Juniper Networks Revamps its Cloud-Native Contrail Networking Solution

Contrail Networking – Now with Cloud-Native Capabilities

Over the last two years, Juniper Networks' engineering team has been radically revamping Contrail Networking under the project name “CN2”. It could certainly mark an important second edition of Contrail, but it’s shorthand for Juniper Cloud-Native Contrail Networking. CN2 was just simpler to say than CNCN or CN2.

With the release of CN2 and Contrail 22.1, Juniper is delivering a modern, Kubernetes-native architecture that provides an automated, high performance and scalable cloud-native networking solution – and the DevOps efficiency of a hyperscaler – to our customers. Most important, CN2 is designed to securely connect applications in the worlds of both Kubernetes and OpenStack.

What’s New: Flipping the Kubernetes/OpenStack Coin

I was fortunate to work on Juniper’s acquisition of Contrail Systems in 2012 and its first product launch in 2013. In those days, and at its introduction in 2012, Contrail was squarely pointed at solving the difficult problem of at-scale SDN for Infrastructure-as-a-Service (IaaS) and network functions virtualization (NFV), where OpenStack acted as the orchestrator. Starting in 2015 and in the years that followed, Kubernetes has changed the game for developing and running applications and, more recently, for running VMs, too.

Kubernetes is more pervasive than OpenStack and has been for a while. At Juniper, we knew there were tremendous modernizations we could build into CN2 to better serve Kubernetes and OpenShift use cases for our customers, while still providing great OpenStack support so users balancing both worlds, or evolving into Kubernetes, could maintain a common experience.

Fast forward to today and CN2 is now Kubernetes-first. Moreover, CN2 is also now Kubernetes-native.

What’s Changed: Going Kubernetes-Native

Contrail’s transformation isn’t only about serving cloud-native and the ecosystem around Kubernetes; it’s about a quintessential optimization for Kubernetes – rebuilding CN2 as an extension of Kubernetes itself.

Working as a Kubernetes CNI and much more, CN2 integrates as a foundational piece of cluster infrastructure by employing the Kubernetes extension framework of custom resources. Now, everything in CN2 is provisioned just as it is with Kubernetes itself. Customers can use kubectl, K9s or any Kubernetes tool of their choosing. We’ve also extended Lens, the popular Kubernetes GUI, with a Contrail plug-in. This means CN2’s API now integrates using the native Kubernetes RBAC and adjacent IAM systems. And even better, CN2 is now configured as code, effortlessly enabling GitOps, infrastructure as code and CICD. We’re even introducing Contrail Pipelines based on ArgoCD and ArgoWorkflows for turnkey CICD for Contrail’s SDN, which includes Juniper’s new test suites.

Additionally, CN2 was built privately as closed source. Instead of open sourcing as with previous versions 21.4 and prior, version 22.1 will mark CN2’s introduction – and those that want access can get free trial licenses from Juniper!

What’s Unchanged: Scale, High Performance and Open Networking

The idea of a CNI is a crude reductionist view of Contrail for Kubernetes. Inside Contrail, there’s a lot more SDN: micro segmentation security policy, namespace isolation security, ingress load balancing, native load balancing for externally available microservices, traffic mirroring, routing policy, native BGP support, virtual network topologies and virtual networks, to name a few. All of which work with, or without, overlays (although they are recommended).

There’s too much to cover regarding the breadth and depth of rich networking features for enterprise organizations and cloud and service providers, so stay tuned for more technical blogs and demo videos covering all that CN2 has to offer.

Everyone knows that Kubernetes is often run on the cloud. Contrail could always fly there, too; Juniper has many such deployments. However, running CN2 on a self-managed bare-metal cloud is a game changer in private data centers because of CN2’s open standards-based and simple federation model to peer virtual networks from its logically centralized controller to other CN2 controllers, and especially to BGP-speaking routers – including Juniper and other vendors. On-premises deployments also mean that customers can choose to take advantage of SmartNIC options for extreme performance.

What’s Still Great and Getting Even Better?

As multicloud evolves, so does multi-Kubernetes. This happens in two ways: in the number of clusters and in the flavors or distributions of Kubernetes.

Many organizations use managed Kubernetes services on the cloud as well as self-managed, deployed distributions. CN2 is still a strong choice of SDN because of its hybrid ability to cater to all those Kubernetes distributions, including OpenShift and OpenStack, creating a common experience and federating them for seamless interconnectivity.

Beyond serving multiple orchestrators, KubeSprawl is the eponym for using a lot of Kubernetes clusters. And now multi-cluster Kubernetes is a new strength for CN2.

Contrail was always built for scale and secure, hardened multi-tenancy, so it’s great for large multi-purpose, multi-team and shared clusters. But as organizations go the other direction to deploy many small clusters – per team, per application, for dev, for test, for staging and for production – CN2 now provides the ability to clean up and consolidate the SDN across this multi-cluster mess. It can run in only one primary cluster and serve as the CNI for that cluster and many others. Likewise, it can combine multi-cluster analytics. While CN2 is known for strong federation, in this multi-cluster model, federation between clusters isn’t required for seamless virtual network and security policy management.

Finally, a fact of Kubernetes versus OpenStack is that Kubernetes is much easier to deploy. It works in private and public cloud, bare-metal and scales to tiny deployments of one node. With that, we knew CN2 had to be extremely easy to try out and test drive. Running minikube on a laptop with CN2 is simple enough to do within minutes. And Juniper has given the ability for any deployment to be streamlined and lean with fully optional logging, system analytics, network analytics and flow telemetry.

This is a huge achievement for the Juniper product and engineering teams and marks the beginning of a new edition of Contrail and a new era for CN2.

Source: Juniper Networks media announcement

Latest Updates

Subscribe to our YouTube Channel