Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Single Site

 

After you add a site, you use the Configure Site page to specify the underlay configuration and the device-related configuration.

To configure a site:

  1. Click Sites > Site Management.

    The Sites page appears.

  2. Select a site and click the Configure Site button .

    The Configure Site Site Name page is displayed.

  3. Complete the configuration settings according to the guidelines provided in:
    • Table 1 for on-premise spoke sites and gateway sites.

    Note

    Fields marked with an asterisk (*) are mandatory.

  4. (Optional) After you complete the site configuration, you can click the Download as JSON link to download the configuration (in JavaScript Object Notation [JSON] format) for later use (if needed).
  5. Click OK.

    The site configuration is saved and you are returned to the Sites page. The secure OAM configuration is deployed on the cloud hub or hubs attached to the site.

    If no activation code is needed to activate the device, then the Zero Touch Provisioning (ZTP) workflow is started as soon as device communicates with Contrail Service Orchestration (CSO). If an activation code is needed to activate the device, you must enter an activation code to start the ZTP workflow. For more information, see Activating a CPE Device.

Table 1: Fields on the Configure Site <Site-Name> Page (On-Premise Spoke and Gateway)

Field

Description

Applicable To

Site Type

Displays the site type.

Gateway

On-premise spoke

Management Region

Displays the regional server with which the CPE device communicates based on the information in the device template. This field cannot be modified.

Gateway

On-premise spoke

Hub Multihoming

Displays whether multihoming was enabled or disabled on the site during the addition of the site. This field cannot be modified.

Gateway

On-premise spoke

Selected Plan

Displays the connection plan that you selected when you created the site. This field cannot be modified.

Gateway

On-premise spoke

Device Model

Select a device model from the list. Device models are listed based on the connection plan that you selected while creating the site.

Note: This field is applicable only if you select an NFX150 connection plan.

 

Configuration—The fields displayed are based on the parameters that you specified during the site addition workflow.

Connectivity 

Primary Hub Site

Select the hub site (or primary hub site in case of multihoming) to which the gateway site or spoke site must connect.

Gateway

On-premise spoke

Secondary Hub Site

If you configured multihoming during site addition, select the secondary hub site to which the gateway site or spoke site must connect.

Gateway

On-premise spoke

Gateway Site

Select the gateway site with which you want to associate the on-premise spoke site. If you specify a gateway site, then the initial site-to-site traffic as well as the central breakout (backhaul) traffic (if applicable) is sent through the gateway site instead of the cloud hub site.

On-premise spoke

Management Connectivity

 

IP Prefix

Enter the IPv4 prefix to be used for the OAM traffic. This IP address must be unique across the entire management network.

  • For NFX150 and NFX250 devices, if the USE_SINGLE_SSH_TO_NFX parameter is disabled in the device template, then enter the IP address prefix as /29 or lower based on the number of VNFs.

  • For all other devices, enter the IP address prefix as /32.

Gateway

On-premise spoke

PPPoE Settings

 

Username

Specify the username to be used for authentication with the PPPoE server.

Gateway

On-premise spoke

Password

Specify the password to be used for authentication with the PPPoE server.

Gateway

On-premise spoke

Authentication Protocol

Select the authentication type to use for PPPoE authentication:

  • Password authentication protocol (PAP)

  • Challenge handshake authentication protocol (CHAP).

Gateway

On-premise spoke

WAN_0

  

WAN Interface

Displays the interface name configured in the device template. This field cannot be modified.

Gateway

On-premise spoke

Link Type

Displays the link type (MPLS or Internet) configured during the site addition workflow. This field cannot be modified.

Gateway

On-premise spoke

Use for Fullmesh

Click the toggle button to specify that the WAN link is part of a fullmesh topology.

Gateway

On-premise spoke

Mesh Tag

Note: This field is applicable only if you enable the Use for Fullmesh toggle button.

You can associate a WAN link with one or more mesh tags:

  • For an on-premise spoke site, you can select one mesh tag.

  • For a gateway site you can select one or more mesh tags.

Matching mesh tags are one of the criteria used to form tunnels between sites that support meshing.

For more information about mesh tags, see Mesh Tags Overview

Gateway

On-premise spoke

Mesh Overlay Link Type

Note: This field is applicable only if you enable the Use for Fullmesh toggle button.

If the link type is Internet, by default value the mesh overlay link type is GRE_IPSEC.

If the link type is MPLS, select one of the following options:

  • GRE-IPSEC

  • GRE

Gateway

On-premise spoke

Connects To Hubs

Click the toggle button to specify that the WAN link of the site connects to a hub.

Note:

  • For sites with a single CPE, you must enable at least one WAN link to connect to the hub so that OAM traffic can be transmitted.

  • For sites with a dual CPE, you must enable at least one WAN link per device to connect to the hub so that OAM traffic can be transmitted.

Gateway

On-premise spoke

Use for OAM Traffic

If you specified that the WAN link is connected to a hub, click the toggle button to enable the WAN link for transmitting OAM traffic. This WAN link is then used to establish the OAM tunnel.

Gateway

On-premise spoke

Address Assignment

Select the method of assigning an IP address to the WAN link:

  • For spoke sites, you can choose to specify a static IP addresss or allocate the IP address by using the DHCP server of the service provider of the WAN link.

  • For gateway sites, only static IP address assignment is supported.

Gateway

On-premise spoke

Static IP Prefix

If you configured the address assignment method as static, enter the IP address prefix of the WAN link.

Gateway

On-premise spoke

Gateway IP

If you configured the address assignment method as static, enter the IP address of the gateway of the service provider of the WAN link.

Gateway

On-premise spoke

Traffic Type

For non-NFX250 devices, this field displays that only data traffic can be transmitted and cannot be modified.

For NFX250 devices, you can select whether you want to use the WAN link to transmit only data traffic (DATA_ONLY) or both management traffic and data traffic (OAM_AND_DATA).

Note: To enable communication with CSO for the creation of the gateway router:

  • For sites with a single CPE NFX250, at least one WAN link must be configured as OAM_And_DATA.

  • For sites with dual CPE NFX250, at least one WAN link per device must be configured as OAM_And_DATA.

Gateway

On-premise spoke

Data VLAN ID

Enter the VLAN ID associated with the WAN link.

Gateway

On-premise spoke

Local Breakout

Displays whether local breakout was enabled on the WAN link during addition of the site. This field cannot be modified.

If the WAN link is selected to be used for only local breakout traffic, then fields related to the Overlay Tunnel configuration are not displayed.

Gateway

On-premise spoke

Autocreate Source NAT Rule

If the WAN link is enabled for local breakout, you can click the toggle button to enable interface-based source NAT on the WAN link. The automatically-created source NAT rule is implicitly defined and applied to the site and is not visible on the NAT Policies page.

By default, this field is disabled.

Note: If this option is enabled for a WAN interface W1 during the site addition workflow, a series of NAT source rules are automatically created. Each automatically created NAT rule is from a zone to the WAN interface, with a translation of type interface. Each pair of [zone - interface] represents a rule-set.

For example, the following zone to W1 interface rule-set might be created:

Zone1 --> W1: Translation=Interface

Zone2 --> W1: Translation=Interface

Zone3 --> W1: Translation=Interface

To manually override any of these rules, you can create a NAT rule within a particular rule-set. For example, to use a source NAT pool instead of an interface for translation, create a NAT rule within this particular rule-set, that includes the relevant zone and WAN interface as the source and destination. For example:

Zone1 --> W1 : Translation=Pool-2

The manually created NAT rule is placed at a higher priority than the corresponding automatically created NAT rule.

You can also add other fields (such as addresses, ports, protocols, and so on) as part of the source or destination endpoints. For example:

Zone1, Port 56578 --> W1: Translation=Pool-2

Gateway

On-premise spoke

Overlay Tunnel or Overlay Tunnel 1—Fields related to this section are displayed only if the Connect to Hubs field is enabled. In addition, if multihoming is enabled on the site, two overlay tunnels must be configured.

Tunnel Type

Select the tunnel type (GRE or GRE over IPsec) to be used for the creation of overlay tunnels.

Gateway

On-premise spoke

Peer Device

Displays the peer hub device to which the site is connected.

Gateway

On-premise spoke

Interface Name

Select the interface name of the hub device to which the WAN link of the site is connected.

Gateway

On-premise spoke

Overlay Tunnel 2—Fields related to this section are displayed only Connect to Hubs field and multihoming are enabled. Refer to the fields described for Overlay Tunnel 1 for an explanation of the fields.

WAN_1

Depending on the number of WAN links enabled during the site addition workflow, the fields related to those WAN link are displayed. Refer to the fields described for WAN_0 for an explanation of the fields

Gateway

On-premise spoke

WAN_2

Depending on the number of WAN links enabled during the site addition workflow, the fields related to those WAN link are displayed. Refer to the fields described for WAN_0 for an explanation of the fields

Gateway

On-premise spoke

WAN_3

Depending on the number of WAN links enabled during the site addition workflow, the fields related to those WAN link are displayed. Refer to the fields described for WAN_0 for an explanation of the fields

Gateway

On-premise spoke

Advanced Config 

Name Server IP List

Specify one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type address, press Enter, and then type the next address, and so on.

DNS servers are used to resolve hostnames into IP addresses.

Gateway

On-premise spoke

NTP Server IP List

Specify the fully qualified domain names (FQDNs) or IP addresses of one or more NTP servers.

Example: ntp.example.net

The site must have DNS reachability to resolve the FQDN during site configuration.

Gateway

On-premise spoke

Select Time Zone

Select the time zone for the site.

Gateway

On-premise spoke

Devices 

Assign CPE Devices

 

Serial Number

For a single CPE device, enter the serial number of the CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

Gateway

On-premise spoke

Activation Code

If ZTP is supported on a single CPE device and the device template configuration specifies that an activation code must be provided to activate the device, enter the activation code of the CPE device.

Gateway

On-premise spoke

Device Redundancy

Displays whether CPE device redundancy is enabled or disabled for an SD-WAN on-premise spoke site.

Gateway

On-premise spoke

Primary Device Serial Number

Enter the serial number of the primary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

Gateway

On-premise spoke

Primary Device Activation Code

For dual CPE devices, if ZTP is supported on the device and the device template configuration specifies that an activation code must be provided to activate the device, enter the activation code of the primary CPE device.

Gateway

On-premise spoke

Secondary Device Serial Number

For dual CPE devices, enter the serial number of the secondary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

Gateway

On-premise spoke

Secondary Device Activation Code

For dual CPE devices, if ZTP is supported on the device and the device template configuration specifies that an activation code must be provided to activate the device, enter the activation code of the secondary device that your service provider provided.

Gateway

On-premise spoke

Boot Image

If you want to upgrade the device image for an SRX Series or an NFX Series device, select the boot image from the list. The boot image is the device image that was previously uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image (NFX or SRX) is populated based on the connection profile that you selected when you added the site.See Uploading a Device Image.

Gateway

On-premise spoke

Related Documentation