Feeds

Juniper open sources Contrail SDN software stack

Brings code to market earlier than expected

Combat fraud and increase customer satisfaction

Switch and router maker Juniper Networks snapped up Contrail Systems, a startup maker of software-defined networking (SDN) software, back in December 2012 for $176m just before Contrail was to uncloak from stealth mode. Juniper outlined its SDN plans a month later, and in May released the code for beta testing. Now, the code is ready for prime time, and Juniper is announcing that it will also release the code under an open source license.

Contrail is an alternative to SDN projects and products from VMware (Nicira), Big Switch Networks, Brocade Communications (Vyatta), HP, IBM, and a number of others. Then there's the OpenDaylight consortium, which is forging a hodge-podge of various code as an open source SDN stack.

No matter what project or vendor, the goal of SDN is roughly the same: to bring virtualization akin to that available for servers and storage to the network, which is too brittle, physical, and dependent on humans with command-line genius.

Ankur Singla, who was CTO at Aruba Networks, and Kireeti Kompella, who was CTO and chief architect of the Junos network operating system at Juniper, founded Contrail Systems in early 2012. They hired a bunch of software engineers and network experts from Cisco and Google to create a controller that would be compatible with the OpenFlow protocols that came out of Stanford University but were based on existing network protocols and would therefore be compatible with existing switches, routers, and server virtualization hypervisors.

Bob Muglia, the ex-Microsoftie who is executive vice president of software at Juniper, tells El Reg that the Contrail plan before the acquisition was to get the code out the door this year.

"We have been working with a wide number of customers, and we expect that at least several of them will go into production during Q4 of this calendar year," Muglia says. "Originally we said it would come out in 2014, and here we are doing it in the third quarter of 2013, and who would think? Usually 'second half' means December 30. I was being conservative. I was the guy who made the decision to say 2014 when all the guys in the Contrail team were committed to shipping something in 2013. But we had just acquired this company and there was no way I was going to commit Juniper to something we had just brought in-house. We always hoped we would ship in the third quarter, but it is always best to be a little conservative. They met their dates, and in my experience, that doesn't always happen."

The Contrail Controller that is coming to market is pretty much exactly as described several months ago when it went into beta testing. The control freak is based on the Border Gateway Protocol (BGP) that is already embedded in Juniper switches and routers as well as those its rivals).

It also employs XMPP, a protocol for transmitting message-oriented middleware messages, to control the virtual switches inside of hypervisors. It uses an existing technology from telecom networks called Multiprotocol Label Switching (MPLS), which encapsulates packets on a network and controls their forwarding through those labels; MLPS exists between Layers 2 and 3 in the network stack.

There are a number of other protocols that the Contrail Controller uses to separate the data and control planes in the switching stack and making them more malleable, but at the moment the OpenFlow protocols are not supported.

"We are not including OpenFlow support in the first version," says Muglia. "The reality is, we will see how the world evolves with OpenFlow. The current usage scenario that people have been using for OpenFlow is more reactive end-to-end, where we have been taking a more proactive overlay approach technically. And it turns out that this is where the industry seems to be going. If there are usages cases for OpenFlow that are interesting and important, it is a protocol – ultimately all OpenFlow is is a protocol – and we support hundreds and hundreds of protocols across Juniper products, and we support a number of them in Contrail and we can add OpenFlow to it. But the real key is what is the usage scenario."

Here are the four layers in the JunosV Contrail controller stack

Here are the four layers in the JunosV Contrail controller stack

In any event, Contrail breaks the network into four control planes – management, services, control, and forwarding – and centralizes some functions on the controller and distributes other functions out onto the switches and routers in the network.

A significant difference between OpenFlow-based controllers and Contrail is that Contrail keeps the master copy of the forwarding tables on the controller and copies them out to the switches rather than keeping the master copies on the switches and aggregating them on the controller after they have been changed.

The controller is written in C++ so it is close to the iron, and has user interfaces written in Python. The stack also includes real-time analytics for the network traffic with a Cassandra distributed hash table database back-ending it. Contrail dashboards plug into the OpenStack cloud controller's Horizon graphical user interface, and data stored in the analytics engine can be exported to Hadoop or a time-series database for further analysis.

The Contrail Controller has hooks into the KVM and Xen hypervisors as well as the OpenStack and CloudStack cloud orchestrators, and is certified to run on Juniper's MX edge routers and EX modular and QFX top-of-rack switches.

Juniper has a very simple pricing scheme for the Contrail Controller: it costs $1,700 per socket for a perpetual license for any server that it brings under management, and $1,700 per network element that is also brought under management. (You have to pay annual maintenance on top of that.) You can also buy it based on an annual subscription of $1,000 per socket or $1,000 per network element, and that fee includes maintenance for that year.

Interestingly, Juniper is also making the Contrail Controller available as an open source project at www.opencontrail.org, and the code for the commercial version and the open source version is identical, says Muglia. None of this open-core stuff. The code has been released under an Apache 2.0 license, which Muglia says is one of the more permissible ones and, importantly, allows for the code to be mixed with OpenStack and CloudStack. Juniper is also announcing a partnership with IBM, which will be integrating Contrail with its SmartCloud Orchestrator. That, of course, is IBM's own distribution of OpenStack. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.