This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 4.0.1. For new and changed features in CSO Release 4.0.0, see the CSO 4.0.0 Release Notes at https://www.juniper.net/documentation/en_US/cso4.0/information-products/pathway-pages/4.0/index.html.
Secure OAM redundancy—CSO Release 4.0.1 supports redundancy for a cloud hub with Operation, Administration, and Maintenance (OAM) capability. If a fault or an outage occurs at the service provider’s OAM network beyond the primary OAM hub, the OAM connectivity is automatically restored through the secondary OAM hub without any user intervention.
Support for PPPoE—CSO Release 4.0.1 supports Point-to-Point Protocol over Ethernet (PPPoE) on NFX250 and NFX150 CPE devices with vSRX as the gateway router. You can enable PPPoE only for SD-WAN sites that support ADSL or VDSL.
IPsec tunnel encryption—From CSO Release 4.0.1 onward, the following IPsec tunnel encryption types are supported for SD-WAN deployments:
3DES-CBC
AES-128-CBC
AES-128-GCM
AES-256-CBC
AES-256-GCM
The default encryption type is AES-256-GCM.
PKI certificates—From CSO Release 4.0.1 onward, CSO supports public key infrastructure (PKI) certificates for IPsec tunneling on NFX250, NFX150, and SRX Series devices for SD-WAN deployments.
OAM-only hub
Data-only hub