Juniper Contrail API
SDN controller API for network virtualization and orchestration.
OpenAPI Specification
openapi: 3.1.0
info:
title: Juniper Networks Juniper Contrail Networking REST API
description: >-
RESTful API for Juniper Contrail Networking (now Tungsten Fabric), a
cloud-native SDN controller that provides virtual network orchestration
for OpenStack, Kubernetes, and VMware environments. The API manages
virtual networks, network policies, security groups, service chains,
and BGP routing. Contrail uses a configuration API server that exposes
a RESTful interface for all network objects. Objects follow a hierarchical
model with domains, projects, and network resources. Authentication
integrates with Keystone (OpenStack) or local authentication.
version: '5.1'
contact:
name: Juniper Networks Support
url: https://www.juniper.net/documentation/product/us/en/contrail-networking/
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0
servers:
- url: https://{contrail_controller}:8082
description: Contrail Configuration API Server.
variables:
contrail_controller:
description: Hostname or IP of the Contrail controller node.
default: contrail.example.com
security:
- keystoneToken: []
tags:
- name: BGP Routers
description: BGP router and peering configuration.
- name: Floating IPs
description: Floating IP pool and association management.
- name: Network Policies
description: Network policy rules for traffic control between virtual networks.
- name: Projects
description: Tenant project management.
- name: Security Groups
description: Security group rules for workload micro-segmentation.
- name: Service Instances
description: Network function service instance management.
- name: Virtual Networks
description: Virtual network creation and management.
paths:
/virtual-networks:
get:
operationId: listVirtualNetworks
summary: Juniper Networks List virtual networks
description: >-
Returns all virtual networks accessible to the authenticated user.
Virtual networks are the core abstraction in Contrail, representing
isolated Layer 2/3 network segments with VXLAN/MPLS encapsulation.
tags:
- Virtual Networks
parameters:
- name: parent_id
in: query
description: Filter by parent project UUID.
schema:
type: string
format: uuid
- name: detail
in: query
description: When true, returns full object details instead of references.
schema:
type: boolean
responses:
'200':
description: Virtual networks returned.
content:
application/json:
schema:
type: object
properties:
virtual-networks:
type: array
items:
$ref: '#/components/schemas/VirtualNetworkRef'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createVirtualNetwork
summary: Juniper Networks Create virtual network
description: >-
Creates a new virtual network. The network is automatically assigned
a VXLAN VNI and route targets for BGP EVPN control plane operation.
tags:
- Virtual Networks
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
virtual-network:
$ref: '#/components/schemas/VirtualNetwork'
responses:
'200':
description: Virtual network created.
content:
application/json:
schema:
type: object
properties:
virtual-network:
$ref: '#/components/schemas/VirtualNetwork'
'400':
$ref: '#/components/responses/BadRequest'
/virtual-network/{vn_id}:
get:
operationId: getVirtualNetwork
summary: Juniper Networks Get virtual network
description: Returns details for a specific virtual network.
tags:
- Virtual Networks
parameters:
- $ref: '#/components/parameters/VnId'
responses:
'200':
description: Virtual network returned.
content:
application/json:
schema:
type: object
properties:
virtual-network:
$ref: '#/components/schemas/VirtualNetwork'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateVirtualNetwork
summary: Juniper Networks Update virtual network
description: Updates properties of a virtual network.
tags:
- Virtual Networks
parameters:
- $ref: '#/components/parameters/VnId'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
virtual-network:
$ref: '#/components/schemas/VirtualNetwork'
responses:
'200':
description: Virtual network updated.
'400':
$ref: '#/components/responses/BadRequest'
delete:
operationId: deleteVirtualNetwork
summary: Juniper Networks Delete virtual network
description: Deletes a virtual network and releases associated resources.
tags:
- Virtual Networks
parameters:
- $ref: '#/components/parameters/VnId'
responses:
'200':
description: Virtual network deleted.
'409':
description: Virtual network has active references and cannot be deleted.
/network-policys:
get:
operationId: listNetworkPolicies
summary: Juniper Networks List network policies
description: >-
Returns all network policies. Network policies define rules that
control traffic flow between virtual networks, including allow,
deny, and service chain actions.
tags:
- Network Policies
responses:
'200':
description: Network policies returned.
content:
application/json:
schema:
type: object
properties:
network-policys:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createNetworkPolicy
summary: Juniper Networks Create network policy
description: Creates a new network policy with traffic control rules.
tags:
- Network Policies
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
network-policy:
$ref: '#/components/schemas/NetworkPolicy'
responses:
'200':
description: Network policy created.
content:
application/json:
schema:
type: object
properties:
network-policy:
$ref: '#/components/schemas/NetworkPolicy'
'400':
$ref: '#/components/responses/BadRequest'
/security-groups:
get:
operationId: listSecurityGroups
summary: Juniper Networks List security groups
description: >-
Returns all security groups. Security groups provide stateful
packet filtering at the virtual machine interface level, similar
to OpenStack security groups.
tags:
- Security Groups
responses:
'200':
description: Security groups returned.
content:
application/json:
schema:
type: object
properties:
security-groups:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createSecurityGroup
summary: Juniper Networks Create security group
description: Creates a new security group with ingress/egress rules.
tags:
- Security Groups
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
security-group:
$ref: '#/components/schemas/SecurityGroup'
responses:
'200':
description: Security group created.
'400':
$ref: '#/components/responses/BadRequest'
/floating-ip-pools:
get:
operationId: listFloatingIpPools
summary: Juniper Networks List floating IP pools
description: >-
Returns all floating IP pools. Floating IP pools provide publicly
routable IP addresses that can be associated with virtual machine
interfaces for external access.
tags:
- Floating IPs
responses:
'200':
description: Floating IP pools returned.
content:
application/json:
schema:
type: object
properties:
floating-ip-pools:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
/service-instances:
get:
operationId: listServiceInstances
summary: Juniper Networks List service instances
description: >-
Returns all service instances. Service instances represent deployed
network functions (firewall, load balancer, etc.) inserted into
a service chain between virtual networks.
tags:
- Service Instances
responses:
'200':
description: Service instances returned.
content:
application/json:
schema:
type: object
properties:
service-instances:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
/bgp-routers:
get:
operationId: listBgpRouters
summary: Juniper Networks List BGP routers
description: >-
Returns all BGP router objects. BGP routers represent control
plane nodes in the Contrail cluster including control nodes,
compute nodes, and external MX/physical routers.
tags:
- BGP Routers
responses:
'200':
description: BGP routers returned.
content:
application/json:
schema:
type: object
properties:
bgp-routers:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
/projects:
get:
operationId: listProjects
summary: Juniper Networks List projects
description: >-
Returns all projects (tenants). Projects provide multi-tenancy
isolation and serve as containers for virtual networks, policies,
and other network resources.
tags:
- Projects
responses:
'200':
description: Projects returned.
content:
application/json:
schema:
type: object
properties:
projects:
type: array
items:
$ref: '#/components/schemas/ObjectRef'
'401':
$ref: '#/components/responses/Unauthorized'
components:
securitySchemes:
keystoneToken:
type: apiKey
in: header
name: X-Auth-Token
description: >-
Keystone authentication token obtained from the OpenStack Identity
service. For standalone Contrail, local authentication returns a
token via the auth/keystone/v3/auth/tokens endpoint.
parameters:
VnId:
name: vn_id
in: path
required: true
description: Virtual network UUID.
schema:
type: string
format: uuid
responses:
BadRequest:
description: Invalid request parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
Unauthorized:
description: Authentication required or token expired.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: Resource not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
Error:
type: object
properties:
message:
type: string
ObjectRef:
type: object
properties:
href:
type: string
format: uri
description: Resource URL.
fq_name:
type: array
items:
type: string
description: Fully qualified name path (domain, project, name).
uuid:
type: string
format: uuid
description: Object UUID.
VirtualNetworkRef:
type: object
properties:
href:
type: string
format: uri
fq_name:
type: array
items:
type: string
uuid:
type: string
format: uuid
VirtualNetwork:
type: object
properties:
uuid:
type: string
format: uuid
description: Virtual network UUID.
fq_name:
type: array
items:
type: string
description: Fully qualified name.
display_name:
type: string
description: Display name.
parent_type:
type: string
description: Parent object type (project).
virtual_network_properties:
type: object
properties:
vxlan_network_identifier:
type: integer
description: VXLAN VNI.
forwarding_mode:
type: string
enum:
- l2_l3
- l2
- l3
description: Forwarding mode.
rpf:
type: string
enum:
- enable
- disable
description: Reverse path forwarding setting.
network_ipam_refs:
type: array
description: IP address management references with subnet configuration.
items:
type: object
properties:
to:
type: array
items:
type: string
attr:
type: object
properties:
ipam_subnets:
type: array
items:
type: object
properties:
subnet:
type: object
properties:
ip_prefix:
type: string
ip_prefix_len:
type: integer
default_gateway:
type: string
dns_server_address:
type: string
route_target_list:
type: object
properties:
route_target:
type: array
items:
type: string
description: BGP route targets for import/export.
is_shared:
type: boolean
description: Whether the network is shared across projects.
router_external:
type: boolean
description: Whether the network provides external connectivity.
NetworkPolicy:
type: object
properties:
uuid:
type: string
format: uuid
fq_name:
type: array
items:
type: string
network_policy_entries:
type: object
properties:
policy_rule:
type: array
items:
type: object
properties:
direction:
type: string
enum:
- '>'
- '<>'
description: Traffic direction (unidirectional or bidirectional).
protocol:
type: string
description: IP protocol (tcp, udp, icmp, any).
action_list:
type: object
properties:
simple_action:
type: string
enum:
- pass
- deny
apply_service:
type: array
items:
type: string
description: Service chain instance FQN list.
src_addresses:
type: array
items:
type: object
properties:
virtual_network:
type: string
security_group:
type: string
subnet:
type: object
properties:
ip_prefix:
type: string
ip_prefix_len:
type: integer
dst_addresses:
type: array
items:
type: object
properties:
virtual_network:
type: string
security_group:
type: string
src_ports:
type: array
items:
type: object
properties:
start_port:
type: integer
end_port:
type: integer
dst_ports:
type: array
items:
type: object
properties:
start_port:
type: integer
end_port:
type: integer
SecurityGroup:
type: object
properties:
uuid:
type: string
format: uuid
fq_name:
type: array
items:
type: string
security_group_entries:
type: object
properties:
policy_rule:
type: array
items:
type: object
properties:
direction:
type: string
enum:
- '>'
- '<>'
protocol:
type: string
ethertype:
type: string
enum:
- IPv4
- IPv6
src_addresses:
type: array
items:
type: object
properties:
subnet:
type: object
properties:
ip_prefix:
type: string
ip_prefix_len:
type: integer
security_group:
type: string
dst_addresses:
type: array
items:
type: object
properties:
subnet:
type: object
properties:
ip_prefix:
type: string
ip_prefix_len:
type: integer
dst_ports:
type: array
items:
type: object
properties:
start_port:
type: integer
end_port:
type: integer