Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Centralized Deployment Overview


The Cloud CPE Centralized Deployment Model (centralized deployment or vCPE) differs from the other deployments discussed in this guide in that the centralized deployment requires that the service provider install and maintain a Contrail Cloud instance in their network. This Contrail Cloud instance is needed in order to host the VNFs and the CSO installation.

In the centralized deployment, customers access network services remotely from a service provider’s cloud. Sites that access network services in this way are called service edge sites in this documentation. Figure 1 illustrates a simplified centralized deployment.

Figure 1: Simplified Centralized Deployment
Centralized Deployment

The following sections provide a high-level look at the Centralized Deployment Architecture and a walkthrough of one possible way to set up CSO for Centralized Deployment. Appendix A presents the details of a Centralized Deployment Reference Architecture.

Centralized Deployment Architecture Overview

CSO’s Centralized Deployment Model uses some of the architectural elements used by the other deployment models, but not all of them. Due to its centralized nature, this model doesn’t support:

  • CPE devices at remote sites as used in Hybrid WAN and SD-WAN deployments

  • Overlay networks as used in SD-WAN deployments

  • VNFs hosted anywhere outside of the Contrail implementation inside the SP cloud

Now that we have mentioned what is not supported, we’ll tell you what architectural elements are supported.

In the Centralized deployment, you need to have:

  • A Contrail implementation

  • A provider edge (PE) router that provides access to the SP cloud for the remote sites

  • A POP, either central or regional in which the PE router resides

  • A specific Virtual Infrastructure Manager (VIM)

  • (Optional) An Element Management System (EMS)

Generally, the connection from the remote site to the Service Provider cloud can be over any transport so long as a connection can be made. Any L2 or L3 connectivity works. We recommend some sort of VPN connection in order to secure the connection from bad actors. Juniper supports the use of an MX Series router as the provider edge (PE) device. Use of a Services line card is required if using an MX Series router to terminate IPsec VPN traffic. Table 1 shows the hardware and software that can be used as the PE router in a centralized deployment

Table 1: Hardware and Software Matrix for the PE Router in the Centralized Deployment Model



Models Supported

Junos OS Software Release Version

PE Router

MX Series 3D Universal Edge Router

  • MX960, MX480, or MX240 router with

    a Multiservices MPC line card

  • MX80 or MX104 router with Multiservices MIC line card

  • Other MX Series routers with a Multiservices MPC or Multiservices MIC line card

    See MPCs Supported by MX Series Routers Login required and MICs Supported by MX Series Routers Login required for information about MX Series routers that support Multiservices MPC and MIC line cards.

Junos OS Release 16.1R3.00

The SP network is usually an MPLS network. CSO is deployed as part of the Contrail implementation either in the SP Data Center or elsewhere in the cloud.