Juniper Contrail Integration with Avi Networks

Introduction


OpenStack Contrail

Organizations understand the benefits of web-scale and cloud-native architectures including flexibility, agility, speed, automation, elastic scale, and cost effectiveness. While they can achieve these benefits for application deployments, legacy networking and application services solutions prevent them from realizing end-to-end benefits for the infrastructure stack. Furthermore, emergence of private, public, and hybrid cloud deployments and heterogeneous environments (bare metal servers, virtual machines, containers) requires a next-generation architecture for software-defined environments.

Juniper and Avi Networks with their software-defined networking and software-defined load balancing solutions enable enterprises to extend the SDN benefits from network layers (L2-L3) to application layers (L4-L7).  This integrated solution enables networks and application services to be provisioned and scaled quickly and automatically to match application and infrastructure automation that is possible with public cloud and private cloud frameworks.

About Juniper Networks Contrail Networking

Contrail Networking, based on the open source OpenContrail project, is a software-defined networking cloud automation solution comprised of a highly available controller and a kernel-embedded virtual router. As leading cloud networking and service orchestration powered by open technology, Juniper’s open solution for cloud and NFV improves business agility with security, availability, performance, automation, and elasticity. More information is available in the Juniper Contrail Networking Data Sheet.

Version Support

Avi and Contrail integration is supported. For further details on supported versions refer to OpenStack Support Matrix.

Features and Benefits

  • Architectural alignment enables seamless integration of Juniper and Avi solutions, delivering intelligent automation
  • Complete automation from L2-L7 enables enterprises to automate their infrastructure.  They can respond quickly and cost-effectively to surging demand, without downtime, enabling applications to be deployed and scaled rapidly
  • Granular visibility into application performance and end-user experience and access to both historical and real-time application analytics enables admins to troubleshoot network incidents within minutes
  • A high-performance networking solution that enables a full-featured, software-defined data center
  • ECMP support for routing traffic to back-end servers

How the Integration Works

The Avi Controller is the single point of integration with Contrail using REST APIs. During initial configuration of the Avi Controller, the admin needs to provide OpenStack credentials and the Contrail API-Server endpoint URL. From there on, the Avi Controller completely automates the entire deployment. As application or network adminstrators configure application load balancers, the Avi Controller automatically creates SEs, adding the virtual network interfaces (vNICs) in the right overlay network to the Avi Service Engines and invokes Contrail APIs to place the virtual IPs (VIPs) on those vNICs without any manual intervention. As application traffic increases, the Avi Controller scales out by creating or additional SEs and placing them in the right network through the integration with OpenStack and Contrail.

Interaction

LBaaS workflow
All interaction between Avi Vantage and Contrail is performed via API calls initiated from the Avi Controller to the Contrail API-Server.  During the OpenStack cloud setup of Avi, Contrail may be selected, along with the Contrail API-Server’s IP or endpoint URL. The Avi Controller uses its OpenStack credentials to authenticate API messages sent to Contrail, which are secure and encrypted via SSL.

API calls are sent from Avi to Contrail whenever a network or IP change needs to be made.  Examples of actions that might necessitate include creation of a new virtual service or VS deletion, spinning up a new Service Engine, or a failover of a Service Engine. In each case the Avi Controller makes appropriate configuration changes to the Avi load balancing infrastructure and sends messages to Contrail to take the corresponding actions to configure the networking. In case of network programming failures, Avi logs an event for the object (such as the virtual service) and marks it down or offline (since it cannot be ‘placed’ in the network).

Calls are sent from Avi Vantage to Neutron or Contrail, or both, depending on the task. Avi supports using either config-drive or metadata service for reading virtual machine properties. By default, Avi tries config-drive first, but uses whichever method is supported by the OpenStack environment.

Floating IP and VIP Management

Avi Vantage can manage load balancing capacity for a VS by dynamically scaling-out or scaling-in the VS on additional SEs. By default, the primary SE for the VS co-ordinates distribution of traffic flows amongst the secondary SEs, including itself. On OpenStack with Contrail, Avi Vantage can take advantage of Contrail’s ECMP support and manage the orchestration of ECMP routes as part of VS placement.

The ECMP can take place at the following locations:

  1. the upstream edge router (e.g., Juniper MX or such)
  2. the Contrail vRouter on the host hypervisor

Virtual Service Creation

Create a virtual service named vs2 using the Avi CLI as follows (or alternatively using Avi UI):

[demo:11-1-1-7]: > configure pool vs2_pool
[demo:11-1-1-7]: pool> servers ip 20.0.0.3 port 80
New object being created
[demo:11-1-1-7]: pool:servers> save
[demo:11-1-1-7]: pool> cloud_ref jvnc2
[demo:11-1-1-7]: pool> tenant_ref demo
[demo:11-1-1-7]: pool> save

[demo:11-1-1-7]: > configure virtualservice vs2
[demo:11-1-1-7]: virtualservice> pool_ref vs2_pool
[demo:11-1-1-7]: virtualservice> cloud_ref jvnc2
[demo:11-1-1-7]: virtualservice> tenant_ref demo
[demo:11-1-1-7]: virtualservice> vip vip_id 0
New object being created
[demo:11-1-1-7]: virtualservice:vip> auto_allocate_ip
[demo:11-1-1-7]: virtualservice:vip> subnet a834986a-385e-4616-9d9c-6b91cfaa51e0
[demo:11-1-1-7]: virtualservice:vip> save
[demo:11-1-1-7]: virtualservice> services
[demo:11-1-1-7]: virtualservice> services port 80
New object being created
[demo:11-1-1-7]: virtualservice:services> save
[demo:11-1-1-7]: virtualservice> save
+----------------------------------+-----------------------------------------------------+
| Field                            | Value                                               |
+----------------------------------+-----------------------------------------------------+
| uuid                             | virtualservice-2f8770d0-20cc-477f-9419-b206b9624389 |
| name                             | vs2                                                 |
| scaleout_ecmp                    | True                                                |
| vip[1]                           |                                                     |
|   vip_id                         | 0                                                   |
|   ip_address                     | 19.1.1.7                                            |
|   enabled                        | True                                                |
|   network_ref                    | 02b846e6-cd68-4c84-b7ab-3709946ed28b                |
|   port_uuid                      | c0e4cb54-8706-4bed-97bb-271a603f858f                |
|   subnet_uuid                    | a834986a-385e-4616-9d9c-6b91cfaa51e0                |
|   subnet                         | 19.1.1.0/24                                         |
|   auto_allocate_ip               | True                                                |
|   auto_allocate_floating_ip      | False                                               |
...
+----------------------------------+-----------------------------------------------------+

The below summary output shows vs2 running on one SE named Avi-se-czpey.

[demo:11-1-1-7]: > show virtualservice vs2 summary
+-----------------------+-----------------------------------------+
| Field                 | Value                                   |
+-----------------------+-----------------------------------------+
| oper_status           |                                         |
|   state               | OPER_UP                                 |
| percent_ses_up        | 100                                     |
| vip_summary[1]        |                                         |
|   vip_id              | 0                                       |
|   oper_status         |                                         |
|     state             | OPER_UP                                 |
|   service_engine[1]   |                                         |
|     ref               | Avi-se-czpey                            |
|     primary           | True                                    |
...
+-----------------------+-----------------------------------------+

Summary

As mutual technology alliances integrating solutions, Juniper Networks & Avi Networks deliver on the promise of SDN: agility, automation, cost effectiveness and scale, from the network layers (L2-3) all the way up to the application layers (L4-7), for enterprises and service providers alike. Networks and services can be provisioned and scaled quickly and automatically, to match application and infrastructure automation that is possible with OpenStack and other orchestration frameworks.