SD-LAN Deployment Overview
The SD-LAN deployment focuses on branch site LAN connectivity using specific EX Series switches, Virtual Chassis, and Mist wireless LAN access points. Once deployed, you can manage the connected branch site LANs through the EX switch. You can also manage many aspects of the EX switch or Virtual Chassis itself.
For more information on SD-LAN, see Contrail SD-LAN: Manage Branch and Campus Switching available from the Contrail Service Orchestration Documentation page.
There are several options for deploying an SD-LAN solution:
Behind an Internet Gateway device as a standalone LAN switch in a new SD-LAN deployment, as shown in Figure 1.
As a switch, Virtual Chassis, or set of multiple switches located behind a CSO-managed on-premises spoke device—You can implement this style of SD-LAN as part of a new SD-WAN deployment or an extension of an existing SD-WAN deployment, as shown in Figure 2.
You cannot deploy an EX Series LAN switch behind an NFX150 Series CPE device.
As a switch, Virtual Chassis, or set of multiple switches located behind a CSO-managed NGFW device—You can implement this style of SD-LAN as part of a new NGFW deployment or as an extension of an existing NGFW deployment, as shown in Figure 3.
It is important to note the Internet Gateway Device and the CPE device shown in Figure 1 and Figure 2. The LAN switch deployed at a branch site must be deployed behind an Internet gateway device that is capable of routing traffic to CSO.
An SD-LAN deployment is carried out in the Customer Portal of CSO as a site deployment. The tenant under which the site is deployed must have the LAN service available. This service is included in the tenant configuration by the tenant administrator during tenant onboarding. The remainder of this document provides the steps that you need to perform in order to complete an SD-LAN deployment in CSO.
Table 1 shows the switching and WiFi platforms currently supported for SD-LAN.
Table 1: Hardware and Software Matrix for Devices in an SD-LAN Deployment
Software Release Versions
EX Series Switches
Junos OS 18.4R2
Junos OS 18.4R3-S3
Mist Access Points
Mist AP Firmware 0.3.x and later
For the most up to date information on hardware and software support for CSO, see the Contrail Service Orchestration Release Notes.
For those tenants with LAN service capabilities, you can add an SD-LAN site using EX Series Virtual Chassis. CSO supports EX2300, EX3400, EX4300, EX4600, and EX4650 switches.The number of members supported in a Virtual Chassis are shown in Table 2.
Table 2: EX Series Virtual Chassis Member Count by Switch
Maximum Virtual Chassis Member Count
The Virtual Chassis must be fully formed prior to provisioning in CSO. CSO only requires the primary member’s serial number. Other member devices are automatically discovered during provisioning.
The procedure you follow to complete this task varies slightly depending on whether you are in the role of a CSO tenant administrator or OpCo administrator. A note is used where needed to account for these variances.
This procedure makes the following assumptions:
You have already established your login credentials for CSO.
The tenant for which you are creating the LAN site is called ExampleCo, and has already been created.
The ExampleCo tenant was added with LAN service capabilities.
This example demonstrates deploying a standalone SD-LAN behind an Internet gateway device.
The steps to deploy an SD-LAN site are as follows:
- Log in to CSO using your login credentials.
If you are an OpCo administrator, navigate to Tenants in the left-nav bar and select ExampleCo from the list of tenants on the tenants page. If you are the tenant administrator, you will be placed in the Customer Portal for ExampleCo upon successful login.
- In the Customer Portal for ExampleCo, Navigate
to Resources > Site Management.
The Sites page appears.
- Click the Add button and select Add On-Premise
Spoke (Manual) from the list of options.
The Add On-Premise Spoke Site for ExampleCo page appears.
- In the Site Information section, give the site a name such as LAN-Site1.
- In the Site Capabilities section, click the LAN icon.
Depending on the configuration of the ExampleCo tenant, there may be other icons available. Only select LAN for this example.
- Click the right arrow icon > next to Address
and Contact Information to expand this section.
None of the fields are required, but adding address information for the site allows CSO to place an icon for the site on maps on the monitoring page and show how it is linked to CSO.
- Click the right arrow icon > next to Advanced
The two required fields, Name Server IP List and NTP Server are both pre-populated for you. Make changes as needed for your network to any of the fields.
- Click Next.
The wizard skips past the WAN page to the LAN page.
- In the Device Profile section, fill in the Device Name.
- Select the appropriate Device Type from the pull-down menu.
- (Optional) Select the appropriate Device Model from the pull-down menu.
- In the Switch Details section, enable the Virtual Chassis slider button if you are deploying a Virtual
Chassis at the remote site. Otherwise, leave the slider off.
Enter the Serial Number of the switch or the primary member of the Virtual Chassis in the field.
- The Auto Activate button is turned on by default.
Turn it off if you want to disable auto-activation and use an activation
If you left Auto Activate turned on, skip to step 16.
- (Optional) If you turned off Auto Activate,
enter an activation code in the field that appears.
The code can be any combination of letters and numbers.
Remember this code.
- The Zero Touch Provisioning (ZTP) button is
turned on by default. Turn it off if the switch is not upgraded to
a Junos OS image version with support for a Phone-Home Client. If
ZTP is disabled, you must manually copy (by using CLI), the Stage-1
configuration on to the switch.
ZTP, if left on, begins immediately after the activation procedure.
- (Optional) Enter LAN information for the branch site.
This optional step allows you to define where the remote site LANs are connected to the EX switch. You can define as many LANs as needed by following the next 5 steps.
- Click the Add icon (+).
The Add LAN Segment window appears.
- Enter a name for the LAN segment, such as LAN1, in the field provided.
- (Optional) Enter a VLAN ID for the LAN segment.
If no VLAN ID is needed, you can safely remove the pre-populated value from the field.
- Click Save when finished.
You can add as many LAN segments as you need by repeating this procedure.
- Click the Add icon (+).
- Click Next.
The wizard advances to the Summary page.
- Review the configuration on the Summary page.
- Click OK when satisfied, or click Back as needed to make any changes
If you need to edit anything, you can click the Edit links within the summary to go directly to that page of the wizard.
If you left auto-activate turned on, the activation procedure begins at this point. The Site Activation page appears. Skip to Step 20.
(Optional) If you turned off auto-activate, your site appears in the list with a status of Configured and you are now ready to activate the site:
- Click the site name link.
This takes you to the site page for this site with the Overview tab highlighted.
- Click the Devices tab.
- Click the Check-box next to the device name.
The Stage1 Config button becomes active.
- Click the Stage1 Config button.
A new window appears containing the stage 1 configuration for this device.
- Click the Copy to Clipboard button.
- Click OK.
The window closes.
- Using a console or SSH connection, install the copied
configuration on the EX switch and commit it.
Assuming that the required network connectivity is in place from the EX switch, the switch connects back to CSO using an outbound SSH connection. When this connection is completed, the device will be activated in CSO; its status changes from Expected to Provisioned.
- Click the site name link.
- The Site Activation window proceeds through Prestage Device to Detect Device to Bootstrap Device and, finally to Provision Device.
Each stage will report success as it completes its operation. The window can be closed at any point. While the activation process is running, the Site Status column in the site list reports Activating and provides a link to View the activation wizard’s progress. The Site Status changes to Provisioned once all the steps are successfully completed.
In the event of an error or delay, you can open a read-only SSH session to the device from CSO. This will allow you to troubleshoot connection or other issues.
Once deployed, you can monitor and manage the switch through the Customer Portal’s Switch Port Operational View.