Juniper Networks Contrail Service Orchestration
NFV service creation and automated service delivery
Contrail Service Orchestration is a comprehensive management and orchestration platform that delivers virtualized, managed SDWAN, VPN, and security network services. Offering a single and elegant point-and-click interface, Contrail Service Orchestration allows service providers as well as small, midsize, and large enterprises to selectively or simultaneously centralize and distribute virtual network services in a hybrid deployment model. Product managers get a clean and polished service design experience; service management and troubleshooting are streamlined for administrators; and customers get role-based access to a personalized selfservice portal to select the services that best meet their evolving business requirements.
Service providers today are facing a number of complex network operational challenges, including rigid service delivery infrastructures and operating costs that seldom align with revenue. This hinders their ability to quickly design and deploy new services. Compounding these problems, network operations are increasingly complex and the current infrastructure is expensive to maintain, driving up costs.
Juniper Networks Contrail Service Orchestration empowers both enterprises and service providers to drastically reduce service delivery times for managed services, transforming a several month truck roll experience into a near real-time mouse-click experience by automating the entire service delivery life cycle. It reduces the operational costs associated with creating new services while significantly enhancing customer satisfaction, leading to long-term revenue growth. It also greatly increases network cost efficiency by dynamically and efficiently routing traffic and assigning resources based on analyticsdriven application policies.
Contrail Service Orchestration is built from the ground up to seamlessly integrate with Contrail Cloud Platform for turnkey cloud orchestration, creating a vertically integrated Network Functions Virtualization (NFV) management system and orchestration software stack that addresses virtual and physical network services including SD-WAN, VPN, and security. Third-party VNFs are also easily integrated.
Architecture and Key Components:
Contrail Service Orchestration consists of the following key components:
Network Service Designer: The Network Service Designer provides product managers and network architects with an intuitive point-and-click solution for performing the service definition process of Juniper and third-party VNFs that is part of service life cycle management. An easy step-by-step service design implementation wizard walks users through the complete service definition process, specifying the virtualized network function (VNF) onboarding process, VNF version control, VNF description, and more. Network Service Designer also assists with the service configuration parameters, service chaining templates, and customer-specific service catalogs that get exposed through the customer portal. The entire service definition is saved in a database via standard YANG data models, providing easy integration with third-party operations support systems (OSS) and business support systems (BSS).
Figure 1: Contrail Service Orchestration Network Service Designer
Administration Portal: The Administration Portal gives network administrators simultaneous visibility into customers’ on-premise and hybrid cloud-based services, enabling them to easily monitor and troubleshoot service health and status. Detailed service information is easily accessible for monitoring virtual or physical customer premises equipment (CPE), service level agreements (SLAs), CPE resource diagnostic reports, service catalog resources, and other administrative functions. The Administration Portal supports Role-Based Access Control (RBAC), as well as both local authentication and SAML-based authentication for single sign-on (SSO). Administrators can also create more users with specific roles and access privileges.
Figure 2: Contrail Service Orchestration Administration Portal
Customer Portal: The Customer Portal is provided through a unified portal with access to functions governed by a RBAC to provide a per Tenant Admin and Tenant Operator role (read-only access). End customers have the freedom to self-select the services that best fit their business needs. They also have the ability to select the appropriate service deployment model on premise or in the cloud with the flexibility to determine when to deploy, change, or delete a service in near real time. Service providers can choose to develop their own Customer Portal GUI using REST APIs.
Figure 3: Contrail Service Orchestration Customer Portal
Network Service Controller: In the distributed Cloud CPE deployment model, the Network Service Controller autoassociates, auto-provisions, and auto-manages the CPE devices and Virtual Network Functions (VNFs) on Juniper Networks NFX250 Network Services Platforms. The Network Service Controller automates the entire CPE management process, including remote activation of the CPE devices, enablement of the overlay VPN topology, and device maintenance and monitoring across all site locations.
Network Service Orchestrator: The Network Service Orchestrator automates and orchestrates the entire service creation process, from the time a customer designs, publishes, and selects a new network service across the entire network. In the centralized deployment model, Network Service Orchestrator works with the Contrail Cloud Platform, leveraging OpenStack heat templates to automate the Cloud infrastructure—virtualized service spin-up/spin-down, service configuration, service chaining, and infrastructure resource management. This approach eliminates service provisioning errors and enables near real-time service delivery. In the distributed deployment model, Network Service Orchestrator works in concert with the Network Service Controller to automate the virtualized service spin-up/spin-down, service configuration, service chaining, and virtualized infrastructure resource management processes, eliminating service provisioning errors and enabling near real-time service delivery on NFX250 platforms.
SD-WAN Controller: Contrail Service Orchestration’s SDWAN Controller gives end-customers control and visibility into WAN traffic via the customer portal. End users can define on a per tenant or site level policies that route traffic across multiple WAN links (e.g. business-critical applications run on the purpose-built MPLS network while non-critical applications fun on public broadband). Application performance impacted by throughput, latency, packet loss, jitter, delay, and other network characteristics will dictate the dynamic application routing policies. Customers can adjust policies in real-time; centrally managed policies are pushed to the vSRX virtual firewall(s) running on NFX250 Network Services Platforms and SRX Series Gateways, which enforce the routing policies. Traffic visualization and reports enable customers to continually monitor application behavior.
Figure 4: SD-WAN Visualization
Security Management: New to Contrail Service Orchestration is the ability through the same management platform to orchestrate managed security services as part of the suite of network services. Customers can manage NAT policy or intent-based firewall policy to ensure security across Layer 4 transport rules through Layer 7 application rules. Automation of the policies allow for consistent and easy deployment across the customer’s network. With integrated security dashboards and alerts, customers always have visibility that sites are secure. With security management built in, pervasive and always-on security is part of every deployment.
Figure 5: Integrated Secure SD-WAN
Features and Benefits:
The Contrail product suite is an elegant and modular integrated software stack built upon open protocols and open data models that avoid expensive vendor lock-in. For the first time, customers have the freedom to choose the appropriate Contrail components that meet their business needs: freedom to individually layer SDN control with Contrail Network; freedom to use SDN control and Telco Cloud resource management environments with integrated OpenStack via Contrail Cloud Platform; and freedom to deploy a complete comprehensive management and orchestration layer with Contrail Service Orchestration built with open YANG data models and REST APIs. Openness also extends to an open ecosystem that easily onboards third-party VNFs to enrich the service creation catalog and give customers additional service delivery options.
Intelligent Management and Orchestration
With a simplified service creation workflow portal, product managers can intelligently and confidently define a customized service catalog through an intuitive, user-friendly service creation wizard. Leveraging insightful resource management schemas, Contrail Service Orchestration recommends the most efficient service creation model based upon defined VNFs that will best meet the customer’s requirements. Eliminating erroneous, errorprone, human-driven provisioning processes, the intelligent service design portal establishes a workflow that reduces the time required to define and deliver new services to market, increasing productivity and lowering operational expenses.
Intelligent service creation is followed up with automated service delivery. Once a customer selects a service they want, the entire service life cycle is orchestrated, no matter which deployment model is required (centralized, distributed, or hybrid). A consistent cohesive delivery model is automated through the entire software stack and also throughout the entire network infrastructure.
Customizable user-defined portals can be created, elevating user satisfaction, driving a tighter partnership with customers, and ultimately leading to increased profitability. Service providers can build specific service catalogs that are unique to their own or their customers’ business objectives.
|Contrail Service Orchestration is built from the ground up with openness at its core; open protocols, open YANG data models, and open APIs easily integrate into existing OSS/BSS environments.||With a complete management and orchestration software stack, customers can take advantage of accelerated innovation by leveraging the power of the open-source community.|
|Customized service onboarding with customer-specific profiles provides a personalized user experience.||Every customer receives a personalized experience, allowing for the creation of services that best fit business needs.|
|Seamless integration with Contrail Cloud Platform ensures an automated management and service orchestration experience across the entire infrastructure.||Contrail Service Orchestration can easily be integrated into existing OSS/BSS networking environments.|
|Multiple NFV use cases are simultaneously supported, including Juniper’s Cloud CPE solution, in a centralized, distributed, or hybrid deployment model extending to the customer premise.||Solution addresses any deployment model; services can be seamlessly chained together to increase revenue-generating service delivery opportunities such as SD-WAN, vCPE, and Telco Cloud.|
|Security Management is fully integrated for simplified, automated and consistent security enforcement.||Security is pervasive and always-on to ensure every deployment is secure. Integrated security visualization provides customer insight to stay ahead of new threats.|
|Intelligently managed services extend through their entire life cycle with feature-rich service design and administrative tools.||New services can be cataloged in minutes to quickly meet customer demands and assure the service for greater customer satisfaction. A multi-tenant control system provides each tenant individualized management of their services.|
|Built-in Juniper physical network element manager.||Contrail Service Orchestration automatically connects the access layer to the provider edge gateway in a central office to the virtual service instance.|
|Zero-touch provisioning and configuration for distributed Cloud CPE deployment models.||The network activator application provides zero-touch support for the NFX Series, starting with Day One configuration, detailed administrative device management and contrail cloud platform VNF life-cycle management coherency.|
|Deploy any deployment model over any network implementation.||Contrail Service Orchestration supports any WAN architecture with its transport-agnostic VPN management capabilities. It autoprovisions the underlay WAN network transport with various VPN technologies such as IP-Sec, GRE Tunneling, L2/L3 VPN, and more.|
System recommendations and operating environment depend on the intended use of the servers. There are four recommended Contrail Service Orchestration deployment configurations to support varying scale and redundancy:
- Demonstration mode for non-high availability
- Production mode for non-high availability
- Production mode with high availability
- Trial mode with high availability In each configuration, the allocated virtual machines perform the following unique functions:
- Installer virtual machine
- Contrail Analytics virtual machine
- Infrastructure services
- Load balancing4, Ubuntu 13.x)
Recommended Operating Environment
- Network: 1GbE or 10GbE interface card (one or more)
- OS: Linux OS (Ubuntu 14.04.5 LTS)
- Storage: Greater than 1 TB Serial Advanced Technology Attachment (SATA), Serial Attached SCSI (SAS), or solidstate drive (SSD)
- Servers: Quanta (QuantaPlex T41S-U), Supermicro (SYS- 2028TPHC1TR-OTO-4), or Dell (R420) (Intel E5-2670v3 or better) using 64-bit dual x86 processor
Table 1 below reflects the server requirements per configuration. Detailed configurations of virtual machines and memory allocations to the Contrail Service Orchestration functions can be found in the Contrail Service Orchestration deployment guide.
|Server Requirements per Configuration|
|Configuration||Number of Servers||vCPUs per Server||Memory per Server (GB RAM)|
|Demo non-HA configuration||2||48||256|
|Production non-HA configuration||3||48||256|
|Production HA configuration||9||48||256|
|Trial HA configuration||3||48||256|
Note: In the high-availability configuration, the pairing of three servers function in a mesh configuration to support stateful failover in the event that a virtual machine experiences a failure.
Download the Juniper Networks Contrail Service Orchestration Data Sheet (PDF).