Juniper Networks

Juniper Contrail API

SDN controller API for network virtualization and orchestration.

GitHub OpenAPI

Documentation

📖
Documentation
https://www.juniper.net/documentation/product/us/en/contrail-networking/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/openapi/juniper-networks-contrail-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/json-schema/juniper-networks-contrail-virtual-network-schema.json

Other Resources

🔗
API Guide
https://github.com/Juniper/contrail-controller/wiki/Contrail-REST-API
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-bgp-routers.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-floating-ips.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-network-policies.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-projects.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-security-groups.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-service-instances.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/contrail-virtual-networks.yaml

OpenAPI Specification

juniper-networks-contrail-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Juniper Networks Juniper Contrail Networking REST API
  description: >-
    RESTful API for Juniper Contrail Networking (now Tungsten Fabric), a
    cloud-native SDN controller that provides virtual network orchestration
    for OpenStack, Kubernetes, and VMware environments. The API manages
    virtual networks, network policies, security groups, service chains,
    and BGP routing. Contrail uses a configuration API server that exposes
    a RESTful interface for all network objects. Objects follow a hierarchical
    model with domains, projects, and network resources. Authentication
    integrates with Keystone (OpenStack) or local authentication.
  version: '5.1'
  contact:
    name: Juniper Networks Support
    url: https://www.juniper.net/documentation/product/us/en/contrail-networking/
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - url: https://{contrail_controller}:8082
    description: Contrail Configuration API Server.
    variables:
      contrail_controller:
        description: Hostname or IP of the Contrail controller node.
        default: contrail.example.com
security:
  - keystoneToken: []
tags:
  - name: BGP Routers
    description: BGP router and peering configuration.
  - name: Floating IPs
    description: Floating IP pool and association management.
  - name: Network Policies
    description: Network policy rules for traffic control between virtual networks.
  - name: Projects
    description: Tenant project management.
  - name: Security Groups
    description: Security group rules for workload micro-segmentation.
  - name: Service Instances
    description: Network function service instance management.
  - name: Virtual Networks
    description: Virtual network creation and management.
paths:
  /virtual-networks:
    get:
      operationId: listVirtualNetworks
      summary: Juniper Networks List virtual networks
      description: >-
        Returns all virtual networks accessible to the authenticated user.
        Virtual networks are the core abstraction in Contrail, representing
        isolated Layer 2/3 network segments with VXLAN/MPLS encapsulation.
      tags:
        - Virtual Networks
      parameters:
        - name: parent_id
          in: query
          description: Filter by parent project UUID.
          schema:
            type: string
            format: uuid
        - name: detail
          in: query
          description: When true, returns full object details instead of references.
          schema:
            type: boolean
      responses:
        '200':
          description: Virtual networks returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  virtual-networks:
                    type: array
                    items:
                      $ref: '#/components/schemas/VirtualNetworkRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createVirtualNetwork
      summary: Juniper Networks Create virtual network
      description: >-
        Creates a new virtual network. The network is automatically assigned
        a VXLAN VNI and route targets for BGP EVPN control plane operation.
      tags:
        - Virtual Networks
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                virtual-network:
                  $ref: '#/components/schemas/VirtualNetwork'
      responses:
        '200':
          description: Virtual network created.
          content:
            application/json:
              schema:
                type: object
                properties:
                  virtual-network:
                    $ref: '#/components/schemas/VirtualNetwork'
        '400':
          $ref: '#/components/responses/BadRequest'
  /virtual-network/{vn_id}:
    get:
      operationId: getVirtualNetwork
      summary: Juniper Networks Get virtual network
      description: Returns details for a specific virtual network.
      tags:
        - Virtual Networks
      parameters:
        - $ref: '#/components/parameters/VnId'
      responses:
        '200':
          description: Virtual network returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  virtual-network:
                    $ref: '#/components/schemas/VirtualNetwork'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateVirtualNetwork
      summary: Juniper Networks Update virtual network
      description: Updates properties of a virtual network.
      tags:
        - Virtual Networks
      parameters:
        - $ref: '#/components/parameters/VnId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                virtual-network:
                  $ref: '#/components/schemas/VirtualNetwork'
      responses:
        '200':
          description: Virtual network updated.
        '400':
          $ref: '#/components/responses/BadRequest'
    delete:
      operationId: deleteVirtualNetwork
      summary: Juniper Networks Delete virtual network
      description: Deletes a virtual network and releases associated resources.
      tags:
        - Virtual Networks
      parameters:
        - $ref: '#/components/parameters/VnId'
      responses:
        '200':
          description: Virtual network deleted.
        '409':
          description: Virtual network has active references and cannot be deleted.
  /network-policys:
    get:
      operationId: listNetworkPolicies
      summary: Juniper Networks List network policies
      description: >-
        Returns all network policies. Network policies define rules that
        control traffic flow between virtual networks, including allow,
        deny, and service chain actions.
      tags:
        - Network Policies
      responses:
        '200':
          description: Network policies returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  network-policys:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createNetworkPolicy
      summary: Juniper Networks Create network policy
      description: Creates a new network policy with traffic control rules.
      tags:
        - Network Policies
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                network-policy:
                  $ref: '#/components/schemas/NetworkPolicy'
      responses:
        '200':
          description: Network policy created.
          content:
            application/json:
              schema:
                type: object
                properties:
                  network-policy:
                    $ref: '#/components/schemas/NetworkPolicy'
        '400':
          $ref: '#/components/responses/BadRequest'
  /security-groups:
    get:
      operationId: listSecurityGroups
      summary: Juniper Networks List security groups
      description: >-
        Returns all security groups. Security groups provide stateful
        packet filtering at the virtual machine interface level, similar
        to OpenStack security groups.
      tags:
        - Security Groups
      responses:
        '200':
          description: Security groups returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  security-groups:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createSecurityGroup
      summary: Juniper Networks Create security group
      description: Creates a new security group with ingress/egress rules.
      tags:
        - Security Groups
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                security-group:
                  $ref: '#/components/schemas/SecurityGroup'
      responses:
        '200':
          description: Security group created.
        '400':
          $ref: '#/components/responses/BadRequest'
  /floating-ip-pools:
    get:
      operationId: listFloatingIpPools
      summary: Juniper Networks List floating IP pools
      description: >-
        Returns all floating IP pools. Floating IP pools provide publicly
        routable IP addresses that can be associated with virtual machine
        interfaces for external access.
      tags:
        - Floating IPs
      responses:
        '200':
          description: Floating IP pools returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  floating-ip-pools:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /service-instances:
    get:
      operationId: listServiceInstances
      summary: Juniper Networks List service instances
      description: >-
        Returns all service instances. Service instances represent deployed
        network functions (firewall, load balancer, etc.) inserted into
        a service chain between virtual networks.
      tags:
        - Service Instances
      responses:
        '200':
          description: Service instances returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  service-instances:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /bgp-routers:
    get:
      operationId: listBgpRouters
      summary: Juniper Networks List BGP routers
      description: >-
        Returns all BGP router objects. BGP routers represent control
        plane nodes in the Contrail cluster including control nodes,
        compute nodes, and external MX/physical routers.
      tags:
        - BGP Routers
      responses:
        '200':
          description: BGP routers returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  bgp-routers:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /projects:
    get:
      operationId: listProjects
      summary: Juniper Networks List projects
      description: >-
        Returns all projects (tenants). Projects provide multi-tenancy
        isolation and serve as containers for virtual networks, policies,
        and other network resources.
      tags:
        - Projects
      responses:
        '200':
          description: Projects returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  projects:
                    type: array
                    items:
                      $ref: '#/components/schemas/ObjectRef'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    keystoneToken:
      type: apiKey
      in: header
      name: X-Auth-Token
      description: >-
        Keystone authentication token obtained from the OpenStack Identity
        service. For standalone Contrail, local authentication returns a
        token via the auth/keystone/v3/auth/tokens endpoint.
  parameters:
    VnId:
      name: vn_id
      in: path
      required: true
      description: Virtual network UUID.
      schema:
        type: string
        format: uuid
  responses:
    BadRequest:
      description: Invalid request parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Authentication required or token expired.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        message:
          type: string
    ObjectRef:
      type: object
      properties:
        href:
          type: string
          format: uri
          description: Resource URL.
        fq_name:
          type: array
          items:
            type: string
          description: Fully qualified name path (domain, project, name).
        uuid:
          type: string
          format: uuid
          description: Object UUID.
    VirtualNetworkRef:
      type: object
      properties:
        href:
          type: string
          format: uri
        fq_name:
          type: array
          items:
            type: string
        uuid:
          type: string
          format: uuid
    VirtualNetwork:
      type: object
      properties:
        uuid:
          type: string
          format: uuid
          description: Virtual network UUID.
        fq_name:
          type: array
          items:
            type: string
          description: Fully qualified name.
        display_name:
          type: string
          description: Display name.
        parent_type:
          type: string
          description: Parent object type (project).
        virtual_network_properties:
          type: object
          properties:
            vxlan_network_identifier:
              type: integer
              description: VXLAN VNI.
            forwarding_mode:
              type: string
              enum:
                - l2_l3
                - l2
                - l3
              description: Forwarding mode.
            rpf:
              type: string
              enum:
                - enable
                - disable
              description: Reverse path forwarding setting.
        network_ipam_refs:
          type: array
          description: IP address management references with subnet configuration.
          items:
            type: object
            properties:
              to:
                type: array
                items:
                  type: string
              attr:
                type: object
                properties:
                  ipam_subnets:
                    type: array
                    items:
                      type: object
                      properties:
                        subnet:
                          type: object
                          properties:
                            ip_prefix:
                              type: string
                            ip_prefix_len:
                              type: integer
                        default_gateway:
                          type: string
                        dns_server_address:
                          type: string
        route_target_list:
          type: object
          properties:
            route_target:
              type: array
              items:
                type: string
              description: BGP route targets for import/export.
        is_shared:
          type: boolean
          description: Whether the network is shared across projects.
        router_external:
          type: boolean
          description: Whether the network provides external connectivity.
    NetworkPolicy:
      type: object
      properties:
        uuid:
          type: string
          format: uuid
        fq_name:
          type: array
          items:
            type: string
        network_policy_entries:
          type: object
          properties:
            policy_rule:
              type: array
              items:
                type: object
                properties:
                  direction:
                    type: string
                    enum:
                      - '>'
                      - '<>'
                    description: Traffic direction (unidirectional or bidirectional).
                  protocol:
                    type: string
                    description: IP protocol (tcp, udp, icmp, any).
                  action_list:
                    type: object
                    properties:
                      simple_action:
                        type: string
                        enum:
                          - pass
                          - deny
                      apply_service:
                        type: array
                        items:
                          type: string
                        description: Service chain instance FQN list.
                  src_addresses:
                    type: array
                    items:
                      type: object
                      properties:
                        virtual_network:
                          type: string
                        security_group:
                          type: string
                        subnet:
                          type: object
                          properties:
                            ip_prefix:
                              type: string
                            ip_prefix_len:
                              type: integer
                  dst_addresses:
                    type: array
                    items:
                      type: object
                      properties:
                        virtual_network:
                          type: string
                        security_group:
                          type: string
                  src_ports:
                    type: array
                    items:
                      type: object
                      properties:
                        start_port:
                          type: integer
                        end_port:
                          type: integer
                  dst_ports:
                    type: array
                    items:
                      type: object
                      properties:
                        start_port:
                          type: integer
                        end_port:
                          type: integer
    SecurityGroup:
      type: object
      properties:
        uuid:
          type: string
          format: uuid
        fq_name:
          type: array
          items:
            type: string
        security_group_entries:
          type: object
          properties:
            policy_rule:
              type: array
              items:
                type: object
                properties:
                  direction:
                    type: string
                    enum:
                      - '>'
                      - '<>'
                  protocol:
                    type: string
                  ethertype:
                    type: string
                    enum:
                      - IPv4
                      - IPv6
                  src_addresses:
                    type: array
                    items:
                      type: object
                      properties:
                        subnet:
                          type: object
                          properties:
                            ip_prefix:
                              type: string
                            ip_prefix_len:
                              type: integer
                        security_group:
                          type: string
                  dst_addresses:
                    type: array
                    items:
                      type: object
                      properties:
                        subnet:
                          type: object
                          properties:
                            ip_prefix:
                              type: string
                            ip_prefix_len:
                              type: integer
                  dst_ports:
                    type: array
                    items:
                      type: object
                      properties:
                        start_port:
                          type: integer
                        end_port:
                          type: integer