Advanced Computing in the Age of AI | Monday, August 8, 2022

Juniper’s Contrail Virtualizes Networks Without OpenFlow 

Like other switch and router suppliers, Juniper Networks has to bring virtualization to the network to make connectivity more malleable and manageable. It's either that or someone else will.

After a strategic acquisition earlier this year and some testing by early adopters, Juniper says its Contrail Controller, which is at the heart of its software-defined networking strategy and which it got through that $176 million acquisition of Contrail Systems, is now ready for deployment at enterprise shops.

Contrail Systems was founded in early 2012 by Kireeti Kompella, formerly CTO and chief architect of the Junos network operating system created by Juniper for its switches and routers, so the acquisition brought a top techie back home. The other co-founder of the company was Ankur Singla, formerly CTO at Aruba Networks. The two hired techies from Google, Cisco Systems, and other companies to come up with a software-defined networking approach that was based on existing telecommunications, switching, and routing standards to carve up the network and virtualize it, much as has been done with servers and storage in recent years.

The interesting distinction for Juniper is that it has not yet adopted the OpenFlow protocol, which is a set of standards that many other SDN stacks have adopted which break the data plane from the control plane in switches and routers so the forwarding tables that define how the switches and routers plug together can be centralized on a controller (usually an X86 server running the SDN controller inside of a virtual machine). Once the control planes are centralized, they can be changed on the fly based on existing traffic conditions on the network and then pushed back out to the switches and routers. Juniper's Contrail Controller performance a similar function, but it just does it using other protocols.


Specifically, switches and routers made by Juniper and its competitors already support the Border Gateway Protocol (BGP), and this protocol is part of the glue n the SDN stack. The Extensible Messaging and Presence Protocol (XMPP), a variant of XML tweaked to be a communications protocol for message-oriented middleware, is what is used to link the virtual routers in server virtualization hypervisors  to the Contrail Controller. The tunneling of network traffic between hypervisors and over those vRouters, as Juniper calls them, is done using Multiprotocol Label Switching (MPLS), which is a technology originally used for routing telecom traffic. MLPS encapsulates this network traffic and can use VMware's VXLAN or Microsoft's NVGRE Layer 2 switching overlays for Layer 3 routing to make all of the machines look like they are connected in a flat Layer 2 network. Like the kind that exists in a physically distinct data center. This is part of the magic of modern networking, and the Contrail Controller can now shape that traffic as hypervisors flit around between machines or workloads on the machines have higher bandwidth demands.

You will notice that OpenFlow is not among the list of protocols supported. And Muglia was blunt about it, saying that OpenFlow is just a management protocol and that Juniper supports hundreds of protocols already and that if customers ask for it, the company can do it.

Finally, the Contrail Controller has hooks up into cloud orchestration tools, with OpenStack being the obvious first choice but CloudStack also supported. As for hypervisors, Red Hat's KVM hypervisor and Citrix Systems' Xen hypervisor are currently supported and can hook into vRouters. The controller can interface with Juniper's own QFX top-of-rack switches, EX modular switches, and MX edge routers to start.

Interestingly, Juniper is also releasing the code behind the Contrail Controller into the open source wild.

EnterpriseTech had a chat with Bob Muglia, a former top executive at Microsoft who is now executive vice president of the Software Solutions Division at Juniper, and he said that when the company acquired Contrail Systems in December 2012, the networking startup had not decided whether it would open source the code.

"They were inclined to do it, and the Contrail team was highly encouraging us to do it," Muglia says of opening up the code. But the decision was made only recently to provide the OpenContrail version, which you can download at <a target="new" href=""></a>. "It was way too early to make a final call back then. What really drove the decision was the many, many conversations we have had with customers we are working with on the product. Customers, almost without exception, want us to make the source code available."

The code for the commercial-grade Contrail Controller and OpenContrail, which is released under an Apache 2.0 license, are identical, says Muglia. So you can deploy it yourself if you have Juniper gear in your data center or you can get the hand-holding from Juniper and pay for licenses and support if you would rather not go it alone.

For the supported version, Contrail is priced on the devices it touches, not based on the capacity of the controller. It costs $1,700 per socket for each server under management, not including maintenance fees. Each network device that Contrail talks to also costs $1,700 a pop. If you want to buy an annual subscription instead of a perpetual license, it costs $1,000 per year per server socket or per network device managed.

One Response to Juniper’s Contrail Virtualizes Networks Without OpenFlow

  1. […] is not the only one who is not focusing solely on OpenFlow. Juniper Networks is peddling an SDN stack called Contrail that similarly relies on other network protocols to accomplish the same task, and switching […]

Add a Comment