Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features in Contrail Service Orchestration Release 5.4.0

 

This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 5.4.0.

You can view and read the features that are available in the CSO Releases 5.1.2, 5.2.0, and 5.3.0 through the following links:

SD-WAN

Note

If you are a managed service provider who wants both the convenience of a CSO SaaS solution and the control of a CSO on-premises installation (possibly due to regulatory or compliance requirements), contact Juniper Networks to learn more about a dedicated CSO SaaS instance. CSO Release 5.4.0 with a dedicated CSO SaaS instance has a provider hub with both Data and OAM capabilities. The provider hub is connected to CSO through AWS Direct Connect.

  • Support for overlapping IP addresses across departments in a tenant—From CSO Release 5.4.0 onward, you can use overlapping IP addresses across departments in a tenant when network segmentation is enabled for the tenant. For more information on overlapping IP addresses across departments, see the Multidepartment CPE Device Support in the Customer Portal User Guide.

  • Support to enable or disable QoS from CSO—In CSO Release 5.4.0, we’ve added an attribute, Class of Service, to the Add Tenant page. If you disable this attribute, the tenant must configure quality of service (QoS) by using configuration templates instead of deriving the configuration from an application traffic type profile.

  • Support for an OpCo Administrator to configure application traffic type profiles—In addition to a global application traffic type profile configured by the service provider, from CSO Release 5.4.0 onward, an OpCo Administrator can create, edit, or delete application traffic type profiles at the OpCo level.

    Henceforth, all the tenants of an OpCo will use the application traffic type profiles added by that OpCo. Only the direct tenants of a service provider will use the application traffic type profiles added by the service provider.

  • Support for configuring IEEE 802.1p in an application traffic type profile—From CSO Release 5.4.0 onward, you can configure IEEE 802.1p value and the drop priority of packets in an application traffic type profile to expedite traffic forwarding in a service provider network. You can assign an Expedited Forwarding (ef), Assured Forwarding (af), the Best Effort (be), or a Class Selector (CS) value for the IEEE 802.1p parameter. For more information on configuring IEEE 802.1p in an application traffic type profile, see, Add Traffic Type Profiles in the Customer Portal User Guide.

  • Support for LTE access type for MPLS links—From CSO Release 5.4.0 onward, for SD-WAN on-premises spoke sites, you can configure LTE as the access type for MPLS links.

    You configure LTE as the access type for MPLS links for the following single-CPE devices:

    • NFX150 and NFX250

    • SRX320, SRX340, and SRX345

    Note

    This is a Beta-quality feature.

  • Support for configuration templates to disable Ethernet autonegotiation—From Release 5.4.0 onward, CSO provides configuration templates to disable Ethernet autonegotiation on the interfaces of SRX Series devices and NFX250 devices (Junos Control Plane (JCP) component only).

Miscellaneous

  • Support for connecting CSO-managed tenant networks to an existing IP (Layer 3) VPN— From CSO Release 5.4.0 onward, Service Provider (SP) or Operating Company (OpCo) Administrator users in the tenant context can use the IP VPN (Layer 3) configuration to connect their existing networks (for example, traditional branch offices or data centers) that are not managed by CSO to a network managed by CSO through a provisioned provider hub site with OAM_AND_DATA or DATA_ONLY capability.

  • Support for customizing portals and reports—From CSO Release 5.4.0 onward, Service Provider (SP) Administrators can customize themes and reports in the Administration and Customer Portals that can be used by tenant and OpCo Administrators.

  • Support for adding serial numbers during site activation—From CSO Release 5.4.0 onward, tenant administrators can add on-premises spoke sites and enterprise hub sites, and Service Provider or OpCo Administrators can add provider hub sites without entering the serial number of the device associated with sites. The administrators must enter the serial numbers later while manually activating the sites.

  • Changes related to the anti-replay service—From CSO Release 5.4.0 onward, the anti-replay service is disabled for CSO-provisioned IPSec tunnels.

  • Changes related to the routing model—From CSO Release 5.4.0 onward, for SD-WAN the following are the changes in the routing model:

    • A unique routing instance (type virtual-router) is created for each WAN interface, named as WAN_X

    • A unique security untrust zone is created for each WAN interface, named as untrust-WAN_X. (X represents the WAN link number. Range: 0 through 3).

    These changes are applicable for all WAN links on an on-premises spoke site and for MPLS WAN links on an enterprise hub site and will be applied automatically after Site upgrade.

    If you have deployed a zone-based firewall policy or a NAT policy with zone as untrust, after you upgrade the site you must modify the policy with the new WAN interface zones and redeploy the policy.

Deprecated Feature

  • SD-LAN—From CSO Release 5.4.0 onward, CSO does not support SD-LAN deployments. If you have added an EX Series switch in releases earlier than CSO Release 5.4.0, the management status of the switch is changed to Unmanaged.