Hybrid WAN (Distributed) Deployment Architecture
In the distributed CPE deployment the Contrail Services Orchestration (CSO) software resides in the service provider’s cloud, and is operated by the service provider in order to provide network services at customer sites.
Figure 1 shows a simple diagram of the distributed CPE solution. The cloud represents the service provider network to which the customer site is connected.
As mentioned previously, the distributed Cloud CPE deployment makes use of on-premises CPE devices in order to localize the delivery of network services and provide gateway router (GWR) functionality. In this case, the Juniper Networks NFX Series or SRX Series devices act as the CPE devices. In the case of NFX as CPE, the GWR function is provided by a built-in vSRX VNF and network services are hosted and provided from within the NFX that is located at the customer site. This makes the network services extremely responsive from the point of view of the customer LAN, while negating the need for customer traffic to traverse the WAN in order to access the services. In the case of an SRX Series device as the managed CPE device, only services native to the SRX, firewall, NAT, and UTM, can be provisioned and managed at the customer site by CSO. Other services, such as WAN optimization must be provisioned and managed separately from the SRX and cannot be managed by CSO.
The distributed Cloud CPE deployment also makes use of a provider edge (PE) router in the service provider cloud. The PE router acts as a IPSec concentrator, terminating IPSec tunnels, and a PE router, providing policy-based access to the service provider’s MPLS network. The PE and CPE devices communicate over one or more WAN links and make use of MPLS/GRE or IPSec tunnels.
Table 1: Hardware and Software Matrix for CPE Devices in a Hybrid WAN Deployment
Junos OS Software Release Version
PE Router and IPsec Concentrator (Hybrid WAN deployment only)
MX Series 3D Universal Edge Router
Junos OS Release 16.1R3.00
CPE device (Hybrid WAN deployment) or spoke device (SD-WAN implementation)
For NFX250: Junos OS Release 15.1X53-D496
For NFX150: Junos OS Release 18.2X85-D11
For SRX Series: Junos OS Release 15.1X49-D161
Selection of services, and some service management capabilities can be allocated to the customer by the service provider using the CSO Administrator Portal. The customer would then access whatever service selection and management capabilities allowed by using the Customer Portal.
CSO manages the lifecycle of the VNFs hosted on the NFX CPE devices from creation in Network Designer, through instantiation, deployment, and finally through replacement or retirement.