French cloud provider Cloudwatt has adopted the open source version of Juniper Networks' Contrail SDN overlay in its production environment.
Cloudwatt is part of the new wave of European "sovereign" cloud providers that are government-backed and take a vendor-independent approach to infrastructure specifically to provide cloud services that are beyond the reach of snooping by U.S. spy agencies.
To establish some independence from infrastructure vendors, Cloudwatt's network stack is heavily focused on open source technology, including OpenStack Neutron for network orchestration and OpenContrail for its multi-tenant network overlay, said Régis Allègre, vice president of software engineering at Cloudwatt. The physical network underlay is a multi-vendor environment with heavy representation from Cisco's Nexus switching line, but the company may explore white box switches in the future as it expands its operation, he said.
"We need to find the right balance between cost efficiency and sovereignty," Allègre said. "For now, we've chosen to base our first generation solution on vendor hardware and open source software for the cloud and network management pieces. We are definitely looking at open hardware, such as OCP [Open Compute Project], or bare-metal switches with open source software. But we want to learn from operating our service first before going deeper into the layers and committing development and operational resources."
Cloudwatt is not a Juniper customer. OpenContrail is an open source version of Juniper's commercial Contrail SDN overlay software. Cloudwatt maintains its own implementation of the overlay. In fact, Cloudwatt has become the largest contributor to the OpenContrail project outside of Juniper, particularly around OpenContrail's integration with OpenStack Neutron.
"We have really co-developed with [Juniper] in an open source manner," Allègre said. "We're very satisfied with how we've been able to work jointly on that. On the other hand, there is no commitment [to a vendor]. It's just been a very good tactical relationship that has helped us both."
While in beta, Cloudwatt built an SDN overlay based on Open vSwitch and OpenStack Neutron. "We found that we needed something better distributed and more scalable [than an Open vSwitch overlay with OpenStack Neutron]," Allègre said. "From a scalability perspective, we would have been limited to 40 VMs [virtual machines] per hypervisor with Open vSwitch and Neutron. Another key issue was the lack of operational tooling that would allow us to investigate issues in the network. Open vSwitch would not provide us with the sufficient functionality to do that. So our operational team went in search of something else."
Juniper often touts OpenContrail's ability to correlate network activity across virtual and physical networks, a feature that some critics claim is lacking from other network overlays, particularly VMware NSX.
Cloudwatt investigated the use of OpenContrail and the operations team determined that it was far more scalable than the provider's original Open vSwitch implementation. Tests showed they could achieve a density of 100 VMs per hypervisor with the overlay. OpenContrail was also higher performance, with near wirespeed throughput. In contrast, the Open vSwitch overlay was limited to 1 Gbps performance.
OpenContrail also had operational tools built so that it would allow the network team to correlate performance management and troubleshooting across the overlay and the physical network underneath, Allègre said.
Now Cloudwatt runs an OpenContrail overlay, with vRouters deployed on virtual hosts that tunnel traffic over the physical network.
"OpenContrail provides a fully isolated virtual network that fully matches the mulit-tenancy that is part of OpenStack's design," Allègre said.