Add an SD-WAN On-Premise Spoke Site

The following illustration shows a simple SD-WAN topology.

Before you add an on-premise spoke site:

Add an enterprise hub site.
Connect cables to the device according to your network design and power on the device.
Note
This task assumes that the device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.
For more information about connecting the cables and connecting the device to a console, see the documentation for the CPE device as listed in Table 1. .
Ensure that ESP protocol traffic is allowed on the network.

Ensure that the ports listed in Table 1 are open on the network.

Note

Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions, see the Release Notes for that release.

Table 1: CPE Devices, Port Information, and Documentation Links

Device Model	NAT/Firewall Ports	CPE WAN Link Ports	Hardware Documentation
SRX4x000 devices	443 500 4500	`xe-0/0/0` `xe-0/0/1` `xe-0/0/2` `xe-0/0/3`	SRX4100 SRX4100 SRX4200 SRX4200
SRX3xx devices, SRX550M, and vSRX devices	443 500 4500	`ge-0/0/0` `ge-0/0/1` `ge-0/0/2` `ge-0/0/3`	SRX300 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx300-chassis.html SRX320 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx320-chassis.html SRX340 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx340-chassis.html SRX345 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx345-chassis.html SRX550M https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx550-hm-chassis.html
NFX250	443 500 4500 7804	`ge-0/0/10` `ge-0/0/11` `xe-0/0/12` `xe-0/0/13`	NFX250 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/nfx250-chassis.html
NFX150	443 500 4500	`heth4` `heth5` `heth2` `heth3`	NFX150 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/chassis-nfx150-physical.html

If you are using a GRE-only overlay between an SRX CPE and a hub device, ensure that GRE Traffic is enabled between CPE and the hub device.

To add an on-premise spoke site for SD-WAN:

From the Sites page (Resources > Site Management) of the CSO portal, click Add and select On-Premise Spoke Site.
The Add Site wizard appears.
Complete the settings as explained in Table 2.

Click OK to add the site.

When the site is successfully created, the Site Status in the Sites page changes to Provisioned.

Table 2: SD-WAN On-Premise Spoke Site Settings

Field	Description
General
Site Name	Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 10 characters.
Site Capabilities	Select SD-WAN.
Primary Hub	Select an enterprise hub site as the primary hub from the list of available hub sites. If there is only one hub site available, that one is selected by default.
WAN
Device Series	Select the CPE device.
Device Template	Select a device template for the CPE device.
Serial Number	Enter the serial number of the CPE device.
Auto Activate	If the selected device template supports ZTP, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added. The Activation Code field appears if the selected device template does not support ZTP or if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.
Link Type	Specify whether the link is an Internet link or an MPLS link. If you select Internet as the Link Type, select the Access Type. The access type options available for Internet link are: Ethernet, LTE, ADSL, and VDSL.
Egress Bandwidth	Specify the maximum bandwidth allocated for the WAN link.
Address Assignment	Specify whether to use DHCP or Static addresses. If you select Static, specify a Static IP Prefix and Gateway IP Prefix.
Service Provider	Enter the name of the service provider.
Cost per month	Enter the per month cost of the link. This information is used to identify the least expensive link when link switch occurs.
LAN Segment
Add LAN Segment	Click to add a LAN segment.
Name	Enter a unique name for the LAN segment.
Gateway Address/Mask	Enter a valid gateway IP address andmask for the LAN segment; for example, 192.0.2.8/24.
Department	Select a department from the list; if no department is available, click Create Department and add one. A department is a grouping of LAN segments within a site. You use departments to apply specific policies to LAN segments that are members of a department.
CPE Port	Select at least one CPE port.

After the site is provisioned, you can complete the following tasks as required:

Upload and install licenses. For example, Administration > Licenses.
Install signatures. For example, Administration > Signature Database.
Add, edit, and deploy an SD-WAN policy. For example, Configuration > SD-WAN Policy .
Create and generate reports. For example, Reports > Report Definitions > SD-WAN.
Monitor alerts and alarms, SLA performance of tenants, and jobs. For example, Monitor > Jobs.

For more information about these tasks, see the Contrail Service Orchestration user guide at https://www.juniper.net/ documentation/product/en_US/contrail-service-orchestration.

Add an SD-WAN On-Premise Spoke Site

Related Documentation