Add an SD-WAN On-Premise Spoke Site with LAN for Branch Networks
The following image illustrates a simple network topology that contains a CPE and an EX Switch. The CPE can be an SRX Series device or an NFX250 device.
After you connect the devices as shown in the topology diagrams and power on the devices, log into the CSO portal and add an SD-WAN site.
Before you add an on-premise spoke site:
Add an enterprise hub site.
Connect cables to the device according to your network design and power on the device.
This task assumes that the CPE device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.
For more information about connecting the cables and connecting to the device console, see the documentation for the CPE device. The port numbers including the WAN link ports for each of the supported CPE device models and the NAT and firewall ports that need to be enabled and links to the hardware documentation for the supported models are provided in Table 1.
Ensure that ESP protocol traffic is allowed on the network.
Ensure that the ports listed in Table 1 are open.
Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions, see the Release Notes for Contrail Service Orchestration Release 5.0.0.
CPE WAN Link Ports
SRX3xx devices, SRX550M, and vSRX devices
Among the supported LAN devices, only EX4300 supports ZTP. For EX2300 and EX3400 devices, you must manually copy the stage-1 configuration from CSO to the device console and commit before you can activate the device.
If you are using a GRE-only overlay between an SRX CPE and a hub device, ensure that GRE Traffic is enabled between CPE and the hub device.
To add an SD-WAN site with a CPE device and a LAN device:
- From the Sites page (Resources > Site
Management) of the CSO portal, click Add and select On-Premise Spoke Site.
The Add Site wizard appears.
- Complete the configuration as explained in Table 2
- Click Save.
When the site is successfully provisioned, the Site Status in the Sites page changes to Provisioned.
To activate the switch, you must manually configure the stage-1 configuration on the switch.
- On the Site Activation page, after the Prestage Device step completes successfully for the switch, the View Stage-1 Configuration link appears next to the Prestage Device step.
- Click the View Stage-1 Configuration link.
The Stage-1 Configuration page appears displaying the stage-1 configuration.
- Copy the stage-1 configuration and log in to the CLI of the EX Series switch.
- Enter the configuration mode, paste, and commit the configuration.
After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO. CSO then executes the bootstrap and provisioning processes on the switch and completes provisioning the switch.
Table 2: SD-WAN On-Premise Spoke Site Settings
Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 10 characters.
Select SD-WAN and LAN.
Select an enterprise hub site as the primary hub from the list of available hub sites. If there is only one hub site available, that one is selected by default.
Select the CPE device.
Select a device template for the CPE device.
Enter a unique name for the CPE device.
Enter the serial number of the CPE device.
If the selected device template supports ZTP, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added.
The Activation Code field appears if the selected device template does not support ZTP or if you disable the Auto Activate option.
In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.
Specify whether the link is an Internet link or an MPLS link.
If you select Internet as the Link Type, select the Access Type. The access type options available for Internet link are: Ethernet, LTE, ADSL, and VDSL.
Specify the maximum bandwidth allocated for the WAN link.
Specify whether to use DHCP or static addresses.
Enter the name of the service provider.
Cost per month
Enter the per month cost of the link. This information is used to identify the least expensive link when link switch occurs.
Enter a unique name for the device.
Select the type of the device.
Specify the serial number of the switch.
Auto Activate is enabled by default. When Auto Activate is enabled, the device activation is automatically triggered when the site is added. The Activation Code field appears if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.
After you add the site, you can complete the following tasks as required:
If Auto Activate is not enabled for the devices, ensure that device is activated before you install licenses or signatures, or deploy policies.
If the EX Series switch has Mist access points associated with that, you could integrate the Mist access points with CSO. For more information about integrating Mist access points with CSO, see Enabling Integration with Mist Access Points.
Upload and install licenses. For example, Administration > Licenses.
Add, edit, and deploy an SD-WAN policy. For example, Configuration > SD-WAN Policy.
Create and generate reports. For example, Reports > Report Definitions > SD-WAN.
Monitor alerts and alarms, SLA performance of tenants, and jobs. For example, Monitor > Jobs.
For more information about these tasks, see the Contrail Service Orchestration documentation at https://www.juniper.net/ documentation/product/en_US/contrail-service-orchestration.