Nodes
Analytics
Nodes
XMPP
BGP
BGP
BGP, Netconf
vRouters Gateways
16 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Logically Centralized
(Physically Distributed)
Horizontally Scalable
Highly Available
(Active-Active)
Federated

17. APIS FIRST
Contrail GUI OSS / BSS Service Orchestrator
REST APIs
Configuration
Nodes
Analytics
Nodes
Contrail Controller
Generates
Service Data Model
High Level of Abstraction
17 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

18. RICH INTEGRATED ANALYTICS
18 Copyright © 2014 Juniper Networks, Inc. www.juniper.net

19. END-TO-END ORCHESTRATION
and / or
Juniper Partner
and / or
19 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Puppet, Cobbler, ...
Physical Server Management System
Junos Space: Network Director
Physical Network Management System (NMS)
OpenStack, CloudStack, ...
Virtual Machine Management System
Junos Space: Security Director...
Third Party Service Manager
Service Management Systems
Contrail Controller
Virtual Networks, Service Chaining
Radius / PCRF
Policy Servers
APIs
APIs
APIs
APIs
APIs
APIs
End-to-End Orchestration
Operator OSS
Juniper
Middleware

20. STANDARD PROTOCOLS, OPEN SOURCE,
MULTI-VENDOR SOLUTION
CloudStack
OpenStack
OpenContrail
Controller
VM
G
VM
R
Standard
Control
Plane Protocol
to vRouters
XMPP
20 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Standard Tunnel
Encapsulations
VXLAN / MPLSoGRE /
MPLSoUDP / MPLSoLSP
L3VPN
Multi-Vendor
Gateway
Routers
Multi-Vendor
Underlay
Switches
Multi-Vendor
Gateway
ToR Switches
Standard Control
Plane Protocols
to Physical
Gateways
BGP L3VPN / EVPN
Multi-Vendor
Virtualized
Services
Multi-Vendor
Hypervisor
KVM / XEN / ESXi
Multi-Vendor
Physical
Services
Open Source
Software
Multi-Vendor
Servers

21. OPEN CONTRAIL
Contrail is available as Open Source
www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial version
Uses proven stable standards. Production-Ready.
Permissive license
Apache 2.0
Integrated into open source virtualization stacks
OpenStack, CloudStack
21 Copyright © 2014 Juniper Networks, Inc. www.juniper.net