Hybrid WAN Deployment Architecture

In the Hybrid WAN deployment, the Contrail Services Orchestration (CSO) software resides in the service provider’s cloud, and is operated by the service provider to provide network services to the CPE devices at customer sites.

Figure 1 shows a simple diagram of the Hybrid WAN solution. The cloud represents the service provider network to which the customer site is connected.

As mentioned previously, the Hybrid WAN deployment makes use of on-premises CPE devices in order to localize the delivery of network services and provide gateway router functionality. In this case, the Juniper Networks NFX Series or SRX Series devices act as the CPE devices.

In the case of an NFX Series device acting as the CPE, the gateway router function is provided by a built-in vSRX VNF and network services are hosted and provided from within an NFX device that is located at the customer site. This makes the network services extremely responsive from the point of view of the customer LAN, while negating the need for customer traffic to traverse the WAN in order to access the services.

In the case of an SRX Series device as the managed CPE device, only services native to the SRX (such as firewall, NAT, and UTM) can be provisioned and managed at the customer site by CSO. Other services(such as WAN optimization) must be provisioned and managed separately from the SRX and cannot be managed by CSO.

In addition to the CPE devices, the Hybrid WAN solution also makes use of a provider edge (PE) router in the service provider cloud. The PE router terminates IPSec tunnels and provides policy-based access to the service provider’s MPLS network. The PE and CPE devices communicate over one or more WAN links and make use of MPLS/GRE or IPSec tunnels for secure transport. Supported device types for a Hybrid WAN deployment and required software versions are shown in Table 1.

Table 1: Hardware and Software Matrix for CPE Devices in a Hybrid WAN Deployment

Role	Platform	Models Supported	Junos OS Software Release Versions
CPE device	NFX250 Network Services Platforms	NFX250-LS1 device NFX250-S1 device NFX250-S2 device	15.1X53-D497 18.4R3


	NFX150 Network Services Platforms	NFX150-S1 device NFX150-S1E device NFX150-C-S1 device NFX150-C-S1-AE/AA device NFX150-C-S1E-AE/AA device	18.2X85-D12 19.3R2-S1
	SRX Series Services Gateways	SRX300 SRX320 SRX340 SRX345 SRX4100 SRX4200	15.1X49-D172 19.3R2-S1
	SRX Series Services Gateways	SRX1500	19.3R2-S1
	vSRX on an x86 server	vSRX	15.1X49-D172 19.3R2-S1

Note

For the most up to date information on hardware and software support for CSO, see the Contrail Service Orchestration Release Notes.

Selection of services, and some service management capabilities can be allocated to the customer by the service provider using the CSO Administration Portal. The customer would then access the allowed services and management capabilities by using the Customer Portal.

CSO manages the lifecycle of the VNFs hosted on the NFX CPE devices from creation in Network Designer, through instantiation, deployment, and finally through replacement or retirement.

Note

Designer tools such as Network Designer are only available for on-premises deployments of CSO.