Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add a Provider Hub Device

 

Users with the SP (Service Provider) Administrator role or an OpCo (Operating Company) Administrator role can add provider hub devices with different capabilities as indicated in Table 1.

Table 1: Provider Hub Capabilities and Roles

Capability

Description

Role

OAM_ONLY

Transmits only OAM traffic.

IPsec OAM tunnels are configured between a spoke and a provider hub.

SP Administrator

DATA_ONLY

Transmits only data traffic.

IPsec data tunnels are configured between a spoke site and a provider hub with data capability. IPsec OAM tunnels are not configured between a spoke site and a provider hub.

SP Administrator

OpCo Administrator

OAM AND DATA

Transmits both data and OAM traffic.

Both IPsec OAM and data tunnels are configured between a spoke site and a provider hub.

SP Administrator

OpCo Administrator

You can add an SRX Series services gateway or a vSRX instance as a provider hub with DATA_ONLY capability in a hub-and-spoke topology or full mesh topology.

Note

An SP Administrator or an OpCo Administrator must create the point of presence (POP) because specifying a POP is mandatory for adding a provider hub. For more information, see Creating a Single POP.

The device template that is currently supported for provider hub devices is SRX as SD-WAN Hub.

In SD-WAN deployments, SP administrators and OpCo administrators can skip entering serial number of provider hubs while adding sites in Provider Hub Devices page. Once the provider hub site is added, you can use the Activate Device workflow in the Provider Hub Devices page to enter the serial number of the device and activate the provider hub.

To add a provider hub device:

  1. Select Resources > Provider Hub Devices.

    The Provider Hub Devices page appears.

  2. Click the add icon (+).

    The Add Provider Hub Device page appears.

  3. Complete the configuration according to the guidelines provided in Table 2.Note

    Fields marked with an asterisk (*) are mandatory.

  4. (Optional) Review the configuration in the Summary tab and modify the settings, if required.
  5. Click OK.

    You are returned to the Provider Hub Devices page.

  6. If you have disabled auto-activate while adding the provider hub device, the device must be manually activated.

    To initiate the manual activation process:

    1. Select the provider hub on the Provider Hub Devices page.
    2. Click Activate Device button to activate the device.

    After the device is successfully activated, you can start using the provider hub in your network.

  7. If you did not enter serial number while adding the provider hub, you must manually enter the serial number after adding the provider hub to activate the device.

    To manually activate the device:

    1. Click Activate Device button in the Provider Hub Device page.

      The Activate Site page appears.

    2. Enter the serial number of the device associated with the device and click OK.

    The Site Activation Progress page appears displaying the progress of steps executed for activating the provider hub site. On successful activation of the site, the Site Status changes from Created to Provisioned.

Table 2: Fields on the Add Provider Hub Page

Field

Description

Name

Enter the name of the provider hub device.

You can use alphanumeric characters, including special character(-). The maximum length is 32 characters.

Example: provider-hub-1

Management Region

Displays the regional server with which the device communicates. The management region name is populated based on the information from the device template.

Example: regional

POP

Select the POP where the hub device needs to be added.

Example: pop_blue

Site Capability

Select the site capability of the provider hub device:

  • OAM_ONLY (Available only for SP Administrator users)

  • DATA_ONLY

  • OAM_AND_DATA

CSO establishes a secure OAM tunnel between the provider hub with DATA_ONLY capability and a provider hub with OAM_ONLY or OAM_AND_DATA capability).

Authentication Type

Select the IPsec tunnel authentication method—Preshared Key (PSK) or Public Key Infrastructure (PKI).

Advanced Configuration

Name Server IP List

Specify one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type the address, press Enter, and then type the next address, and so on.

DNS servers are used to resolve hostnames into IP addresses.

NTP Server

Specify the fully qualified domain names (FQDNs) or IP addresses of one or more NTP servers.

Example: ntp.example.net

The site must have DNS reachability to resolve the FQDN during site configuration.

Select Timezone

Select the time zone of the site.

Click Next to continue.

Device Template

Device Series

Select the device series to which the provider hub belongs—SRX.

Based on the device series that you select, the supported device templates (containing information for configuring devices) are listed.

Select a device template.

Device Information

Serial Number

Enter the serial number of the provider hub device. Serial numbers are case-sensitive.

If you do not enter the serial number, the provider hub is added but not activated. See 7 to enter serial number and activate the provider hub later.

Auto Activate

Click the toggle button to enable or disable automatic activation of the provider hub device.

When you enable this field, zero-touch provisioning (ZTP) of the provider hub device is automatically triggered after the site is added to CSO.

The device template that you select determines whether this option is enabled or disabled by default.

Activation Code

If automatic activation is disabled, enter the activation code to be used to manually activate the device.

Boot image

Select the boot image from the drop-down list if you want to upgrade the image for the provider hub device.

The boot image is the latest build image uploaded to the image management system. The boot image is used to upgrade the device when CSO starts the ZTP process.

If the boot image is not provided, then the device skips the procedure to upgrade the device image. The boot image (NFX or SRX) is populated based on the device template that you have selected while creating a site.

Management Connectivity

The fields in this section are displayed based on the capability that you select for the provider hub device.

Loopback IP Prefix

By default, CSO assigns the IPv4 address prefix for the loopback interface on the device. If you prefer to use a specific loopback address, you can enter an IPv4 address prefix for the loopback interface on the provider hub device. The IP address prefix must be a /32 IP address prefix and must be unique across the entire management network.

OAM Interface

Select an interface on the provider hub device to connect to the CSO. The interface is used only for OAM connectivity. The interface names are listed based on the configuration in the selected device template.

OAM VLAN

Enter an OAM VLAN ID from range 0 to 4094 for in-band management of the hub device. If you specify an OAM VLAN ID, then in-band OAM traffic reaches the site through the selected OAM interface.

OAM IP Prefix

Enter an IPv4 address prefix for the OAM interface in the provider hub device. The prefix must be unique across the entire management network.

Specify the OAM IP Prefix as /32.

OAM Gateway

Enter the IP address of the next-hop through which the connectivity between the provider hub and CSO is established.

EBGP Peer AS

Enter the autonomous system (AS) number of the external BGP (EBGP) peer.

WAN Links

WAN_0 WAN-Interface-Name

This field is enabled by default.

Enter parameters related to WAN_0.

Fields marked with an asterisk (*) must be configured to proceed.

Local Interface

Displays the interface name configured in the device template. You cannot modify this field.

Link Type

Select the underlay network type (MPLS or Internet) of the WAN link.

Address Assignment

Displays the address assignment used for the WAN link (STATIC). You cannot modify this field.

Static IP Prefix

Enter the IP address prefix of the WAN link.

Gateway IP Address

Enter the gateway IP address of the default route.

Public IP Address

For Internet links, enter the public IPv4 address for the link.

This IP address should be provided only if the static IP prefix is private and 1:1 NAT is configured.

VLAN ID

Enter the VLAN ID that is associated with the data link.

WAN_1 WAN-Interface-Name

Click the toggle button to enable or disable the WAN link.

When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 WAN-Interface-Name for an explanation of the fields.

WAN_2 WAN-Interface-Name

Click the toggle button to enable or disable the WAN link.

When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 WAN-Interface-Name for an explanation of the fields

WAN_3 WAN-Interface-Name

Click the toggle button to enable or disable the WAN link.

When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 WAN-Interface-Name for an explanation of the fields

Click Next to continue.

WHAT'S NEXT