Integrating telecom network workloads with Juniper Cloud-Native Router (JCNR) on AWS

By Guy Davies, Global Service Provider Architect – Juniper Networks
      Mahesh Sivakumar, Principal Engineer, Cloud Ready Data Center – Juniper Networks
      Gonzalo Gómez Herrero, Principal Solutions Architect – AWS

Juniper Networks

As communication service providers (CSPs) increasingly turn to Amazon Web Services (AWS) to host critical infrastructure, they face connectivity and integration challenges between AWS and diverse network domains on-premises that use different technologies and design patterns.

AWS Outposts provides the same AWS experience on-premises as a managed solution in various form factors, simplifies hybrid architectures, and helps overcome connectivity or latency issues when connecting on-premises workloads to AWS.

Juniper Cloud-Native Router (JCNR) offers advanced routing capabilities and high-performance forwarding in AWS running with Amazon Elastic Kubernetes Services (EKS). For hybrid connectivity environments, JCNR allows seamless integration between on-premises environments and AWS Virtual Private Cloud (VPC) workloads, both in AWS global infrastructure or on AWS Outposts.

This blog post describes a solution implemented at a telecom provider, where JCNR provides networking integration between a Layer 2 on-premises environment and a 5G Core (5GC) workload running on AWS Outposts, using “IP Prefix Route” Ethernet VPN (EVPN) Type 5 routing with Virtual Extensible LAN (VxLAN) segments.

Introducing JCNR

Juniper Cloud-Native Router (JCNR) is a containerized router that combines Juniper’s proven routing technology with the Junos® containerized routing protocol daemon (cRPD) as the controller and a high-performance Contrail® Data Plane Development Kit (DPDK) vRouter forwarding plane, as illustrated below:

Figure 1 – Juniper Networks Cloud-Native Router (JCNR) High Level Architecture.

This containerized architecture scales easily and enables flexible deployment models. JCNRs can be deployed with Amazon EKS and can use any type of Amazon Elastic Compute Cloud (EC2) instances as a Kubernetes worker node, as opposed to specific EC2 instance dependencies with traditional virtual appliances from AWS Marketplace. With these cloud-native capabilities, JCNRs can leverage Junos routing and security features to address complex hybrid connectivity solutions. Its containerized architecture, seamless cloud integration, and diverse provisioning options make it a flexible and scalable solution.

Key Features

• Containerized power: Lightweight JCNR containers enable rapid deployment, scaling, and simplified management.
• Seamless hybrid integration: JCNR can bridge on-premises environments and AWS.
• Effortless provisioning: Supports manual provisioning via Junos CLI or Infrastructure-as-Code (IaC) tools, and integrates with Amazon EKS and any other Kubernetes distribution for cloud-native deployments.
• Enhanced cloud-edge capabilities: Network-as-Code tools simplify configuration, integrate with leading cloud platforms, and support edge computing and 5GC routing.
• Flexibility: diverse rollout options, aligned with resource requirements, and adaptable to different instance sizes and platforms.
• Auto-scaling: adapt JCNR capacity as throughput demand increases or decreases.

Deployment in AWS

•  Can be deployed both on AWS global infrastructure or on AWS Outposts.
• When integrated with Amazon EKS, a JCNR runs as a collection of Kubernetes pods in an EKS cluster node group.
• JCNRs can be deployed with Multus CNI and adhere to typical EKS deployments for network workloads, such as using Amazon CloudFormation and Lambda functions as per https://github.com/aws-samples/eks-install-guide-for-multus.
• JCNR is based on flexible declarative templates and per-device configuration parameters integrated with Kubernetes resources, allowing consistent and reliable deployments and operations, even for those users who are unfamiliar with Junos
• High packet forwarding performance with DPDK-enabled vRouter and Amazon EC2 Elastic Network Interfaces (ENIs). JCNR provides enhanced networking capabilities through the Amazon EC2 Elastic Network Adapter (ENA) DPDK drivers.

Routing features

• Junos® cRPD provides a robust control plane with features and protocols like Multiprotocol Border Gateway Protocol (MP-BGP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), Routing Information Protocol (RIP), IPv4/6, Multiprotocol Label Switching (MPLS), VXLAN, and EVPN.
• Supports MP-BGP for EVPN Network Layer Reachability Information (NLRI) exchange to extend communication between AWS and on-premises networks.

Observability, Telemetry, Programmability

•  NetConf and OpenConfig for orchestration platforms
• Junos® Telemetry Interface (JTI) interface for JCNR health data
• BGP Monitoring Protocol (BMP) Routing Information Base (RIB-IN) streaming and Junos® Extension Tookit (JET) Remote Procedure Calls (GRPC) APIs

Use Case Description

As a representative telecom network workload, a 5G architecture is based on microservices and can be extended across multiple locations, requiring interfaces, strict network separation, and integration at different layers. This solution outlines how to enable connectivity between on-premises networks and AWS Virtual Private Clouds (VPCs) on AWS Outposts for 5GC workloads, leveraging JCNRs to ensure security, traffic segregation, and redundant connections. JCNRs terminate VXLAN segments from on-premises into Layer 3 Virtual Routing and Forwarding instances (VRFs) which connect to VPC subnets through Elastic Network Interfaces (ENIs).

The illustration shows workloads advertising their routes via MP-BGP to JCNRs. Based on IPv4 transport between Outposts network devices and the customer gateways, the redundant JCNRs establish a set of MP-BGP sessions to exchange just EVPN NLRIs with the customer gateways. Both JCNRs are used as tunnel endpoints for VXLAN segments and transform IPv4 and IPv6 unicast routes into EVPN Type 5 routes and vice-versa within each routing context:

Figure 2 – Juniper Networks Cloud-Native Router (JCNR) Use Case High Level Design.

In this architecture, JCNRs enable:

• Connectivity between on-premises elements and 5G network functions running in AWS Outpost VPCs using EVPN Type 5 routing with VXLAN.
• Matching of EVPN segments to VRFs and VPC Route Tables to map traffic flows to contexts like VoIP and signaling interfaces for security and redundancy.
• Connecting Layer 2 segments on-premises to VPC subnets inside AWS Outposts racks, even in different VPCs through Multi-VPC ENI attachments (See Pattern 5 in the Design patterns for interconnecting a telco data center to an Amazon VPC blog post for further details).
• VRF Route Table integration with AWS VPC Route Tables via native capabilities to invoke Amazon EC2 API calls.

EVPN provides a scalable way to extend Layer 2 and Layer 3 connectivity across multiple sites. EVPN uses MP-BGP to exchange prefixes and learn Ethernet segments, thus creating virtual networks spanning multiple sites. VXLAN is used to transport traffic, which allows extending Layer 3 networks across multiple sites and terminating them in different VRFs to provide traffic separation. VXLAN also provides good entropy for load balancing from the JCNRs towards the on-premises customer gateways.

Figure 3 – Juniper Networks Cloud-Native Router (JCNR) VRF to VPC subnet association.

Packet walkthrough

1. Each JCNR and customer gateway advertise their Layer 3 networks to each other by exchanging EVPN Type 5 routes.
2. Both JCNRs and customer gateways learn the location of Layer 3 networks across the hybrid environment
3. EVPN is used as the control plane and VXLAN is used to transport traffic between JCNR and customer gateway
4. When an endpoint in the AWS VPC needs to communicate with an endpoint on premises, the traffic is encapsulated in VXLAN packets and sent to the customer gateway that is connected to the destination component. The VXLAN header is added to the encapsulation of Layer 3 packets by the VXLAN Tunnel End Point (VTEP) device
5. The customer gateway decapsulates the VXLAN packets and forwards the traffic to the destination endpoint on premises.
6. And an equivalent procedure from the customer gateway to JCNR applies in the opposite direction

The format of the packet tunneled by the VTEP is shown below.

Figure 4 – VxLAN format.

The VXLAN header contains the following fields:

• VXLAN Network Identifier (VNI) (24 bits): unique identifier for the VXLAN segment.
• Reserved (8 bits)
• Flags (8 bits): control the VXLAN behavior. The I flag indicates whether the VNI field is valid or not.
• Reserved (24 bits)

The VXLAN header is added to the encapsulation of Layer 3 packets by the VXLAN Tunnel End Point (VTEP) device, which is typically a router or switch that supports VXLAN.

The outer Ethernet header contains the MAC addresses of the source and destination VTEP. The User Datagram Protocol (UDP) header contains the source and destination ports. The inner Ethernet frame contains the MAC addresses of source and destination devices, as well as the data payload.

Solution benefits

JCNRs provide the following benefits in this hybrid architecture:

• Seamless connectivity between on-premises networks and AWS
• Administrative separation between network workloads via dedicated ENIs, VRFs, and EVPN segments
• Efficient multi-domain IPv4/IPv6 traffic transport for 5GC architectures using VXLAN
• Traffic separation and isolation end-to-end via overlay VXLAN transport
• Scalability via MP-BGP exchange of EVPN routes and Ethernet segments, supporting multiple types of networks, both on-premises and in AWS
• Entropy for load balancing across JCNRs and customer gateways

Summary

JCNR is central to enabling secure and seamless connectivity within the operator’s hybrid cloud environment. By using EVPN Type 5 routes over VXLAN and ENA DPDK drivers, JCNR provides a performant and scalable mechanism to connect networks between multiple sites, while maintaining traffic separation and isolation using VRFs. JCNR provides a clean boundary point between AWS VPC subnets and on-premises networks.

We recommend that you evaluate these features and other JCNR capabilities when designing your workloads. Have a look at the JCNR documentation for further information, and explore the JCNR Bring-Your-Own-License offering in the AWS Marketplace to research and test on AWS.

.

Juniper Networks – AWS Partner Spotlight

Juniper Networks is an AWS Partner whose innovative product portfolio allows customers to seamlessly connect every workload, creating a secure and elastic hybrid cloud.
Contact Juniper Networks | Partner Overview | AWS Marketplace