Nick Davey, Senior Product Manager, Cloud and SDN, Juniper Networks

Juniper Networks Cloud-Native Contrail Networking

Telco Cloud
Nick Davey Headshot
Screenshot from the presentation includes presenter Nick Davey’s video picture in the bottom left. His presentation is frozen on the slide that is titled, “What Makes Contrail Unique.” It includes the following boxes with the feature written underneath and a green drawing illustrating the idea of each feature: Advanced Networking, Application Based Network Policy, Spans VMs and Containers, Multi-cluster Connectivity, Extends K8 Native Tools, and Automate and Validate.

Consider this your introduction to the Cloud-Native Contrail project.

In this video from Cloud Field Day 2021, Juniper’s Nick Davey takes you through the sophisticated networking capabilities that Contrail Networking brings to Kubernetes, including ingress, load balancing, multicluster connectivity, and more. 

Show more

You’ll learn

  • What’s driving advancements in our enterprise portfolio (spoiler alert: it’s user experience) 

  • An overview of Contrail and how its central to our cloud networking strategy 

  • What makes contrail unique when it’s installed in a Kubernetes cluster 

Who is this for?

Network Professionals Business Leaders


Nick Davey Headshot
Nick Davey
Senior Product Manager, Cloud and SDN, Juniper Networks


0:08 good morning everyone or good afternoon

0:09 or wherever in the world you are good

0:11 day

0:12 my name is nick davey i'm a product

0:13 manager with the cloud ready data center

0:15 business unit at juniper and i work on

0:18 the contrail project

0:19 which i'm excited to talk to you a

0:21 little bit about today

0:23 we have

0:24 a fantastic agenda lined up for you all

0:27 we're going to do a brief overview of

0:29 contrail networking talk a little bit

0:31 about what it is and what it does

0:33 then prasad and michael henkel will take

0:35 you through the architecture of contrail

0:39 and some of the changes we've been

0:40 working on over the past year or so

0:43 we'll have a section about observability

0:46 and analytics because

0:47 once you get everything connected and

0:49 secured in the cloud

0:51 we're of course going to need to figure

0:52 out where traffic's going and and how

0:54 it's flowing

0:56 and so my colleagues prasad and sean

0:58 will be covering that and then finally

1:00 we'll talk to you about our contrail

1:02 pipelines uh product offering and and

1:04 what we've been building around uh the

1:07 themes of git ops and automation and

1:09 roche will be presenting that

1:11 and then finally

1:13 after the contrail section is wrapped up

1:15 we'll be talking to our colleagues about

1:18 our client to cloud sd-wan experience

1:22 and

1:23 that's that's how we'll cap off today's

1:25 session

1:26 uh of course if you do have any

1:27 questions please jump in we're all

1:29 excitedly anticipating uh your questions

1:32 so please don't hesitate

1:35 all right uh with the agenda aside um i

1:37 want to talk to you a little bit about

1:39 what

1:40 what's motivating

1:41 all of these

1:43 advancements and all the the work that

1:45 we've been doing at juniper

1:48 experience has been our our main focus

1:51 at juniper for a number of years and

1:53 that's operator experience that's

1:55 administrator experience and that's

1:56 ultimately customer and client

1:58 experience

2:00 uh whether it's just the operator

2:02 enhancements that we originally built

2:03 into the junos operating system making

2:05 it easier to avoid errors and

2:08 less

2:09 less risky to introduce changes to a

2:11 network

2:12 to the automation

2:14 offered by appstra or the cloud

2:16 connectivity offered by contrail

2:19 experience is really what's driving all

2:21 of the work that we do

2:22 we understand that networks and clouds

2:24 today are made out of many complex

2:27 projects products protocols

2:31 there's all kinds of variables that we

2:33 have to manage so

2:34 what juniper has been focused on is

2:37 simplifying and improving that

2:38 experience and making all of this

2:41 mess a little bit more manageable

2:44 and cloud really

2:46 is the thread that runs through

2:47 everything that we do at juniper whether

2:50 it's building the infrastructure for

2:51 clouds in the underlay or building the

2:53 software that connects together all of

2:55 our applications in the overlay

2:58 all of that work contributes to

3:00 improving the overall experience of

3:02 managing complex applications

3:06 and contrail is central to our cloud

3:09 networking strategy

3:11 control is how we deliver a simplified

3:14 user experience to complex cloud

3:16 applications so i'm going to talk to you

3:18 a little bit about contrail and what

3:20 we've been up to

3:23 over the past couple years we've noticed

3:25 the trend of operators both in the

3:27 enterprise and in service providers

3:30 starting to explore

3:32 new orchestrator technologies

3:34 uh kubernetes burst onto the scene in

3:37 the enterprise application hosting space

3:39 and offered a new and dynamic model for

3:42 workload orchestration

3:44 really kubernetes crystallized a lot of

3:46 the concepts we've been working on as an

3:48 industry around cloud native um

3:50 improving application delivery

3:53 improving the reliability of the

3:54 applications that we deploy and overall

3:57 uh just working to build a

4:00 human-consumable interface to all of

4:03 these resources that we have to manage

4:06 in

4:07 classic deployments kubernetes sat at

4:10 the top of the stack managing the

4:11 applications themselves and there was a

4:12 whole bunch of infrastructure that

4:14 powered the the kubernetes

4:17 infrastructure

4:19 openstack and other orchestrators were

4:21 responsible for managing the bare metal

4:23 and the underlying pool of resources and

4:26 kubernetes ran on top of that just like

4:28 any other application

4:30 but where kubernetes used to run on the

4:32 bare metal before

4:34 today kubernetes is running the bare

4:36 metal as an orchestrator kubernetes has

4:39 expanded its purview

4:40 to offer support for virtual machines

4:43 for

4:45 arbitrary network connections

4:47 for bare metal management in essence

4:50 kubernetes has really eaten the whole

4:52 cloud stack and is becoming the

4:53 orchestrator that powers all of our

4:55 infrastructure

4:57 and so contrail coming from its

4:59 stronghold of openstack sdn

5:03 we need to

5:05 adopt these trends as well

5:08 when we built contrail we originally

5:10 built them or built the product out of

5:12 the best of breed cloud technology

5:14 available at the time but as cloud

5:16 technology evolved so too must our

5:18 architecture

5:20 so today we're going to be talking to

5:21 you about how we have woven kubernetes

5:25 into the fabric of contrail how we've

5:28 integrated our api into the kubernetes

5:30 api and what the benefits are of doing

5:33 that

5:34 of course the immediate benefit is we

5:36 can provide networking to kubernetes

5:37 pods and vms that are being orchestrated

5:39 by kubernetes but there's just so much

5:41 more that we bring to the user

5:43 experience of managing complex cloud

5:46 applications

5:49 the goal of contrail is to first of all

5:52 implement kubernetes networking in a

5:54 non-threatening way

5:56 kubernetes is a workload orchestrator so

5:58 as our

6:00 application owners and as cluster

6:01 operators add apps to the orchestrator

6:04 there's an expectation that they can

6:06 consume resources like

6:09 load balancers and apply firewall

6:11 policies

6:12 basically consume all of the networking

6:15 primitives built inside of kubernetes

6:17 so contrail's first goal is to not scare

6:20 any developer or application owner when

6:23 contrail is installed in a kubernetes

6:24 cluster we provide networking

6:27 like any other

6:28 container network interface

6:31 and we do so in a way that streamlines

6:33 things like bare metal deployments we

6:35 basically build in all of the various

6:38 services and infrastructure that you

6:40 need to run your apps on top of

6:42 kubernetes

6:44 now once you move beyond the kind of

6:46 basic set of of network connectivity

6:49 offered inside of kubernetes if for

6:52 example you've got a more complex use

6:54 case where you're running a container

6:56 network function like a firewall or an

6:58 inspection engine inside of kubernetes

7:01 you need the ability to create

7:04 complex or arbitrary networks

7:06 if that container network function is

7:08 offering subscriber services or

7:11 you know hosting an application through

7:13 a virtual ip you may even need to

7:15 introduce a routing protocol into your

7:17 kubernetes cluster yes

7:19 what's old is new again um so in order

7:22 to

7:23 accomplish that contrail brings with

7:25 that sort of base set of kubernetes

7:26 networking a robust set of advanced

7:29 networking tools

7:31 the ability to create arbitrary l2 and

7:33 l3 segments inside kubernetes the

7:35 ability to extend routing protocols to

7:38 inspect and mirror traffic all of the

7:40 set of tools that you would expect out

7:42 of a production network infrastructure

7:45 are made available to you now in a

7:46 kubernetes cluster

7:49 and this doesn't just apply to

7:50 kubernetes clusters i mean yeah

7:52 we'll talk a little bit about this later

7:54 but

7:55 it's possible to run vms inside of

7:57 kubernetes using kubevert

8:00 and the experience is just absolutely

8:01 phenomenal kubernetes is an incredibly

8:04 fast api so orchestrating vms in

8:06 kubernetes is a really snappy experience

8:10 but we also bridge or offer connectivity

8:13 back to openstack deployments as well so

8:16 that same contrail sdn that powers

8:19 openstack can connect to your kubernetes

8:21 cluster and offer a seamless networking

8:23 experience

8:26 in general in cloud 1.0 there was a

8:29 trend um to geographically distribute

8:32 infrastructure or to

8:34 you know like a break up the blast

8:35 radius

8:36 and so multi-cluster connectivity was

8:39 always a

8:41 solution that we offered

8:43 but multi-cluster with kubernetes has

8:45 taken on a new meaning

8:47 kubernetes clusters tend to be

8:49 much smaller than openstack clusters

8:52 they tend to be either application or

8:54 department specific at least right now

8:57 and so there's a big challenge that

8:59 that that deployment pattern presents we

9:02 need to tie together all of those

9:03 clusters to give them consistent

9:05 connectivity security and visibility and

9:08 so in order to accomplish that we've

9:10 built multi-cluster into contrail

9:13 and which allows us to not only run

9:17 the the networking out of multiple or

9:19 for multiple kubernetes clusters

9:21 but also to connect together

9:24 remote kubernetes clusters and provide

9:27 seamless overlay forwarding between them

9:31 you've heard me talk a little bit about

9:33 kubevert and

9:34 we'll talk a little bit about uh

9:36 federation later when we talk about

9:38 multi-cluster

9:40 for everything that we're doing we're

9:41 building on top of the great work that

9:42 the kubernetes community has started um

9:45 we're extending these projects uh we're

9:48 integrating a robust set of networking

9:51 tools into them

9:53 so

9:54 the the goal here is to

9:56 work alongside the community and offer a

9:59 better experience for networking

10:01 juniper's not reinventing the wheel with

10:03 anything that we're doing here

10:07 and finally

10:08 with all of these

10:10 projects integrated and extended

10:12 we have a great set of

10:15 capabilities that we can present that

10:17 allow for easy automation through things

10:20 like text-based configuration of your

10:23 entire infrastructure

10:24 and then validation that we can wrap

10:26 around that using

10:28 pipelines and other

10:30 other automation techniques you'll hear

10:32 all about these concepts and details

10:34 from my colleagues in some coming

10:36 sections

10:38 i want to just talk about the challenge

10:40 that multi-cluster presents before i

10:42 hand over the microphone because

10:44 i mean in classic clouds this was a

10:46 challenge in next generation

10:48 container-powered clouds this is a

10:51 massive challenge

10:53 um

10:54 infrastructure and

10:56 just networking and security are

10:58 organizational concepts we have

11:01 connectivity profiles that we need to

11:03 create

11:04 we have security profiles that we need

11:06 to apply

11:08 and so

11:09 the challenge has always been in

11:11 multi-cluster setups

11:13 once you establish connectivity how do

11:15 you

11:16 have that or establish that ext

11:18 that experience of having your policies

11:22 and your

11:23 your connectivity everywhere that you go

11:26 in classic contrail we did this through

11:28 bgp peering and some clever exchange of

11:30 routes that allowed for overlay tunnels

11:32 to be established between clusters but

11:34 with kubernetes we don't have to make

11:37 bgp our dmarc point

11:39 instead we can plug the sdn directly

11:41 into multiple clusters so that logically

11:45 the clusters are separated i mean it's a

11:48 dedicated kubernetes control plane for

11:49 the application

11:51 but

11:51 the networking is shared between all of

11:54 those clusters allowing you to control

11:56 connectivity between them and all of the

11:58 applications residing in the clusters

12:00 through a common interface

12:02 now i did mention blast radius and

12:04 that's still a concern so when you do

12:06 need to segment up your network either

12:08 for resiliency or for latency or for any

12:12 other reason you still have the ability

12:14 to federate the

12:16 multi-cluster deployments so you can

12:19 really pick the best multi-cluster

12:22 architecture for use for your solution

12:24 you can have these kind of

12:26 clusters of clusters in a region that

12:29 give you segmentation and security and

12:31 then tie all of those clusters together

12:33 using kubefed and configuration

12:36 federation

12:37 and leverage contrail to establish

12:39 seamless connectivity between all of

12:41 them

12:42 we'll talk about this in detail i know

12:44 this is a bit of a

12:45 complex uh concept to cover in a brief

12:48 introduction so my colleagues are going

12:50 to walk us through it all

12:55 what we're really building towards

12:57 though is the ability to put the right

13:00 workload in the right location and

13:03 deliver again that

13:04 incredible experience to our customers

13:06 and our users

13:08 it's the ability to stretch our network

13:11 wherever it need be to apply our

13:13 policies

13:14 everywhere pervasively throughout our

13:16 network and to have visibility into

13:18 everything that's going on in the

13:19 cluster

Show more