Overlay networks: Understanding the basics, making it a reality
A comprehensive collection of articles, videos and more, hand-picked by our editors
Juniper Networks announced commercial availability of its Contrail SDN overlay for data center network virtualization. It also revealed it will open source the Contrail network virtualization overlay software under an Apache 2.0 license.
Sunnyvale, Calif.-based Juniper outlined its plans for Contrail last May, but the company's decision to release the open source OpenContrail software is a new development.
The Contrail system includes a controller, an analytics engine and vRouter software for hypervisor endpoints. The Contrail controller establishes a network virtualization overlay on top of an existing physical network to enable service automation and scale in a highly virtualized data center. It uses the Extensible Messaging and Presence Protocol as a southbound protocol to communicate with hypervisor hosts at the edge of the overlay, and it uses Border Gateway Protocol to scale out to multiple controllers with LANs or across the WAN. The vRouter software replaces the virtual switch on kernel-based virtual machines and Xen hypervisor hosts. Juniper has no immediate plans to support OpenFlow on Contrail unless customer demand for it materializes, according to Brad Brooks, Juniper's chief marketing officer.
Juniper will sell Contrail under an enterprise license with a starting list price of $1,000 per server socket for a one-year subscription, or $1,700 per socket for a perpetual license. Although Juniper is open sourcing the technology, it expects customers will buy enterprise licenses in order to get full commercial support of the technology, Brooks said.
Open sourcing Contrail gives Juniper several advantages, according to Joe Skorupa, vice president and distinguished analyst at Stamford, Conn.-based Gartner Inc.
"They get some press," Skorupa said. "They attract some folks in the research community who are interested in pushing the technology forward. Some of the more sophisticated customers get a chance to potentially play with things and they may see some innovation that comes from the outside that allows them to enrich the project."
The open source software will also empower customers to be flexible in customizing their network feature sets, according to Contrail beta tester Nik Weidenbacher, principal engineer at Wayne, Penn.-based SunGard Availability Services.
"When operating on a [closed] technology, there are times where I want it to do one more thing, but all I can do with a closed system is work with the vendor and their product managers to get that baked in," Weidenbacher said. "When the system is open sourced, that gives me the ability to choose to invest in creating that feature myself. It gives me a lot more flexibility. And I can still get support from the vendor, because they'll turn around and make commercial support available for it."
Network virtualization overlay market getting crowded
Contrail enters an immature but crowded SDN overlay market, where VMware made a big splash last month with its NSX launch. Nuage Networks and Midokura also have competing products. Furthermore, Juniper is a hardware partner of VMware NSX.
SunGard has been beta testing Contrail for its private cloud and its Infrastructure as a Service offerings, according Weidenbacher. The company is looking for a network virtualization overlay that supports the open source orchestration system CloudStack. Weidenbacher is still evaluating multiple platforms in addition to Contrail.
"We're undergoing a transition from an orchestration stack that we developed in-house to an open source stack -- Cloudstack," Weidenbacher said. "In the multi-tenant environment, the traditional separation technologies -- VLANs and all that fun stuff -- don't scale very well. And the traditional infrastructure is clunky when it comes to large-scale automation. Things are fragile when it comes to orchestration. Juniper is integrating [Contrail] with CloudStack, and that makes it really easy for us to deploy their product."
Combined SDN overlay and underlay visibility
Contrail will differentiate itself from other SDN overlay competitors with its ability to integrate virtual and physical network operations and troubleshooting, according to Juniper's Brooks.
"We have a very robust set of analytics capabilities that we have built into the virtual network overlay," Brooks said. Contrail can combine those SDN overlay analytics with intelligence it collects about the underlying physical infrastructure to present a unified set of analytics and data to network managers. "This is important because the overlay adds some complexity."
Contrail is able to collect data on the physical network because it can communicate with network hardware through gateways that use a standard set of protocols, including BGP, Brooks said. These gateways not only collect data on the physical network, but also enable service chains for Layer 4-7 network services and security.
"The SDN controller sets up all these different virtual routes that a data flow can take through both the physical layer of the network and the virtual layer and virtual services, depending on how you have your data center set up and how you want to manage it," Brooks said. For instance, Contrail can send hairpin traffic between an overlay gateway and a physical application delivery controller or a firewall, or it can apply equivalent virtualized services, such as Juniper's virtual firewall product, JunosV Firefly.
Integration between the network virtualization overlay and the physical network isn't just a differentiator. It's something every vendor should be working on, according to Gartner's Skorupa.
"When you build an overlay, the constant concern is when something breaks, how do I figure out where? Others say when you dump [traffic from an SDN overlay] into an IP network, the IP will magically get it where it needs to be. That's not a good assumption because you can get pathologically bad routes; you can get congested links. When things break, everybody suffers equally. And if you're trying to do traffic engineering at the IP layer, it can be a messy, complicated thing to do."
Juniper isn't the first vendor to recognize the integration issue, he said.
"It's what Nuage has done. It's why Juniper is doing it. It's why [Cisco CEO] John Chambers stood up at Cisco Live and talked about how they're the only company in the industry that understands that, although I think there is clear evidence that they aren't," Skorupa said. "It also demonstrates why VMware is becoming more pragmatic about some of the holes in their solution and the work they've announced with HP is a similar approach.
Skorupa said Juniper will need to integrate other Layer 4-7 services, either homegrown or third-party technologies. He pointed out that Juniper's partnership with Riverbed has granted it access to the source code for Riverbed's Stingray application delivery controller software. "It's a very feature-rich, capable product that could find its way into this."
Juniper and OpenDaylight
Juniper's decision to open source Contrail raises questions about the company's commitment to OpenDaylight, the multi-vendor open source SDN consortium that is developing a framework for an SDN technology stack.
Juniper remains a member of the consortium, but it is making Contrail a strategic priority over OpenDaylight.
"OpenDaylight is a different path to creating a controller in the marketplace. It's one of around 14 different competitive alternatives that will come to market or attempt to come to market over the next nine to 12 months," said Juniper's Brooks. However, Juniper may submit Contrail code to OpenDaylight, he said.
Whether OpenDaylight accepts that contribution is unknown.
"I think it's another demonstration that the folks who have controllers really don't have any interest in using OpenDaylight," Skorupa said. "Even once Daylight delivers what they consider to be a code-complete offering, then companies need to turn it into a product. It's a non-trivial effort."