contrail networking: evolve your cloud with...
TRANSCRIPT
BUILD MORE THAN A NETWORK
Contrail Networking: Evolve your cloud
with Containers
INSIDE
Containers and Microservices
Transformation of the Cloud
Building a Network for Containers
Juniper Networks Contrail Solution
Contrail Networking: Inside the Linux Container Ecosystem
“Containers free developers
to focus on their core
competency, while
operations staff benefit
from flexibility, a smaller
footprint in the data center,
and lower overhead.”
Containers and Microservices
The primary purpose of containerized
applications is to improve the effectiveness
of software teams, making it easier for
people to work together while lowering the
communications overhead. In large enterprises,
applications such as ERP or CRM software
suites often begin as simple projects, but as
time passes, they quickly become clunky and
inefficient, with a monolithic code base that
slows progress for development teams.
To get beyond this inefficiency, a new approach
breaks down the application into smaller, bite-
size components known as microservices.
Adopting a microservices architecture gives
development teams agility and operational
efficiency by virtue of the smaller code base in
each application component.
As the software goes through its various
stages of development, it may move from the
developer’s PC to a lab or test environment;
it may move from a physical to a virtual
environment, and ultimately, to a production
environment. In each of these, the app must
perform consistently. Containers address
the problem of how to make software work
in different computing environments. They
enable software developers to encapsulate an
application component in a single, lightweight
package. Inherently Linux-based, containers
offer the promise of running consistently from
one computing environment to another, virtual
or physical.
Preface
Large enterprises are exploring the possibilities enabled by emerging container
technologies such as Docker. At Juniper, we see this trend as a milestone in data
center innovation, offering significant gains in efficiency, productivity, and agility for
large enterprises that offer cloud as a service.
1
Contrail Networking: Inside the Linux Container Ecosystem
Transformation of the CloudWith containers’ inherently lightweight nature,
a single host can support many more container
instances than traditional virtual machines (VMs).
Typically short lived, containers can be created
and moved more efficiently than VMs, and they
can also be managed as groups of logically
related elements.
These container characteristics impact the
requirements for container networking solutions:
the network must be agile and scalable. The
transition from VMs to containers will not
happen overnight, so VMs, containers, and bare-
metal servers will need to coexist in the same
cloud environment. The container network,
therefore, must be seamless across diverse
environments. It also must be agnostic to work
with whatever compute vehicle is in use to
deploy applications.
Building a Network for ContainersThe network plays a vital role in containerization.
In multitenant environments, one essential
need is the ability to provide access control
and auditing capabilities for network flows.
The access controls provided by the network
complement application-based authentication
and authorization mechanisms. Together, they
provide a common layer across heterogeneous
authentication methods. This function addresses a
frequent requirement in environments where third-
party software—such as virtualized firewalls—is
in use, or when multiple generations of software
technologies are running simultaneously.
Network access-control, combined with security
at Layers 3–7, should encompass the clusters
that are executing containerized workloads, as
well as external environments such as existing
OpenStack or bare-metal servers. In these
heterogeneous environments, the network is the
glue that holds together the diverse elements.
Contrail Networking: Inside the Linux Container Ecosystem
“Adopting a microservices
architecture gives
development teams
agility and operational
efficiency by virtue of the
smaller code base in each
application component.”
2
Contrail Networking: Inside the Linux Container Ecosystem
Juniper Networks Contrail SolutionJuniper Networks’ Contrail is a simple, open, and agile Cloud Network Automation platform that
can provide microsegmentation for a container ecosystem, securely isolating networks within a
multi-tenant environment. It enables the cluster management tool to connect different virtual
networks between applications running on containers and VMs, and also connect elements
outside the cluster management tool, such as legacy infrastructure or databases running on
bare-metal servers in private, public, and hybrid clouds.
The Contrail solution is composed of two products: Contrail Networking and Contrail Cloud Platform.
Configuration Analytics
Control
Docker & Kubelet
PodPodPod
OpenContrail Controller
BGPFederation
Minion
PodPodPod
Minion
BGPClustering
BGP + NetconfXMPP XMPP
MPLS over GRE/UDPor VXLAN
IP Fabric(Underlay Network)
REST
Container Pods
OpenContrailController
Controller
OpenContrailkube-network-manager
K8sComponents
Kubernetes Master
OpenContrailvRouter (L2 & L3)on replaces docker0
kube-network-manager• New OC daemon for kuberbetes to listen
to k8s API and automate the creation of virtual networks and policy
kube-minion-plugin and vRouter• Kuberbetes proxy is removed• Attaches containers’ veth-pair bridge
between the container and pod’s VRF in the vRouter (replacing the docker0 interface)
Docker & Kubelet
Contrail Networking: An open SDN solution that
consists of Contrail Controller, Contrail vRouter,
an analytics engine, and published northbound
APIs for cloud and NFV. Contrail Networking
improves business agility by delivering unique
security, availability, performance, automation,
and elasticity capabilities
Contrail Cloud Platform: A turnkey cloud
orchestration and automation platform that
consists of Contrail Networking, Juniper’s
OpenStack Distribution, Server Manager, and
Ceph-Based Distributed Storage.
3
Corporate and Sales Headquarters
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or +1.408.745.2000
Fax: +1.408.745.2100
www.juniper.net
Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos
and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
APAC and EMEA Headquarters
Juniper Networks International B.V.
Boeing Avenue 240
1119 PZ Schiphol-Rijk
Amsterdam, The Netherlands
Phone: +31.0.207.125.700
Fax: +31.0.207.125.701
7400034-001-EN May 2016
Contrail Networking: Inside the Linux Container Ecosystem
EXPLORE JUNIPERGet the App.
Benefits and Features
• Provides the ability to weave virtual overlay
networks with heterogeneous environments
that straddle private and public clouds,
orchestration tools, and compute workload
vehicles.
• Allows tenants to specify traffic selection
criteria and the network function sequences
to which selected traffic will be subjected—
a capability referred to as Service Function
Chaining.
• Implements secure multitenancy for
tenants utilizing containers and/or groups
of containers, ensuring clear segmentation
between tenants sharing the pooled
infrastructure.
• Enforces security policies at every server
host where containers are running by
implementing a fully distributed firewall in
the vRouter.
Additional InformationProduct URL:
http://www.juniper.net/us/en/products-services/
sdn/contrail
Contrail Sandbox:
www.opencontrail.org/sandbox
Contrail Package:
https://www.juniper.net/support/
downloads/?p=contrail
About Juniper Networks
Juniper Networks challenges the status quo
with products, solutions and services that
transform the economics of networking. Our
team co-innovates with customers and partners
to deliver automated, scalable and secure
networks with agility, performance and value.
Additional information can be found at Juniper
Networks or connect with Juniper on Twitter and
Facebook.