A cloud spoke represents an automation endpoint (virtual machine (VM) or an EC2 Instance) running with Juniper Networks vSRX image in the Amazon Web Services(AWS) virtual private cloud (VPC). The cloud spoke sites are connected with the hub sites using the overlay connections. You create a cloud spoke site from the Sites page. This topic describes how to create a cloud site for a tenant.
To create a cloud spoke site:
The Sites page appears.
The Add Site for Tenant Name page appears.
Table 167: Fields on the Add Cloud Spoke Site Page
Field | Description |
|---|---|
| Site Information | |
Site Name | Enter a unique name for the site. Enter a unique string of alphanumeric characters and special character (-). The maximum length is 15 characters. Example: aws-cloud-spoke |
Site Type | Displays the site type as Spoke. This field cannot be modified. |
Tenant Topology | Displays the topology of the tenant that was selected during the creation of the tenant. This field cannot be modified. Note: Only hub-and-spoke topology is supported. |
Site Group | (Optional) Select a site group to which you want to assign the site. Example: cloud-spoke |
Cloud Information | |
Region | Select the region to which the site belongs. The regions in CSO are mapped to the regions in the AWS account. Example: Ohio |
VPC ID | Enter the VPC ID from the AWS account. Ensure that the VPC is attached to the Internet gateway. ProcedureTo obtain VPC ID:
Ensure that the VPC is attached to the Internet gateway. ProcedureTo check whether VPC is attached:
Example: vpc-6d810314 |
Management Subnet | Specify whether CSO must create a new subnet or use an existing subnet from the AWS account. The management subnet of vSRX is used to push the initial stage-1 configuration. The following options are available:
|
IP Prefix | Enter the management IP prefix. The first four IP addresses in the subnet are reserved by AWS. For example, IP addresses x.x.x.0/x through x.x.x.3/x are always reserved by AWS. Hence, provide an IP prefix other than the reserved IP prefix. Example: 105.0.1.5/24 |
| Connectivity Requirements | Click a connection plan to select the plan for WAN connectivity. A connection plan contains information prepopulated from the device template, and includes the device information, a list of SD-WAN features supported, and the number of links supported. Note: vSRX as SD-WAN spoke in AWS template supports cloud spoke site for AWS VPC. |
WAN Underlay Links | |
WAN_0 WAN_1 | Select the check boxes to configure the WAN links. Depending on the connection plan selected, you can configure up to two WAN links per site that support SD-WAN. You can configure these links as MPLS or Internet links. |
Name | Displays the name of the WAN link. This field cannot be modified. |
Type | Displays the connection type for WAN underlays. Only Internet link is supported. |
Subscribed Bandwidth | Enter the maximum bandwidth (in Mbps) to be allowed for a specific WAN link. |
Provider | Enter the name of the Internet Service Provider (ISP). |
Cost/Month | Enter the cost per month of the subscribed bandwidth in the specified currency. In bandwidth-optimized SD-WAN, this information is used to identify the least-expensive link to route traffic if multiple WAN links meet SLA profile parameters. For more information on link switching based on the cost parameter, see Cost-Based Link Switching. |
Static IP Prefix | Enter the private IPv4 address from the subnet. For example, if the IPv4 CIDR address is 105.0.2.0/24 for a WAN interface in the AWS account, then enter any IP address inside the subnet. The first four IP addresses in the subnet are reserved by AWS. Hence, provide an IP prefix other than the reserved IP prefix. Example: 105.0.2.12/24 |
Gateway IP | Enter the IPv4 address for the gateway. Typically, the first IP address in the subnet is selected for gateway IP address. Example: 105.0.2.1 |
Elastic IP | Elastic IP address is a public, static IPv4 address designed for dynamic cloud computing. The public IP address is mapped to the privet subnet IP using one-to-one NAT. You must allocate the IP addresses based on the number of WAN links that are enabled. For example, If two WAN links are enabled, then you must allocate two elastic IP addresses. Example: 34.213.255.184 |
Traffic Type | Select the traffic type. The options available are:
Note: You must select at least one WAN link with the OAM_AND_DATA traffic type. |
| Additional Requirements | Based on the connectivity requirement, the following fields are populated: |
Default Links | Select the default links that must be used for routing traffic. The site can have multiple default links to the hub site as well as to the Internet. Default links are used primarily for overlay traffic but can be used for local breakout traffic as well. A default link cannot be used exclusively for local breakout traffic. The default link is optional and in case it is not chosen, all links are used through equal-cost multipath (ECMP). |
Backup Link | Select a backup link through which traffic can be routed when the primary links are unavailable. You cannot select the default link as the backup link. Note that you cannot assign the backup link for exclusive breakout traffic (the Use only for breakout traffic option). If local breakout is enabled for the site, the breakout traffic is also routed through the backup link when the breakout link is not available. When a primary link comes back online, CSO monitors the performance on the primary link and when the primary link meets the SLA requirements, the traffic is switched back to the primary link. However, note that the SLA data is not monitored for the backup link. |
Enable Local Breakout | Click the toggle button to enable local breakout on the site. |
Links for Breakout | Select the WAN links on which you want to enable local breakout. You can also choose to use any one WAN link exclusively for local breakout traffic or for both local breakout and WAN traffic. |
Preferred Breakout Link | Select the preferred link for local breakout. If no link is selected, then the breakout link is chosen using ECMP from the available links. |
| LAN Segments | Add at least one LAN segment. |
Name | Enter a unique string of alphanumeric characters and special characters ( -). No spaces are allowed and the maximum length is 15 characters. |
Ports | Select a LAN port from the drop-down list. Note: The ports in LAN segment must be contiguous. For example, If both WAN_0 and WAN_1 are enabled and are using interfaces ge-0/0/0 and ge-0/0/1 respectively, then LAN_0 must use ge-0/0/2. If only WAN_0 is enabled and is using interface ge-0/0/0, the LAN_0 must use ge-0/0/1. |
IP Address Prefix | Enter one or more IPv4 prefixes for the LAN segment for the service. The IP prefix is for the network on the LAN side of the CPE device with vSRX instance. Go to AWS account, check the subnet and provide an IPv4 address within the subnet. The first four IP addresses in the subnet are reserved by AWS. Hence, provide an IP prefix other than the reserved IP prefix. Example: 105.0.4.5/24 |
Department | Select a department to which you want to assign the LAN segment. Click Create Department to create a new department and assign the LAN segment to it. You group LAN segments as departments for ease of management and for applying policies at the department level. |
| Departments | Create departments to group LAN segments within a site. You use departments to apply specific policies to LAN segments that are members of a department. |
Name | Enter a name for the department. |
Description | Enter a description for the department. |
VPN | Select a VPN to which you want to assign the department. |
The newly created cloud site is displayed on the Sites page.