Juniper Networks have launched their software defined networking (SDN) solution OpenContrail using the permissive Apache v2 open source software license. This means that there is now an open source alternative to VMware’s NSX solution for SDN, which was launched last month at VMworld.
Like NSX, OpenContrail offers overlay networks using generic routing encapsulation (GRE) or VXLAN techniques for software implemented network switches and routers running in a virtual machine environment. OpenContrail, also like NSX, has the ability to control hardware based network equipment. The principle difference between the platforms lies in their connection to orchestration systems. OpenContrail has been developed to work with the OpenStack cloud management platform whilst NSX is aligned to VMware’s vCloud Automation Center (vCAC).
OpenContrail integrates with OpenStack as a provider to the Neutron (formerly Quantum) networking as a service project. The ‘North bound’ API is also available for integration directly into applications as illustrated by the network virtualization architecture deep dive presentation that accompanied the launch.
The core technology for OpenContrail comes from Juniper’s acquisition last year of Contrail Systems, an SDN startup that was founded by a number of ex Juniper engineers. The system differs from other SDN approaches by strong use of data models internally to handle the relationships between application requirements and networking capabilities under management.
Cisco have been trying to downplay the impact of SDN on networking with their CTO Padamasree Warrior blogging about Limitations of a Software-Only Approach to Data Center Networking. Unfortunately the post seemed to ignore that NSX isn’t just software, and can be used to manage hardware too as noted in a debunking post from networking industry commentator Art Fewell. Having their largest competitor, Juniper, bring an open source equivalent to NSX to market with OpenContrail adds to the strain on Cisco’s ecosystem and those working within it.
One thing missing from the OpenContrail announcement is any mention of the Open Networking Foundation (ONF) forwarding plane control protocol OpenFlow or the Linux Foundation’s OpenDaylight initiative to create an open source implementation of a ‘North bound’ API. Juniper has previously announced support for both OpenFlow and OpenDaylight. In this respect Juniper are following VMware’s example. Whilst OpenFlow originated from Nicira, which now forms a major part of NSX, there was no reference to OpenFlow at the NSX launch. Similarly VMware is also a member of the OpenDaylight project, but has chosen not to wait for an open source API to emerge before bringing products to market.
The OpenContrail API is generated from its internal data model, and supports create, read, update and delete (CRUD) operations via a RESTful interface. The project also offers Python, C++ and JavaScript bindings. Applications are able to interact directly with the API, and don’t have to go via an orchestration system. InfoQ reached out to Kireeti Kompalla, Juniper’s Chief Architect and CTO for SDN to get further details on how they handle multiple masters:
All data model operations, once authenticated and verified, end up in a database. This DB is organized hierarchically. So an orchestrator that wants to create a new Virtual Network under a Project can first ask, what VNs have already been defined under that Project?
It’s also worth noting that OpenContrail uses a distributed hash table (DHT) NoSQL approach to the database to avoid single points of failure.