Juniper Networks Cloud-Native Contrail Networking

0:08 good morning everyone or good afternoon

0:09 or wherever in the world you are good

0:11 day

0:12 my name is nick davey i'm a product

0:13 manager with the cloud ready data center

0:15 business unit at juniper and i work on

0:18 the contrail project

0:19 which i'm excited to talk to you a

0:21 little bit about today

0:23 we have

0:24 a fantastic agenda lined up for you all

0:27 we're going to do a brief overview of

0:29 contrail networking talk a little bit

0:31 about what it is and what it does

0:33 then prasad and michael henkel will take

0:35 you through the architecture of contrail

0:39 and some of the changes we've been

0:40 working on over the past year or so

0:43 we'll have a section about observability

0:46 and analytics because

0:47 once you get everything connected and

0:49 secured in the cloud

0:51 we're of course going to need to figure

0:52 out where traffic's going and and how

0:54 it's flowing

0:56 and so my colleagues prasad and sean

0:58 will be covering that and then finally

1:00 we'll talk to you about our contrail

1:02 pipelines uh product offering and and

1:04 what we've been building around uh the

1:07 themes of git ops and automation and

1:09 roche will be presenting that

1:11 and then finally

1:13 after the contrail section is wrapped up

1:15 we'll be talking to our colleagues about

1:18 our client to cloud sd-wan experience

1:22 and

1:23 that's that's how we'll cap off today's

1:25 session

1:26 uh of course if you do have any

1:27 questions please jump in we're all

1:29 excitedly anticipating uh your questions

1:32 so please don't hesitate

1:35 all right uh with the agenda aside um i

1:37 want to talk to you a little bit about

1:39 what

1:40 what's motivating

1:41 all of these

1:43 advancements and all the the work that

1:45 we've been doing at juniper

1:48 experience has been our our main focus

1:51 at juniper for a number of years and

1:53 that's operator experience that's

1:55 administrator experience and that's

1:56 ultimately customer and client

1:58 experience

2:00 uh whether it's just the operator

2:02 enhancements that we originally built

2:03 into the junos operating system making

2:05 it easier to avoid errors and

2:08 less

2:09 less risky to introduce changes to a

2:11 network

2:12 to the automation

2:14 offered by appstra or the cloud

2:16 connectivity offered by contrail

2:19 experience is really what's driving all

2:21 of the work that we do

2:22 we understand that networks and clouds

2:24 today are made out of many complex

2:27 projects products protocols

2:31 there's all kinds of variables that we

2:33 have to manage so

2:34 what juniper has been focused on is

2:37 simplifying and improving that

2:38 experience and making all of this

2:41 mess a little bit more manageable

2:44 and cloud really

2:46 is the thread that runs through

2:47 everything that we do at juniper whether

2:50 it's building the infrastructure for

2:51 clouds in the underlay or building the

2:53 software that connects together all of

2:55 our applications in the overlay

2:58 all of that work contributes to

3:00 improving the overall experience of

3:02 managing complex applications

3:06 and contrail is central to our cloud

3:09 networking strategy

3:11 control is how we deliver a simplified

3:14 user experience to complex cloud

3:16 applications so i'm going to talk to you

3:18 a little bit about contrail and what

3:20 we've been up to

3:23 over the past couple years we've noticed

3:25 the trend of operators both in the

3:27 enterprise and in service providers

3:30 starting to explore

3:32 new orchestrator technologies

3:34 uh kubernetes burst onto the scene in

3:37 the enterprise application hosting space

3:39 and offered a new and dynamic model for

3:42 workload orchestration

3:44 really kubernetes crystallized a lot of

3:46 the concepts we've been working on as an

3:48 industry around cloud native um

3:50 improving application delivery

3:53 improving the reliability of the

3:54 applications that we deploy and overall

3:57 uh just working to build a

4:00 human-consumable interface to all of

4:03 these resources that we have to manage

4:06 in

4:07 classic deployments kubernetes sat at

4:10 the top of the stack managing the

4:11 applications themselves and there was a

4:12 whole bunch of infrastructure that

4:14 powered the the kubernetes

4:17 infrastructure

4:19 openstack and other orchestrators were

4:21 responsible for managing the bare metal

4:23 and the underlying pool of resources and

4:26 kubernetes ran on top of that just like

4:28 any other application

4:30 but where kubernetes used to run on the

4:32 bare metal before

4:34 today kubernetes is running the bare

4:36 metal as an orchestrator kubernetes has

4:39 expanded its purview

4:40 to offer support for virtual machines

4:43 for

4:45 arbitrary network connections

4:47 for bare metal management in essence

4:50 kubernetes has really eaten the whole

4:52 cloud stack and is becoming the

4:53 orchestrator that powers all of our

4:55 infrastructure

4:57 and so contrail coming from its

4:59 stronghold of openstack sdn

5:03 we need to

5:05 adopt these trends as well

5:08 when we built contrail we originally

5:10 built them or built the product out of

5:12 the best of breed cloud technology

5:14 available at the time but as cloud

5:16 technology evolved so too must our

5:18 architecture

5:20 so today we're going to be talking to

5:21 you about how we have woven kubernetes

5:25 into the fabric of contrail how we've

5:28 integrated our api into the kubernetes

5:30 api and what the benefits are of doing

5:33 that

5:34 of course the immediate benefit is we

5:36 can provide networking to kubernetes

5:37 pods and vms that are being orchestrated

5:39 by kubernetes but there's just so much

5:41 more that we bring to the user

5:43 experience of managing complex cloud

5:46 applications

5:49 the goal of contrail is to first of all

5:52 implement kubernetes networking in a

5:54 non-threatening way

5:56 kubernetes is a workload orchestrator so

5:58 as our

6:00 application owners and as cluster

6:01 operators add apps to the orchestrator

6:04 there's an expectation that they can

6:06 consume resources like

6:09 load balancers and apply firewall

6:11 policies

6:12 basically consume all of the networking

6:15 primitives built inside of kubernetes

6:17 so contrail's first goal is to not scare

6:20 any developer or application owner when

6:23 contrail is installed in a kubernetes

6:24 cluster we provide networking

6:27 like any other

6:28 container network interface

6:31 and we do so in a way that streamlines

6:33 things like bare metal deployments we

6:35 basically build in all of the various

6:38 services and infrastructure that you

6:40 need to run your apps on top of

6:42 kubernetes

6:44 now once you move beyond the kind of

6:46 basic set of of network connectivity

6:49 offered inside of kubernetes if for

6:52 example you've got a more complex use

6:54 case where you're running a container

6:56 network function like a firewall or an

6:58 inspection engine inside of kubernetes

7:01 you need the ability to create

7:04 complex or arbitrary networks

7:06 if that container network function is

7:08 offering subscriber services or

7:11 you know hosting an application through

7:13 a virtual ip you may even need to

7:15 introduce a routing protocol into your

7:17 kubernetes cluster yes

7:19 what's old is new again um so in order

7:22 to

7:23 accomplish that contrail brings with

7:25 that sort of base set of kubernetes

7:26 networking a robust set of advanced

7:29 networking tools

7:31 the ability to create arbitrary l2 and

7:33 l3 segments inside kubernetes the

7:35 ability to extend routing protocols to

7:38 inspect and mirror traffic all of the

7:40 set of tools that you would expect out

7:42 of a production network infrastructure

7:45 are made available to you now in a

7:46 kubernetes cluster

7:49 and this doesn't just apply to

7:50 kubernetes clusters i mean yeah

7:52 we'll talk a little bit about this later

7:54 but

7:55 it's possible to run vms inside of

7:57 kubernetes using kubevert

8:00 and the experience is just absolutely

8:01 phenomenal kubernetes is an incredibly

8:04 fast api so orchestrating vms in

8:06 kubernetes is a really snappy experience

8:10 but we also bridge or offer connectivity

8:13 back to openstack deployments as well so

8:16 that same contrail sdn that powers

8:19 openstack can connect to your kubernetes

8:21 cluster and offer a seamless networking

8:23 experience

8:26 in general in cloud 1.0 there was a

8:29 trend um to geographically distribute

8:32 infrastructure or to

8:34 you know like a break up the blast

8:35 radius

8:36 and so multi-cluster connectivity was

8:39 always a

8:41 solution that we offered

8:43 but multi-cluster with kubernetes has

8:45 taken on a new meaning

8:47 kubernetes clusters tend to be

8:49 much smaller than openstack clusters

8:52 they tend to be either application or

8:54 department specific at least right now

8:57 and so there's a big challenge that

8:59 that that deployment pattern presents we

9:02 need to tie together all of those

9:03 clusters to give them consistent

9:05 connectivity security and visibility and

9:08 so in order to accomplish that we've

9:10 built multi-cluster into contrail

9:13 and which allows us to not only run

9:17 the the networking out of multiple or

9:19 for multiple kubernetes clusters

9:21 but also to connect together

9:24 remote kubernetes clusters and provide

9:27 seamless overlay forwarding between them

9:31 you've heard me talk a little bit about

9:33 kubevert and

9:34 we'll talk a little bit about uh

9:36 federation later when we talk about

9:38 multi-cluster

9:40 for everything that we're doing we're

9:41 building on top of the great work that

9:42 the kubernetes community has started um

9:45 we're extending these projects uh we're

9:48 integrating a robust set of networking

9:51 tools into them

9:53 so

9:54 the the goal here is to

9:56 work alongside the community and offer a

9:59 better experience for networking

10:01 juniper's not reinventing the wheel with

10:03 anything that we're doing here

10:07 and finally

10:08 with all of these

10:10 projects integrated and extended

10:12 we have a great set of

10:15 capabilities that we can present that

10:17 allow for easy automation through things

10:20 like text-based configuration of your

10:23 entire infrastructure

10:24 and then validation that we can wrap

10:26 around that using

10:28 pipelines and other

10:30 other automation techniques you'll hear

10:32 all about these concepts and details

10:34 from my colleagues in some coming

10:36 sections

10:38 i want to just talk about the challenge

10:40 that multi-cluster presents before i

10:42 hand over the microphone because

10:44 i mean in classic clouds this was a

10:46 challenge in next generation

10:48 container-powered clouds this is a

10:51 massive challenge

10:53 um

10:54 infrastructure and

10:56 just networking and security are

10:58 organizational concepts we have

11:01 connectivity profiles that we need to

11:03 create

11:04 we have security profiles that we need

11:06 to apply

11:08 and so

11:09 the challenge has always been in

11:11 multi-cluster setups

11:13 once you establish connectivity how do

11:15 you

11:16 have that or establish that ext

11:18 that experience of having your policies

11:22 and your

11:23 your connectivity everywhere that you go

11:26 in classic contrail we did this through

11:28 bgp peering and some clever exchange of

11:30 routes that allowed for overlay tunnels

11:32 to be established between clusters but

11:34 with kubernetes we don't have to make

11:37 bgp our dmarc point

11:39 instead we can plug the sdn directly

11:41 into multiple clusters so that logically

11:45 the clusters are separated i mean it's a

11:48 dedicated kubernetes control plane for

11:49 the application

11:51 but

11:51 the networking is shared between all of

11:54 those clusters allowing you to control

11:56 connectivity between them and all of the

11:58 applications residing in the clusters

12:00 through a common interface

12:02 now i did mention blast radius and

12:04 that's still a concern so when you do

12:06 need to segment up your network either

12:08 for resiliency or for latency or for any

12:12 other reason you still have the ability

12:14 to federate the

12:16 multi-cluster deployments so you can

12:19 really pick the best multi-cluster

12:22 architecture for use for your solution

12:24 you can have these kind of

12:26 clusters of clusters in a region that

12:29 give you segmentation and security and

12:31 then tie all of those clusters together

12:33 using kubefed and configuration

12:36 federation

12:37 and leverage contrail to establish

12:39 seamless connectivity between all of

12:41 them

12:42 we'll talk about this in detail i know

12:44 this is a bit of a

12:45 complex uh concept to cover in a brief

12:48 introduction so my colleagues are going

12:50 to walk us through it all

12:55 what we're really building towards

12:57 though is the ability to put the right

13:00 workload in the right location and

13:03 deliver again that

13:04 incredible experience to our customers

13:06 and our users

13:08 it's the ability to stretch our network

13:11 wherever it need be to apply our

13:13 policies

13:14 everywhere pervasively throughout our

13:16 network and to have visibility into

13:18 everything that's going on in the

13:19 cluster