Canadian service provider Cloud Dynamics is using Juniper Networks' Contrail SDN software to virtualize its cloud...
network across multiple new data centers.
Cloud Dynamics has opened four new Toronto data centers to support this Contrail-based cloud and it plans to expand to 20 data centers later this year.
Each data center has a Juniper-based physical network infrastructure, including QFX and EX switches, MX routers and SRX security gateways. Cloud Dynamics is using the Juniper Contrail SDN controller and vRouter, deployed on virtual hosts, to create an overlay that extends across each data center LAN and the intra-data center WAN. Juniper refers to this combination of virtual and physical network infrastructure as its MetaFabric.
"We wanted to break that WAN-LAN barrier by orchestrating across the WAN for data center-to-data center traffic," said Vijai Karthigesu, chief operating officer of Cloud Dynamics. "We started with the QFX switches and used the Layer 3 functionality. Then with Contrail, the switches and routers are just becoming a basic foundation. All the routing and the flows for customer traffic are going to be controlled by Contrail SDN."
The provider has integrated the Juniper Contrail controller with its homegrown cloud management system using Juniper's northbound application programming interfaces (API). Contrail automates the provisioning and management of virtual networks to support tenant workloads instantiated by the provider's cloud management system.
Juniper Contrail uses two protocols in its virtual network overlay. Extensible Messaging and Presence Protocol (XMPP) is the southbound interface to the vRouters that reside on hypervisor hosts. Juniper uses border gateway protocol (BGP) to federate multiple controllers, while Cloud Dynamics uses BGP to merge controllers across its data centers in active-active mode.
The provider previously had some degree of network automation within its data centers, but automating networks across its dark fiber data center interconnects has always been a challenge.
"[Before Contrail SDN] we did some [automation], through APIs, but the actual configuration was data center by data center," Karthigesu said. "With SDN, our thinking is no longer about individual data centers. It's about a configuration for a [tenant] and about where the [tenant] is moving. We actually move the configuration with the [tenant's workload]. So it's no longer individual data centers -- it's a fabric."
Cloud Dynamics is also extending that automation beyond its data center interconnects to automate how QoS is translated between its internal networks and MPLS networks.
"We really like the Contrail API because we can automate and orchestrate everything from end to end. Not just that, but we have the ability to do some of our own integrations into the MPLS world. We are working on getting quality of service and SDN integrated with MPLS traffic engineering and QoS in the WAN," Karthigesu said.
Cloud Dynamics has also started using Contrail as a network functions virtualization (NFV) foundation for delivering additional services to cloud tenants. Contrail is able to service chain traffic for specific customer applications to data centers where network services and security functions have been consolidated. The first NFV-based service it is offering is distributed denial of service (DDoS) protection.
"We can send the flows for certain applications through our DDoS protection and not others. We use Contrail to control the flow through those services," Karthigesu said. Before implementing Contrail, Cloud Dynamics had to maintain DDoS protection gateways in every data center and route customer traffic through them.
"[With Contrail and NFV] we are centralizing the security aspect of external gateways into two or three data centers, but they will serve 20 data centers," he said. "[Security services] are segregated into their own layer and Contrail chooses which flows to send through that island.