Tungsten Fabric (TF) represents a fundamentally different approach to SDN—rather than controlling physical switches via OpenFlow, it provides cloud-native overlay networking for virtualized and containerized workloads. Originally developed by Juniper Networks and now part of the Linux Foundation Networking umbrella, Tungsten Fabric has become the go-to SDN solution for organizations building private clouds, Kubernetes platforms, and multi-cloud architectures where software-defined overlays matter more than physical infrastructure control.
This is part of our comprehensive SDN Controller Comparison Guide, where we evaluate leading open-source SDN controllers—though Tungsten Fabric serves a distinct use case compared to OpenFlow-based controllers like ONOS, ODL, and Faucet.
Tungsten Fabric at a Glance
| Attribute | Details |
|---|---|
| Best For | Cloud infrastructure, Kubernetes, OpenStack, NFV |
| Architecture | Microservices-based, cloud-native |
| Programming Languages | C++, Python, Go, Node.js |
| Primary Protocols | XMPP (vRouter control), BGP (inter-domain) |
| Data Plane | Custom vRouter (kernel module or DPDK) |
| Clustering | Zookeeper-based coordination, horizontally scalable |
| Community | Linux Foundation Networking |
| Key Differentiator | Overlay networking for clouds, not physical infrastructure |
| Deployment Complexity | High (distributed microservices architecture) |
| License | Apache License 2.0 |
What Tungsten Fabric Does Best:
- Overlay networking for VMs and containers
- Multi-tenant isolation and security
- OpenStack and Kubernetes native integration
- Service Function Chaining for NFV
- Multi-cloud consistent networking
- Microservices-based scalability and resilience
Architecture Deep Dive
Tungsten Fabrics architecture is composed of two major software components: TF vRouter and TF Controller.
- VRouters need to be run in each host or compute node in the network. It replaces the Linux bridge and traditional routing stack IP tables, or OpenVSwitch networking on the compute hosts.
- The TF Controller communicates with the vRouters via Extensible Messaging and Presence Protocol (XMPP) to apply the desired networking and security policies.
TF Controllers consists of following software services:
- Control and Configuration services for communicating with vRouters and maintaining the network topology and network policies.
- Analytics services for telemetry and troubleshooting.
- Web UI services for interacting with users.
- And finally, services to provide integration with private and public could, CNI plugins, virtual machine and bare metal.
Tungsten Fabric version 5.0 and later architecture use microservices based on Docker containers as shown in figure below to deploy the services mentioned above. This makes the controller resilient against failure and highly available which result in the customer user experience.
Modularity and Extensibility
TF microservice-based architecture allows developing particular services based on the performance requirement and increasing load. Also, microservices by nature are modular which makes the maintenance and extensibility of the platform easy whilst isolating the failure of services from each other.
Scalability
- TF proceeds towards cluster scalability in a modular fashion. This means each TF role can be scaled horizontally by adding more nodes for that related role. Also, the number of pods for each node is scalable. Zookeeper has been used to choose the active node so the number of pods deployed in the Controller and Analytics nodes must be an odd number according to the nature of the Zookeeper algorithm.
Architectural Scalability
- TF supports BGP protocol and each TF controller can be connected to other controllers via the BGP protocol. This means TF can be used to connect different SDN islands.
Interfaces
- Southbound: TF uses the XMPP protocol for communicating with vRouters (data plane) to deliver the overlay SDN solution. BPG also can be used to communicate with legacy devices.
- Northbound: TF supports Web GUI and RESTful APIs. Plug-ins integrate with other platforms such as orchestrators, clouds and OSS/BSS.
Telemetry
Analytics nodes extract usable telemetry information form infrastructure. The data can then be normalised to the common format and the output is sent via the Kafka service into a Cassandra database. This data can be used in a multitude of ways operationally, from problem solving to capacity planning. Redis uses the data for generating graphs and running queries. The Redis pod is deployed between the analytics pod and the Web UI pod.
Resilience and Fault Tolerance
The modular architecture of Tungsten Fabric makes it resilient against failure, with typically several controllers/pods running on several servers for high availability. Also, the failure of a service is isolated, so it does not affect the whole system. The API and Web GUI services are accessed through a load balancer. The load balancer can allow pods to be in different subnets.
Programming Language
TF supports C++, Python, Go, Node.js.
Community
TF was first associated with Juniper but is now supported under the Linux Foundation Networking umbrella and boasts a large developer and user community.
