• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Gestalt IT

Your Place For the Latest News in Enterprise IT

  • Exclusives
  • Tech Talks
  • Field Day
  • Favorites
  • *
  • Rundown
  • Gestalt News
  • Podcast

Getting Out From Under the Policy Boulder with Juniper’s Contrail Policy Framework

Scale puts strain on almost any system. In IT terms, we think about how otherwise reliable networking architectures and scheme suddenly fall on their face when deployed at scale. This isn’t too surprising. Scale makes small flaws exponentially glaring. Sadly, solutions to those flaws often don’t scale nearly as effectively. Far too often, these solutions are deployed individually, with lots of manual intervention needed. This is inefficient. Indeed, the inefficiency actually scales while the solution remains inadequate.

Now consider this issue when it comes to network policy management, and you can easily appreciate the challenges this has for an organization. Poorly configured policy can lead to business outages, security vulnerabilities, or just bad end-user experience. As organizations add more applications, test/dev environments, and sites, it can seem like a Sisyphean task

Policy in Contrail

Juniper Networks’ Contrail SDN management platform has some interesting capabilities to make policy creation and enforcement more manageable.

Contrail was developed to provide an evolved policy framework, one that’s focused not just not network topology, but rather to be application centric.

To this point, Contrail provides a visualization of application topology, to easily see flows between applications across the network. This is paired with the ability to easily enter in policy requirements in relatively easy to understand language.

A Game of Tags

This application topology is tagged based, rather than looking strictly at packets and networking destinations. The rationale for this is that the network destination often need to change, but the intent surrounding an application rarely does. This tag-based approach lets the workload live anywhere and still not fall through the cracks.

Proscriptive tags include application, deployment, site, tier, and labels. Most of these are self explanatory. In the case of labels, these are more freeform tags, which become useful when working with an application manifest in something like Kubernetes.

Tags can be attached at different levels of the application topography, from global application all the way down through the interface. All of this is enforced at the interface level, built into the router. It’s essentially a collection of tags that will map to a set of policies and define the workloads security posture. The process of forwarding packets contains the policy enforcement in real time.

Contrail also makes visualizing policy interactions very simple. Not only does it come with a sensible UI, it also exposes all underlying data via APIs. So if you have a specific visualization tool or other apps you want to feed directly, it’s easy to do. Out of the box, Contrail visualizations use a ring metaphor. The outer ring represents the combined application and deployment environment: Test/dev, production, etc. The inner ring are the application tiers. The spaghetti of connections represent the flows between application components. Flows marked in blue are explicit protected by policy, while red ones aren’t specifically set. This is an incredibly powerful tool to not only see which application application components are networked, but also where the gaps in your policy fall.

From there, each flow can be clicked into to view all policy information in detail. Again, this isn’t a historic look at flows, but a virtually real-time aggregation.

Conclusion

Being able to offer an information-rich high level visualization with the ability to drill down means you get the best of both worlds. It’s not a single pane of glass, but it allows you to quickly identify where policy is actively stated, where it isn’t, and what application components and sites are implicated. Policy around networks and application are still challenging, but Contrail gives you the tools to meet the needs of scale for policy management.

 

 

  • About the Author
  • Latest Posts

About Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.
  • India’s New Data Regulation Bill | Gestalt IT Rundown: December 11, 2019 - December 11, 2019
  • Gestalt News for the Week of December 9, 2019 - December 9, 2019
  • Machine Learning Dominates at AWS re:Invent 2019 | Gestalt IT Rundown: December 4, 2019 - December 4, 2019
  • Digital Transformation is a Myth – The On-Premise IT Roundtable - December 4, 2019
  • BONUS: The Origins of Tech Field Day – The On-Premise IT Roundtable - November 22, 2019
  • Mirantis Contains Docker Enterprise | Gestalt IT Rundown: November 20, 2019 - November 20, 2019
  • Simplification Adds Risk – The On-Premise IT Roundtable - November 19, 2019
  • Gestalt News for the Week of November 18, 2019 - November 18, 2019
  • Disney Nonplussed | Gestalt IT Rundown: November 13, 2019 - November 13, 2019
  • What’s the challenge of IPv6? Find out in Gestalt News - November 11, 2019
Share this...
  • Facebook
  • Twitter
  • Linkedin
  • Reddit
  • email

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Exclusives

Gestalt IT Exclusives are original long-form posts written by the Gestalt IT team and published here first. Exclusives are highlighted in our weekly Gestalt News email. Sign up today, or follow us on Twitter!

Tech Field Day Events

Tech Field Day events bring together innovative IT product vendors and independent thought leaders to share information and opinions in a presentation and discussion format. Independent bloggers, speakers, freelance writers, and podcasters have a public presence that has immense influence on the ways that products and companies are perceived by IT practitioners. The world of media has changed, with social media and blogging gaining special importance. Tech Field Day is an opportunity for tech companies and independent writers to meet, update and discuss products and form new communications.

Connect

  • Email
  • Facebook
  • Instagram
  • RSS
  • Twitter
  • YouTube

More Exclusives

Making Encryption Easy with StrongSalt’s New API

On The Hunt with Confluera

VMware is Delivering Pipelines to the Cloud with CAS

Meet Field Day Delegate – Gina Rosenthal

Meet Field Day Delegate – Greg Ferro

Sign up for Gestalt News!

Select One or More Topics

Gestalt IT on YouTube

Digital Transformation is a Myth - The On-Premise IT Roundtable

Stephen Foskett and David Hill Discuss Cloud and Veeam at AWS re:Invent

Subscribe on YouTube

Footer

Gestalt – (noun) an organized whole that is perceived as more than the sum of its parts.

About Gestalt IT

Categories

  • Exclusives
  • Tech Talks
  • Field Day
  • Favorites
  • *
  • Rundown
  • Gestalt News
  • Podcast

Topics

The Socials

  • View GestaltIT’s profile on Facebook
  • View GestaltIT’s profile on Twitter
  • View Gestalt_IT’s profile on Instagram
  • View isaHnBrJzPtxd5PcCOoSSw’s profile on YouTube

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Editors:

  • Stephen Foskett
  • Tiffany Lardomita
  • Rich Stroffolino

Copyright © 2019 · News Pro on Genesis Framework · WordPress · Log in