Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Juniper Employee , Juniper Employee Juniper Employee
Industry Solutions and Trends
Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform ... Again
May 8, 2017

Last year, we talked about how Juniper Networks Contrail Networking caters to a wide variety of customer use-cases (SaaS & IaaS / BMaaS Clouds, Enterprise private cloud / ITaaS Cloud, SD-WAN, telco, IoT and cable clouds) and how Contrail provides cloud networking solutions for some of the largest customers in the world. Over the year, we have tirelessly worked to enhance the product capabilities, gain even more market leadership, but most importantly, win more customers and cater to more customer use-cases, while at the same time ensuring our unwavering commitment to open source.


Contrail Leadership


This week, OpenStack Foundation is hosting its 14th OpenStack Summit in Boston. As part of the Summit, the Foundation conducted a user survey for their deployment decisions, and when it came to networking choices, it was no surprise that Contrail was selected by users as the #1 deployed commercially available SDN solution. In the past, similar OpenStack Summit surveys resulted in Contrail being voted consecutively (3 times in a row) as the leading commercial SDN provider. Not only that, when leading research firms like IHS Markit did market research on SDN adoption and evaluations, Contrail came up as the leader in terms of usage.


It is no wonder, therefore, that today Contrail has a wide variety of tier-1 customers in the enterprise, SaaS, telco and cable segments -- AT&T, Orange, eBay Classifieds, Vodafone, Riot Games, Workday, Juniper IT, as wells as government organizations, consumer products IT, a US-based cable MSO, and a US satellite company, just to name a few. These are leading customers across various segments and across multiple geographies, and they have had more of a partner-partner relationship with us, than a customer-vendor relationship. It is these strong relationships that have let us maintain the market leadership, while at the same time enhance our product to meet the ever-changing customer needs.


Customer Requirements Meet Product Enhancements 


So what do all these customers care about? Well, what is common across these customers is that they have users and applications. Users need to access apps, while apps need to interact with other apps. These apps could be running within different kinds of workloads (Containers, VMs, Bare Metal Servers), orchestrated by different orchestration systems (OpenStack, Kubernetes, Mesos, Custom, etc.), running on different kinds of devices (COTS hardware in the DC or a Telco CO/POP, CPE devices, IOT devices, etc.), within different heterogeneous environments (Public Cloud, Private Cloud, Legacy DC, Customer Branch, etc.) and be distributed across geographies. But regardless of their location or type, they need

  • A highly performant approach to connectivity,
  • A seamless layer of security, and
  • Ease of use when it comes to manageability and operations.

And Contrail Networking is the answer for their needs.







High-Performance Connectivity across Different Environments and Workload Types


Among other advantages, what makes Contrail Networking the #1 commercial SDN product is its ability to provide seamless connectivity across multiple heterogeneous environments while delivering advanced network services, in a secure multi-tenant fashion.


Container Networking and Orchestration


When it comes to containers, orchestration tools such as Kubernetes and Mesos are evolving to support broader use cases, but they have significant gaps in capability when it comes to networking -- including offering network isolation at multiple levels (e.g., cluster-level, namespace-level, pod/service-level), providing centralized IP Address Management (IPAM) and catering to native ECMP-based distributed load-balancing for service notion, just to name a few. Contrail Networking addresses all these gaps but also ensures that infrastructure operators are able to modify infrastructure isolation levels, transparent to the application developer, and without disrupting their workflow. Contrail Networking also provides seamless migration from and interoperability of existing non-container environments with container environments and extends vast variety of network services capabilities (Floating IP, SNAT, QoS, DDI, BGPaaS, etc.) to the container environments.


All of the above benefits can also be realized in a RedHat OpenShift-based deployment, which is a platform of choice for a wide variety of cloud customers, through a tight product integration with Red Hat’s flagship Container Platform, OpenShift.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)2.png



Performance and TCO Improvements using Smart IO


When it comes to telcos offering networking services on top of NFV platforms, one of the key challenges they face is the limitations of capping performance and scalability due to running non cloud-native network function software on top of generic hardware. As we announced at Mobile World Congress earlier this year, Contrail Networking helps customers overcome the performance challenges by supporting an accelerated data plane with vRouter on Smart IO, such as Netronome NICs. In the absence of a Smart IO on a server, the next best alternative available is DPDK, which does improve performance but at the cost of consuming CPU cores for the data plane, meaning there is less capacity available for application workloads. Smart IO gives customers the flexibility and agility of a software-based solution with the performance and scale of a hardware platform.


Additional Connectivity Capabilities


The connectivity aspect of Contrail Networking, furthermore, enables customers to seamlessly connect to public clouds offering multi-cloud and hybrid-cloud capabilities, offers the ability to connect a remote branch office to a data center along with simplified management of the CPE device thereby offering SD-WAN capabilities, and allows virtual networks to span multiple service provider COs, POPs & backend data centers, thereby offering telco/cable cloud offerings.


Seamless Security Policy Layer with Distributed Enforcement


Security has multiple aspects to it. On one hand, there is infrastructure security  – which takes care of encryption at control and config planes, Role-Based Access Control (RBAC), compliance, etc. for the Contrail Networking platform. On the other hand, there is application security where simple and ubiquitous intent-based policies are defined centrally for application workloads and tiers, and applied and enforced in a distributed fashion on different distributed workloads.


Infrastructure Security and Compliance


Contrail Networking offers two major advantages when it comes to infrastructure security. First, it has Role-Based Access Control (RBAC) enabled for users and admins of Contrail Networking. This RBAC is available when configuring networks and when getting analytics information. Contrail Networking RBAC is available through the APIs, as well as from the Web UI. Second, the config and control plane of Contrail is authenticated and encrypted using TLS.


Additionally, we have ensured that the Contrail platform is PCI-ready for customers.


Unified Policy Abstraction for Applications


As it relates to applications, Contrail offers a centralized intent-based unified policy abstraction layer with distributed enforcement, and allows users to create simplified policies that have a few unique characteristics:

  • Are generic and abstracted enough, where the user can state their intent in simple language, and the system can implement the policies to meet complex policy enforcement needs
  • Are tags based and can be applied to any set of workloads, regardless of where the workload migrates to
  • Can be modified / changed dynamically and programmatically


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)3.png


While we have made significant strides on our intent-based unified policy framework, there is a lot more exciting product announcements that are coming up very shortly – so stay tuned!


Manageability, Operations & Analytics


On the manageability and operations front, Contrail Networking has enhanced the product with a wide variety of features.


Ease of Deployment and Life-Cycle Management (LCM) with Containerized Controller


Contrail Controller has been packaged as containers, with the following personalities: three controller containers that include the (a) controller (config + control nodes, and other components including Web UI, etc.), (b) analytics node and (c) analytics database. Contrail Networking also (optionally) includes a load-balancer container for high availability of the controller cluster. These containers can run on bare metal servers or virtual machines and each of them can scale independently of the others. Containerization of the control plane does not impact the overall functionality of the Controller, but instead, brings accelerated Contrail Networking provisioning and simplified life-cycle management as all dependencies are packaged within the containers. In addition to containerizing the Contrail control plane, Juniper Contrail SDN deployment is supported with Juniper’s Ansible-based deployment tool, as well as partner tools such as RedHat OSP Director, Canonical JuJu Charms, among others.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)4.png



A big aspect of life-cycle management is ‘upgrades’. Contrail Networking now also supports in-service software upgrade (ISSU), where the northbound API interface is continuously available during the upgrade of the Contrail cluster.


Single SDN for Multiple Environments


One of the pain points of many customers has been the need to deploy multiple SDN layers for different deployments that run on top of each other. For example, when customers deploy OpenStack on top of Kubernetes (in order to leverage the capabilities of Kubernetes for OpenStack modules) or when customers need to deploy a PaaS layer (OpenShift) on top of an IaaS layer (OpenStack), they might need separate SDN layer for the two environments. This is a manageability hazard that customers want to avoid. Fortunately, Contrail Networking solves this problem quite efficiently and the same SDN layer can be used by multiple environments one running on top of the other.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)5.png


Improved Telemetry and Operations with Contrail Analytics (and AppFormix Integration)


Contrail Analytics has been one of the key differentiators for Contrail Networking. In addition to providing very in-depth information of the data-plane flows and other routing details along with proper visualization and APIs, Contrail Analytics offers a number of unique features and capabilities such as:

  • Underlay-Overlay Correlation: where overlay flows—whether current or historical—can be mapped to underlay flows for better visualization and troubleshooting.
  • Analyzer Capabilities: where packets can be mirrored and sent to any third party analyzer—which can look at very detailed real-time flow information between virtual networks.
  • Health-Monitoring of Instances: Monitoring the health of any workload by not only assessing whether the interface to the workload is up or down but also finding out whether the workload is operationally up or down (by sending ping and http traffic).
  • Anomaly Detection: Contrail Analytics now has the ability to proactively detect anomalous behavior on various user visible entities (UVE), using Machine Learning algorithms.


In addition, Contrail’s operational capabilities have been further enhanced via its integration with the AppFormix platform. AppFormix was an acquisition that Juniper made late last year and offers a key capability addition to the Contrail family. With anomaly detection capabilities in Contrail and AppFormix integration, customers are able to get closer to realizing Self-Driving Networks(TM).


Summary of Contrail Capabilities


Contrail offers a wide variety of features that addresses customer requirements at multiple levels. These can be summed up in the following 10 self-explanatory product feature buckets.



Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)6.png



Open Source Commitment


Open source has been a fundamental and central aspect of Contrail Networking. The product was open sourced under the Apache v2 license and we have added enhancements and capabilities to the product but continued to keep it open source. We have encouraged community development of features and have highlighted the product’s upcoming features in blogs and videos on With a single source code repository (no fork), a bug database that is open and accessible to anyone, product blueprints that are not kept behind closed doors, Contrail has been a pioneer and leader in open-source SDN.


Based on that unwavering commitment to open source, this year at the OpenStack Summit we are honored to have received the privilege of hosting OpenContrail Day during the OpenStack Summit as part of the Open Source Days initiative. We look forward to hosting presentations by our customers about how they leverage Contrail to achieve positive business outcomes.


To conclude, as Riot Games commented in a blog post about their SDN journey, “OpenContrail is designed from the ground up to be an open-source, vendor-agnostic solution that works with any existing network.” Contrail Networking brings dynamic features to any infrastructure environment, independent of the form factor, so that customers are able to migrate to newer technologies, which are at different levels of maturity, without roadblocks.


Top Kudoed Members