SDN and NFV Era
Showing results for 
Search instead for 
Do you mean 

Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform ... Again

by Juniper Employee on ‎05-08-2017 06:00 AM

Last year, we talked about how Juniper Networks Contrail Networking caters to a wide variety of customer use-cases (SaaS & IaaS / BMaaS Clouds, Enterprise private cloud / ITaaS Cloud, SD-WAN, telco, IoT and cable clouds) and how Contrail provides cloud networking solutions for some of the largest customers in the world. Over the year, we have tirelessly worked to enhance the product capabilities, gain even more market leadership, but most importantly, win more customers and cater to more customer use-cases, while at the same time ensuring our unwavering commitment to open source.


Contrail Leadership


This week, OpenStack Foundation is hosting its 14th OpenStack Summit in Boston. As part of the Summit, the Foundation conducted a user survey for their deployment decisions, and when it came to networking choices, it was no surprise that Contrail was selected by users as the #1 deployed commercially available SDN solution. In the past, similar OpenStack Summit surveys resulted in Contrail being voted consecutively (3 times in a row) as the leading commercial SDN provider. Not only that, when leading research firms like IHS Markit did market research on SDN adoption and evaluations, Contrail came up as the leader in terms of usage.


It is no wonder, therefore, that today Contrail has a wide variety of tier-1 customers in the enterprise, SaaS, telco and cable segments -- AT&T, Orange, eBay Classifieds, Vodafone, Riot Games, Workday, Juniper IT, as wells as government organizations, consumer products IT, a US-based cable MSO, and a US satellite company, just to name a few. These are leading customers across various segments and across multiple geographies, and they have had more of a partner-partner relationship with us, than a customer-vendor relationship. It is these strong relationships that have let us maintain the market leadership, while at the same time enhance our product to meet the ever-changing customer needs.


Customer Requirements Meet Product Enhancements 


So what do all these customers care about? Well, what is common across these customers is that they have users and applications. Users need to access apps, while apps need to interact with other apps. These apps could be running within different kinds of workloads (Containers, VMs, Bare Metal Servers), orchestrated by different orchestration systems (OpenStack, Kubernetes, Mesos, Custom, etc.), running on different kinds of devices (COTS hardware in the DC or a Telco CO/POP, CPE devices, IOT devices, etc.), within different heterogeneous environments (Public Cloud, Private Cloud, Legacy DC, Customer Branch, etc.) and be distributed across geographies. But regardless of their location or type, they need

  • A highly performant approach to connectivity,
  • A seamless layer of security, and
  • Ease of use when it comes to manageability and operations.

And Contrail Networking is the answer for their needs.







High-Performance Connectivity across Different Environments and Workload Types


Among other advantages, what makes Contrail Networking the #1 commercial SDN product is its ability to provide seamless connectivity across multiple heterogeneous environments while delivering advanced network services, in a secure multi-tenant fashion.


Container Networking and Orchestration


When it comes to containers, orchestration tools such as Kubernetes and Mesos are evolving to support broader use cases, but they have significant gaps in capability when it comes to networking -- including offering network isolation at multiple levels (e.g., cluster-level, namespace-level, pod/service-level), providing centralized IP Address Management (IPAM) and catering to native ECMP-based distributed load-balancing for service notion, just to name a few. Contrail Networking addresses all these gaps but also ensures that infrastructure operators are able to modify infrastructure isolation levels, transparent to the application developer, and without disrupting their workflow. Contrail Networking also provides seamless migration from and interoperability of existing non-container environments with container environments and extends vast variety of network services capabilities (Floating IP, SNAT, QoS, DDI, BGPaaS, etc.) to the container environments.


All of the above benefits can also be realized in a RedHat OpenShift-based deployment, which is a platform of choice for a wide variety of cloud customers, through a tight product integration with Red Hat’s flagship Container Platform, OpenShift.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)2.png



Performance and TCO Improvements using Smart IO


When it comes to telcos offering networking services on top of NFV platforms, one of the key challenges they face is the limitations of capping performance and scalability due to running non cloud-native network function software on top of generic hardware. As we announced at Mobile World Congress earlier this year, Contrail Networking helps customers overcome the performance challenges by supporting an accelerated data plane with vRouter on Smart IO, such as Netronome NICs. In the absence of a Smart IO on a server, the next best alternative available is DPDK, which does improve performance but at the cost of consuming CPU cores for the data plane, meaning there is less capacity available for application workloads. Smart IO gives customers the flexibility and agility of a software-based solution with the performance and scale of a hardware platform.


Additional Connectivity Capabilities


The connectivity aspect of Contrail Networking, furthermore, enables customers to seamlessly connect to public clouds offering multi-cloud and hybrid-cloud capabilities, offers the ability to connect a remote branch office to a data center along with simplified management of the CPE device thereby offering SD-WAN capabilities, and allows virtual networks to span multiple service provider COs, POPs & backend data centers, thereby offering telco/cable cloud offerings.


Seamless Security Policy Layer with Distributed Enforcement


Security has multiple aspects to it. On one hand, there is infrastructure security  – which takes care of encryption at control and config planes, Role-Based Access Control (RBAC), compliance, etc. for the Contrail Networking platform. On the other hand, there is application security where simple and ubiquitous intent-based policies are defined centrally for application workloads and tiers, and applied and enforced in a distributed fashion on different distributed workloads.


Infrastructure Security and Compliance


Contrail Networking offers two major advantages when it comes to infrastructure security. First, it has Role-Based Access Control (RBAC) enabled for users and admins of Contrail Networking. This RBAC is available when configuring networks and when getting analytics information. Contrail Networking RBAC is available through the APIs, as well as from the Web UI. Second, the config and control plane of Contrail is authenticated and encrypted using TLS.


Additionally, we have ensured that the Contrail platform is PCI-ready for customers.


Unified Policy Abstraction for Applications


As it relates to applications, Contrail offers a centralized intent-based unified policy abstraction layer with distributed enforcement, and allows users to create simplified policies that have a few unique characteristics:

  • Are generic and abstracted enough, where the user can state their intent in simple language, and the system can implement the policies to meet complex policy enforcement needs
  • Are tags based and can be applied to any set of workloads, regardless of where the workload migrates to
  • Can be modified / changed dynamically and programmatically


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)3.png


While we have made significant strides on our intent-based unified policy framework, there is a lot more exciting product announcements that are coming up very shortly – so stay tuned!


Manageability, Operations & Analytics


On the manageability and operations front, Contrail Networking has enhanced the product with a wide variety of features.


Ease of Deployment and Life-Cycle Management (LCM) with Containerized Controller


Contrail Controller has been packaged as containers, with the following personalities: three controller containers that include the (a) controller (config + control nodes, and other components including Web UI, etc.), (b) analytics node and (c) analytics database. Contrail Networking also (optionally) includes a load-balancer container for high availability of the controller cluster. These containers can run on bare metal servers or virtual machines and each of them can scale independently of the others. Containerization of the control plane does not impact the overall functionality of the Controller, but instead, brings accelerated Contrail Networking provisioning and simplified life-cycle management as all dependencies are packaged within the containers. In addition to containerizing the Contrail control plane, Juniper Contrail SDN deployment is supported with Juniper’s Ansible-based deployment tool, as well as partner tools such as RedHat OSP Director, Canonical JuJu Charms, among others.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)4.png



A big aspect of life-cycle management is ‘upgrades’. Contrail Networking now also supports in-service software upgrade (ISSU), where the northbound API interface is continuously available during the upgrade of the Contrail cluster.


Single SDN for Multiple Environments


One of the pain points of many customers has been the need to deploy multiple SDN layers for different deployments that run on top of each other. For example, when customers deploy OpenStack on top of Kubernetes (in order to leverage the capabilities of Kubernetes for OpenStack modules) or when customers need to deploy a PaaS layer (OpenShift) on top of an IaaS layer (OpenStack), they might need separate SDN layer for the two environments. This is a manageability hazard that customers want to avoid. Fortunately, Contrail Networking solves this problem quite efficiently and the same SDN layer can be used by multiple environments one running on top of the other.


Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)5.png


Improved Telemetry and Operations with Contrail Analytics (and AppFormix Integration)


Contrail Analytics has been one of the key differentiators for Contrail Networking. In addition to providing very in-depth information of the data-plane flows and other routing details along with proper visualization and APIs, Contrail Analytics offers a number of unique features and capabilities such as:

  • Underlay-Overlay Correlation: where overlay flows—whether current or historical—can be mapped to underlay flows for better visualization and troubleshooting.
  • Analyzer Capabilities: where packets can be mirrored and sent to any third party analyzer—which can look at very detailed real-time flow information between virtual networks.
  • Health-Monitoring of Instances: Monitoring the health of any workload by not only assessing whether the interface to the workload is up or down but also finding out whether the workload is operationally up or down (by sending ping and http traffic).
  • Anomaly Detection: Contrail Analytics now has the ability to proactively detect anomalous behavior on various user visible entities (UVE), using Machine Learning algorithms.


In addition, Contrail’s operational capabilities have been further enhanced via its integration with the AppFormix platform. AppFormix was an acquisition that Juniper made late last year and offers a key capability addition to the Contrail family. With anomaly detection capabilities in Contrail and AppFormix integration, customers are able to get closer to realizing Self-Driving Networks(TM).


Summary of Contrail Capabilities


Contrail offers a wide variety of features that addresses customer requirements at multiple levels. These can be summed up in the following 10 self-explanatory product feature buckets.



Here’s Why Contrail Was Chosen as the Best Commercial SDN Platform (Again)6.png



Open Source Commitment


Open source has been a fundamental and central aspect of Contrail Networking. The product was open sourced under the Apache v2 license and we have added enhancements and capabilities to the product but continued to keep it open source. We have encouraged community development of features and have highlighted the product’s upcoming features in blogs and videos on With a single source code repository (no fork), a bug database that is open and accessible to anyone, product blueprints that are not kept behind closed doors, Contrail has been a pioneer and leader in open-source SDN.


Based on that unwavering commitment to open source, this year at the OpenStack Summit we are honored to have received the privilege of hosting OpenContrail Day during the OpenStack Summit as part of the Open Source Days initiative. We look forward to hosting presentations by our customers about how they leverage Contrail to achieve positive business outcomes.


To conclude, as Riot Games commented in a blog post about their SDN journey, “OpenContrail is designed from the ground up to be an open-source, vendor-agnostic solution that works with any existing network.” Contrail Networking brings dynamic features to any infrastructure environment, independent of the form factor, so that customers are able to migrate to newer technologies, which are at different levels of maturity, without roadblocks.


Juniper Networks Technical Books
About the Author
  • Prior to Juniper acquisition, Ankur was the Founder and CEO of Contrail Systems Inc - a pioneer in standards based network virtualization and scale-out networking software. Ankur has over 15 years of experience in building world-class networking products and leading high performance teams. Prior to Contrail, Ankur served as Chief Technology Officer and VP of Engineering at Aruba Networks, where he played critical roles in the rapid expansion of team, products, and global businesses. Before Aruba, Ankur helped drive Juniper’s initial entry into and expansion of the Ethernet Switching market. Ankur received his MSEE from Stanford University & BSEE from the University of Southern California.
  • David Noguer Bau is the head of Telco Vertical Marketing at the SP Strategic Marketing team in Juniper Networks. He has extensive experience in Service Provider network evolution and regularly runs executive sessions with technical and marketing teams of important telecom operators to accelerate the adoption of virtualisation. David is based in Barcelona and has over 15 years of experience in the telecommunications sector. Prior joining Juniper Networks, Mr. Noguer Bau spent seven years at Nortel where he was a Business Development Manager specializing in Carrier Ethernet and Broadband areas. Before Nortel he worked at Eicon-Dialogic as Technical Manager in Spain. David has been the Country Marketing Chair at Metro Ethernet Forum for Spain. Mr. Noguer has wide experience speaking at international Conferences. He was graduated as Computer Engineer by Universitat Autonoma de Barcelona (UAB) and has an executive MBA from EADA Barcelona and executive education at the Thunderbird School of Global Management (Arizona) and the Henley Business School (UK). The views expressed here are my personal opinions , have not been reviewed or authorized by Juniper Networks and do not necessarily represent the views of Juniper Networks.
  • Donyel Jones-Williams is the Director of Service Provider Product Marketing Management overseeing all of Juniper's Service Provider Products for Juniper Networks. In this role, he leads all of the internal and external marketing activities for Juniper with respect to routing, automation, SDN and NFV. Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012). Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
  • Remarkably organized stardust.
  • Jennifer Blatnik is vice president of cloud, security and enterprise portfolio marketing at Juniper Networks with focus on enterprise deployments of security, routing, switching, and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, Jennifer served multiple roles at Cisco Systems, Inc., including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.
  • Jerry oversees all aspects of OpenLab which serves as a catalyst to spark the development of new innovative software applications or solutions that leverage the power of SDN/network programmability and intelligence. OpenLab is unique within Juniper and with its polished facility, globally accessible lab, and educational programs – such as the SDN “hackathons,” it serves as a tool for customer, partners, and academia. Prior to this position, Jerry led the development, management and marketing of the company’s strategic partnerships for video/unified communications, optical networking, and content/media delivery. In addition to handling the day-to-day oversight of the partnerships, he established new cross-partner go-to-market processes to drive and manage joint field opportunities. Before joining Juniper, Jerry led the Lucent Technologies application hosting/service provider marketing organization. He has over 25 years of experience in the data networking field with a focus on strategic alliance development, marketing, and technical field support. Jerry possesses a BS degree in Computer Science from St. John’s University in New York. He is active as a Juniper ambassador within the technology and academic community which includes advisory board positions with both NJIT and Rutgers in New Jersey.
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile:
  • Mark Belk is the National Government Chief Architect at Juniper Networks
  • Mike Marcellin is Senior Vice President and Chief Marketing Officer, leading the global marketing team responsible for marketing Juniper’s product and services portfolio and stewarding the brand, driving preference for Juniper in the market, training our partners and account teams, and developing a differentiated information experience for our customers. Before joining the global marketing organization, Marcellin led business strategy and marketing for Juniper’s industry-leading portfolio of high-performance routing, switching and security products. Prior to joining Juniper in 2010, Marcellin served as Vice President of Global Managed Solutions for Verizon, where he oversaw product development and marketing of its managed IP networking, hosting, security and IT solutions for businesses around the world. He also served as Vice President of Global Product Marketing for Verizon Business, executive director of Verizon Business’ IP and Ethernet portfolio as well as leading the company’s eCRM marketing division. Marcellin began his career with MCI in 1994. Marcellin is a Board Member for the Telecommunications Industry Association and a Board Member of US Ignite, an NSF-sponsored initiative. Marcellin holds two patents and was a Rodman Scholar at the University of Virginia, where he received a bachelor of science degree with distinction in systems engineering. He is based in Sunnyvale, California.
  • I love the intracacy and intimacy of succesful communications. Why and how people engage with each other is fascinating. I am also consumed with the way IT changes behaviours, values and expectations in society. I bring this sense of wonder to my role in EMEA Service Provider Marketing Programs at Juniper Networks. Down time: My passions are music, reading, politics, Derby County and playing the guitar (and the harmonica). You can follow me elsewhere: twitter: @neilpound my personal blog: my LinkedIn account: Neil Pound
  • Paul Obsitnik is Vice President of Service Provider Marketing for Juniper Networks Platform Systems Division (PSD), responsible for the marketing of Juniper’s portfolio of high performance routing, switching, and data center fabric products to Service Providers globally. Paul's team is responsible for marketing strategy, product marketing, go-to-market planning, and competitive analysis worldwide for the Service Provider segment. Obsitnik has extensive experience in marketing, sales and business development positions with a proven track record in creating technology markets. He has served in senior marketing and sales management positions at several companies including BridgeWave Communications, ONI Systems, NorthPoint Communications and 3Com. Paul holds a Bachelor of Science with Honors in Electrical Engineering from the United States Naval Academy and a Master of Business Administration from the Harvard Graduate School of Business. Obsitnik is based in Sunnyvale, California.
  • Praful Lalchandani is a Product Manager at Juniper Networks focussing on the Data Center portfolio. Praful is a seasoned veteran in the networking industry, with experience spanning over 15 years building networking products and helping service providers, cloud providers and enterprises with their networking requirements.
  • Pratik Roychowdhury currently leads product management for Juniper's SDN and Cloud Software product namely Contrail. He has been with Juniper Networks for the last six years, leading product management activities for Juniper’s Network Virtualization and Network Programmability products and taking some of these products from concept to release. Overall, Pratik has spent 16+ years in the hi-tech industry assuming various roles including product development at Citrix, strategy & product management at early stage start-ups, and technology investment banking at UBS. Pratik has a B.Tech in Electrical Engineering from Indian Institute of Technology and an MBA from Univ of Michigan, Ann Arbor (Ross School of Business).
  • VP of engineering, Juniper Networks & founder, AppFormix Entrepreneur and founder with successful exits from two networking startups. Sumeet holds more than 20 patents with technologies implemented in shipping products and has received numerous awards from organizations as diverse as MIT and Interop. His AppFormix team at Juniper Networks is shipping an automated, real-time monitoring environment that uses AI and machine learning to autonomously mitigate application and network function issues before they impact QoS or user experience.