Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Summary

In this use case, you used Contrail Command to onboard a fabric of QFX switches, configure segmented networks on top of this fabric, and set up a path between the segmented networks through an SRX firewall.

Although the example network in this use case is fairly basic, these same fundamental procedures apply equally well to cloud-scale data centers. The notion of configuring the fabric as a whole while leaving individual device configuration details to Contrail Networking allows these procedures to scale gracefully. With a well-crafted device YAML file, Contrail Networking can discover and onboard your fabric without requiring you to work with each fabric device individually.

While using Contrail Networking to onboard a fabric is relatively straightforward, it is just a prerequisite to what you really want to do, which is to use an SDN solution to create the overlay segmented networks on top of this fabric. Since you typically onboard a fabric once at the beginning and only occasionally thereafter, it is equally if not more important for Contrail Networking to provide an efficient way for you to set up your overlay segmented networks, which you perform on a regular basis. In this use case, you created overlay segmented networks by defining the network, the routing instance, and the endpoints, all from a network-wide point of view, again achieving scale that you would not normally achieve if you had to configure the network devices individually.

What's Next

Now that you’ve created the segmented networks and connected them through an SRX firewall, you should log in to the SRX firewall and change the security policies to align with your security requirements. See SRX documentation for information on how to set up security policies.