Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Contrail Networking

Release Notes: Contrail 5.1

keyboard_arrow_up
Expand All close
Expand All close
Release Notes: Contrail 5.1
list Table of Contents
file_download PDF
{ "lCode": "en_US", "lName": "English", "folder": "en_US" }
English
ON THIS PAGE

New and Changed Features

date_range 10-Sep-19

The features listed in this section are new or changed as of Contrail Release 5.1. A brief description of each new feature is included.

Contrail All-In-One Cluster

Starting in Contrail Networking Release 5.1, Contrail supports deploying Contrail Command and All-In-One (AIO) Contrail Cluster using a single docker command without providing any configuration files. For more information, see Deploying Contrail Command and Contrail All-In-One Cluster.

BGPaaS Peer Zone Selection

Starting with Contrail Networking Release 5.1, to better support high availability (HA) architectures, BGPaaS supports control node zone selection, with options available to configure BGPaaS control node zone peers. This capability enables you to set up primary and secondary control node zones, which can have one or more control nodes.

For more information, see BGP as a Service.

Deploying Enterprise Multicloud with Contrail Command

Starting in Contrail Release 5.1, Contrail supports provisioning multi cloud with the Contrail Command UI. Contrail supports provisioning of Microsoft Azure and Amazon Web Services (AWS).

For more information, see Deploying Enterprise Multicloud with Contrail Command .

Installing Contrail with Mesos

Starting in Contrail Release 5.1, Contrail supports running Contrail with Mesosphere DC/OS. Contrail overlay and non-overlay network virtualization features are available in Apache Mesos environment.

For more information, see Installing Contrail with Mesos.

Importing Contrail Cluster data to Contrail Command by using TripleO

Starting in Contrail Release 5.1, Contrail supports the importing of Contrail Cluster data to Contrail Command server when provisioned using OSPDirector/TripleO Life Cycle Manager for RedHat OpenStack Orchestration.

For more information, see Importing Contrail Cluster Data using Contrail Command.

Importing Contrail Cluster data to Contrail Command by using Mesos

Starting in Contrail Release 5.1, Contrail supports the importing of Contrail Cluster data to Contrail Command server by provisioning Mesos orchestrator.

For more information, see Importing Contrail Cluster Data using Contrail Command.

Importing Contrail Cluster data to Contrail Command by using VMware vCenter

Starting in Contrail Release 5.1, Contrail supports the importing of Contrail Cluster data to Contrail Command server by using VMware vCenter orchestrator.

For more information, see Importing Contrail Cluster Data using Contrail Command.

Layer 3 PNF Service Chaining of Inter-LR Traffic

Starting with Contrail Release 5.1, Contrail provides layer 3 physical network functions (PNF) support to create service chains for inter-LR (logical router) traffic. Contrail Release 5.1 automates configuration of QFX10000 and SRX devices to allow movement of inter-LR traffic between bare metal servers through layer 3 PNF.

For more information, see Creating Layer 3 PNF Service Chains for Inter-LR Traffic.

Adding a New Compute Node to an Existing Containerized Contrail Cluster.

Starting in Contrail Release 5.1, Contrail supports the adding of a new compute node to the existing Contrail OpenStack cluster by configuring the instances.yaml file as well as by using the Contrail Command UI.

For more information, see Adding a New Compute Node to Existing Containerized Contrail Cluster.

Policy Generation Feature

The policy generation feature in Contrail Release 5.1 automates the creation of security policies based on observed traffic flows. When using policy generation, vRouter observes and forwards traffic between selected applications without enforcing any policies. Draft security policies are created based on observed inter and intra-application traffic and are called auto-generated policies. You can review and accept the auto-generated policies before enforcing them.

For more information, see Policy Generation.

PostgreSQL Support

Starting with Release 5.1, Contrail Controller supports PostgreSQL only. In earlier releases, Contrail Controller supported both MySQL and PostgreSQL.

For more information, see Installing Contrail Command.

Support for Edge Routed Bridging

Starting with Contrail Release 5.1, the edge-routed bridging (ERB) for QFX series switches feature configures the inter-VN unicast traffic routing to occur at the leaf (ToR) switches in an IP CLOS with underlay connectivity topology. The ERB feature introduces the ERB-UCAST-Gateway and CRB-MCAST-Gateway roles in release 5.1. ERB is supported on the following devices running only Junos OS release 18.1R3:

  • QFX5110-48S

  • QFX5110-32Q

  • QFX10002-36Q

  • QFX10002-72Q

  • QFX10008

  • QFX10016

For more information, see Edge Routed Bridging for QFX Series Switches.

Routing Policies Match on Extended Communities

Contrail Release 5.1 supports extended communities on the import routing policy function. Release 5.1 allows import routing policy terms to match on extended communities and import routing policy actions to add, set, and remove extended communities. Filtering routes based on extended communities prevent advertising unnecessary service interface and static routes from the control node.

For more information, see Creating a Routing Policy With External Communities in Contrail Command.

Support for OpenShift 3.11

Contrail Release 5.1 supports the installation of a standalone Red Hat OpenShift Container Platform version 3.11 cluster using ansible-openshift as the deployment tool.

For more information, see Installing a Standalone Red Hat OpenShift Container Platform 3.11 Cluster Using OpenShift Ansible Deployer.

Support for Kubernetes 1.12

Contrail Release 5.1 supports the following Kubernetes release 1.12 network policy features:

  • Egress support for network policy

  • Classless Interdomain Routing (CIDR) selector support for egress and ingress network policies

  • Contrail-ansible-deployer provisioning

For more information, see Kubernetes Updates.

Auto-provisioning of IPtable Filtering Rules on Contrail Nodes

Contrail nodes are automatically configured with locally enforced firewall rules allowing access only to Contrail services.

Certificate Lifecycle Management Using Red Hat Identity Management

Contrail Release 5.1 supports using Transport Layer Security (TLS) with RHOSP to perform lifecycle management, including renewal, expiration, and revocation, of certificates using Red Hat Identity Management (IdM). Because IdM uses fully qualified domain names (FQDNs) to manage endpoints instead of IP addresses, Contrail services are also enhanced to use FQDNs.

For more information, see .

Support for Controlling the Maximum Flow Scale Supported on a Virtual Machine Interface

Starting in Contrail Release 5.1, you can configure the maximum number of flows (max-flows) on a virtual machine interface (VMI) and in a virtual network. In releases prior to Contrail Release 5.1, you can control the number of flows only at the virtual machine-level.

When you configure max-flows at the virtual network-level, the configuration is applied to every VMI within the virtual network. When you configure max-flows at the virtual machine interface-level, the configuration applies only to that VMI.

End to end Data Center ZTP and Contrail cluster provisioning using Contrail Command

Starting in Release 5.1, Contrail supports provisioning of Contrail Fabric with end to end ZTP using Contrail Command UI.

For more information, see Provisioning fabric devices with end to end ZTP.

Support for Data Center Interconnect

Starting in Contrail Release 5.1, you can automate data center interconnect (DCI) of two different data centers. Multiple tenants connected to a logical router in a data center can exchange routes with tenants connected to a logical router in another data center.

For more information, see Creating Data Center Interconnect.

Support for Deployment of a Standalone Kubernetes Cluster Using Contrail Command

Starting with Contrail Release 5.1, the Contrail Command UI supports the deployment of a standalone Kubernetes cluster. You can select the Kubernetes orchestrator type in the Contrail Command UI when deploying a cluster.

For more information, see Installing Standalone Kubernetes Contrail Cluster using the Contrail Command UI.

Support for AppFormix in Contrail Command

Starting with Contrail release 5.1, the following AppFormix features are supported in Contrail Command:

  • Installing AppFormix using Contrail Command

  • Configuring AppFormix Alarms using Contrail Command

  • Configuring Instances in AppFormix

  • Viewing Cluster Node Details and Metric Values

For more information, see the Contrail Installation and Configuration Guide and the Contrail Analytics and Troubleshooting Guide.

Support for Multiple Network Interfaces in Kubernetes

Starting in Contrail Release 5.1, you can allocate multiple network interfaces (multi-net) to a container managed by Kubernetes to enable the container to connect to multiple networks. You can specify the networks the container can connect to. This capability can be leveraged to apply service chaining to containerized network functions.

For more information, see Multiple Network Interfaces for Containers.

Support for Prefix-Based Fat Flow

Starting in Contrail Release 5.1, fat flows has been extended to prefix length. With the introduction of prefix-based fat flow, Contrail supports mask processing where you can create flows based on a group of subscribers. This provides a higher level of flow aggregation than single IP address-based fat flow by grouping all the flows for all the end devices sharing the same subnet into a common fat flow.

For more information, see Fat Flows.

Enable TLS Communication Between Analytics and Kafka

Starting with Contrail Release 5.1, Transport Layer Security (TLS) communication is enabled between Kafka brokers and Contrail analytics processes. contrail-collector and contrail-alarm-gen connects to Kafka for UVE processing. The User-Visible Entity (UVE) mechanism is used to aggregate and send the status information.

Support for Route Reflectors

Contrail Release 5.1 supports Route Reflector (RR) functionality in the Control node for for Internal Border Gateway Protocol (iBGP) peers. Route reflection is a BGP feature that enables BGP routers to acquire route information from one iBGP router and reflect or advertise the information to other iBGP peers in the same autonomous system (AS).

For more information, see Route Reflector Support in Contrail Control Node.

Support for Contrail on Windows Operating System

Contrail Release 5.1 supports overlay network virtualization for Windows Docker containers. Windows server 2016 supports containerization using Docker containers and Contrail components such as vRouter agent and the vRouter kernel module have been ported and qualified to run on Windows Server 2016. A Docker CNM plugin is added to process requests from the Docker daemon when a user creates or removes a network or an endpoint.

To install Contrail for Windows, you must have Windows Server 2016 and Docker EE 17.06.

For more information, see Understanding Contrail Deployment on Windows.

Generic Device Operations Commands

Contrail Release 5.1 and later enables you to run generic device operations commands on the devices in a network from the Contrail Command UI. You can run a specific generic device operations command on multiple devices at a time. A job template is defined in Contrail Command for each generic device operations command.

You can select a maximum of 20 devices at a time and run a generic device operational command to view information about those devices.

For more information, see Generic Device Operational Commands In Contrail Command.

Support for EVPN Multicast Type 6 Selective Multicast Ethernet Tag Routes

Contrail Release 5.1 supports EVPN Type 6 selective multicast Ethernet tag (SMET) route to selectively send or receive traffic based on the presence or absence of active receivers on a compute node. The EVPN Type-6 SMET route helps build and use multicast trees selectively on a per <*, G> basis.

Currently, all broadcast, unknown unicast, multicast (BUM) traffic is carried over the inclusive multicast ethernet tag (IMET) routes. This results in flooding all compute nodes irrespective of whether an active receiver is present or not on each of those compute-nodes.

For more information, see Support for EVPN Type 6 Selective Multicast Ethernet Tag Route

Support for MPLS L3VPN InterAS Option C

Contrail Release 5.1 supports L3VPN inter AS Option C, which is used to interconnect multi-AS backbones as described in RFC 4364.

For more information, see Support for L3VPN Inter AS Option C.

Support for Virtual Port Group

Starting with Contrail Release 5.1, you can create virtual port groups (VPG). A VPG is a group of one or more physical interfaces attached to one or more virtual machine interfaces (VMI). Each VMI object corresponds to a VLAN ID and is attached to a Virtual Network. You can create new virtual port group either when you create a virtual network or by navigating to Overlay > Virtual Port Group > Create Virtual Port Group from Contrail Command.

For more information, see Configuring Virtual Port Group.

arrow_backward PREVIOUS
NEXT arrow_forward Release Notes: Contrail 5.1
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top