Contrail Deployment on Microsoft Azure

Contrail Release 5.0.2 supports extending of on-premise Contrail capability on to Microsoft Azure public cloud. The multicloud gateway feature enables leveraging Contrail services to the public cloud seamlessly.

Ansible is used to deploy Contrail on the public cloud. Terraform is used to build the resources on the public cloud creates a template of all Azure objects. These templates are autogenerated in Contrail Release 5.0.2. These templates take care of all Contrail requirements including creating VMs in Azure, connecting the network, providing IP addresses for the VMs and so on. Secure connectivity to the network is provided through the Contrail multicloud gateway. The core stack of the multicloud gateway comprises Contrail vRouter, BGP, and IPSec over SSL. IPSec provides the VPN capabilities. After creating VMs and providing secure connectivity to the network through the multicloud gateway, you can deploy Contrail on the secure fabric and all on-premise Contrail features and services are available on the cloud.

Consider that you have an on-premise environment with multiple applications or workloads running on it. The workloads include front-end, middle tier, and back-end applications or a database. To virtualize the workloads on Azure, Contrail creates a multicloud gateway on the on-premise site as well as on Azure. The multicloud gateway provides seamless and secure connectivity between the on-premise system and Azure. Once secure connectivity is established, the on-premise workloads can be deployed on Azure. You can choose to deploy all the workloads, or some workloads, or also have a hybrid environment where some workloads are running in the on-premise system and some on the public cloud.

This workflow of spinning up Contrail SDN in a multicloud environment for Azure is automated. See Deploying Contrail on Microsoft Azure for information on deploying Contrail on Azure.