New and Changed Features in Contrail Service Orchestration Release 6.0.0
This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 6.0.0.
You can view and read the features that are available in the CSO Releases 5.1.2, 5.2.0, 5.3.0, and 5.4.0 through the following links:
Zero Touch Provisioning
Simplified Zero Touch Provisioning (ZTP) process—Starting from CSO Release 6.0.0, the ZTP process is simplified to provide more flexibility and enable faster deployment of devices in a network. The device management and service provisioning processes are separated, thus reducing the time required for CSO to onboard and manage a device. For branch and enterprise hub sites, you can choose to either onboard a device with a service (SD-WAN or next-generation firewall) configured on it or configure the service later.
Support for SD-WAN Essentials service—Starting in Release 6.0.0, CSO supports SD-WAN Essentials service. You can choose from the following SD-WAN service levels for a tenant:
Essentials—Provides the basic SD-WAN service (called Secure SD-WAN Essentials). This service level is ideal for small enterprises looking for managing simple WAN connectivity with comprehensive NGFW security services at the branch sites, using link-based application steering. The SD-WAN Essentials service allows Internet traffic to breakout locally, and thus avoids the need to backhaul web traffic over costly VPN or MPLS links. You can upgrade the SD-WAN service level of a tenant from Essentials to Advanced seamlessly (without downtime) by editing the tenant parameters, provided that you have purchased the corresponding license.
Advanced—Provides the complete SD-WAN service (called Secure SD-WAN Advanced). This service level is ideal for enterprises with one or more data centers, requiring flexible topologies and dynamic application steering. You can establish site-to-Site connectivity by using a hub in a hub-and-spoke topology or through static or dynamic full mesh VPN tunnels. Enterprise wide intent based SD-WAN policies and service-level agreement (SLA) measurements allow to differentiate and dynamically route traffic for different applications.
Tenants with SD-WAN service on CSO Release 5.4.0 or earlier versions are treated as Secure SD-WAN Advanced tenants.
PPPoE or PPP support per WAN link—Starting in CSO Release 6.0.0, you can enable PPPoE (Point-to-Point Protocol over Ethernet) or PPP (Point-to-Point Protocol) per WAN link on a branch site device, and specify the PPPoE or PPP authentication parameters per WAN link. You can enable PPPoE or PPP on MPLS-based or Internet-based WAN links. You can also enable PPPoE or PPP per WAN link on the devices in existing sites after the CSO upgrade, by editing the site information.
The access type LTE can be used for only one WAN link on the device.
MPLS-based links support only Ethernet or LTE as access types.
Support for creation of static tunnels between branch site and Enterprise hub based on user inputs—Starting in CSO Release 6.0.0, you can create static tunnels between a branch site and enterprise hub sites (primary and secondary enterprise hubs). By default, CSO uses mesh tags to setup tunnels between branch sites and enterprise hubs. You need to disable the mesh tag-based tunnel creation to manually connect the branch site to an enterprise hub. This feature gives you control on how you want to define the tunnels. You can select a tunnel type to be used, the enterprise hub device to be connected, and the WAN links on the enterprise hubs with which connection needs to be established.
Support to configure aggregated Ethernet on enterprise hub WAN links — In CSO Release 6.0.0, you can preconfigure an enterprise hub (SRX Series devices) with aggregated Ethernet links and Link Aggregation Control Protocol configurations before Zero Touch Provisioning is initiated to onboard the device in CSO.
Support for automatic cluster formation for SRX Series dual CPE devices—Starting from CSO Release 6.0.0, you can enable automatic cluster formation for SRX Series dual CPE devices when you add a branch site or enterprise hub site.
Support for IPv6 connectivity on WAN links—Starting from Release 6.0.0, CSO supports IPv6 for underlay connectivity on WAN links of SRX Series (CPE and provider hub) devices and NFX150 devices.
Support for MAP-E functionality on NFX150 devices—Starting from CSO Release 6.0.0, for branch sites with NFX150 as the CPE, you can enable the Mapping of Address and Port with Encapsulation (MAP-E) functionality to transport IPv4 packets across an IPv6 network by using IPv4-in-IPv6 encapsulation.
This feature is compliant only with the Japan Network Enabler (JPNE) standards.
Support for editing hub configuration of a WAN link—Starting from CSO Release 6.0.0, you can edit the hub configuration associated with a branch site or an enterprise hub site. You can add, delete, or swap roles of primary and secondary provider hubs and enterprise hubs respectively.
Support for editing LAN segments—Starting from CSO Release 6.0.0, you can edit the LAN segments deployed on a branch site or an enterprise hub site. You can also edit the associated department and add a LAG interface.
Support to view throughput for WAN links—Starting from Release 6.0.0, you can view the throughput (in bps) for all WAN links associated to a branch site, an enterprise hub, or a provider hub.
Support to automatically revert AppQoE traffic to the preferred link type—Starting from CSO Release 6.0.0, you can:
Select either Internet or MPLS or Any as the preferred link type for an SLA profile. By default, the preferred link type is Any.
Configure the link affinity for the preferred link.
Specify the link priority for WAN links in branch, enterprise hub, or cloud spoke sites.
The following is the behavior for link affinity:
Strict link affinity is selected for a preferred link type—In the event of an SLA violation on the preferred link type, AppQoE ensures that the path selected is always of the preferred link type. If multiple links of the preferred link type are available, then the traffic selects the link that has the highest priority and meets the SLA.
Strict link affinity is not selected for a preferred link type—In the event of an SLA violation on the preferred link type, the traffic switches over to a link that meets the SLA. If multiple links meeting the SLA are available, then the traffic switches over to the link with the highest priority. If the traffic switches over to a non-preferred link type, then the traffic automatically reverts to the preferred link type when the preferred link type recovers and conforms to the SLA.
Integration of CentOS-based Contrail Analytics Nodes—Starting from CSO Release 6.0.0, Contrail Analytics Nodes (CAN) run on CentOS version 7.7.1908. Upgrading CAN data from CSO Release 5.1.2 to CSO 6.0.0 is not supported because of the database schema changes. As a workaround, after the upgrade procedure is completed, maintain the CSO Release 5.1.2 CAN VMs for 30 days. For details, see Upgrade Contrail Service Orchestration from Release 5.1.2 to Release 6.0.0.
Discover an EX Series switch or an AP configured behind an SRX Series CPE—Starting from Release 6.0.0, CSO supports discovering an EX Series switch or an access point (AP) connected to an SRX Series Customer Premise Equipment (CPE) device. To discover the switch, CSO allows you to enable LLDP on the CPE interface and create a management connectivity between the CPE and the switch or AP through a zone-based LAN segment. You can use a physical port, a LAG interface, or a redundant Ethernet (reth) interface (for dual-CPE sites) to connect a CPE to a switch. This feature includes support to:
Create a LAG interface, reth interface (for dual-CPE sites), and redundancy groups.
Create a zone-based LAN segment and include the CPE interface (physical port, LAG interface, or reth interface) in it.
View information about SRX Series CPE, EX Series switch, or AP on Juniper Mist—Starting from CSO Release 6.0.0, you access Juniper Mist from CSO Device page (Resources > Devices) to view information about the following devices (if they are available in the Juniper Mist portal):
SRX Series CPE devices.
The EX Series switches that are connected to SRX Series CPE devices and are discovered by CSO.
The access points that are connected to SRX Series CPE devices and are discovered by CSO.
Change related to site type—Starting from CSO Release 6.0.0, on-premise spoke sites are called branch sites.
Enhancements to the Device Details page—Starting from CSO Release 6.0.0, you can use the following enhancements on the Device Details page:
Inventory tab to view the chassis information, physical and logical interfaces from the CSO GUI. You can also view and manage the licenses and software images from this tab.
Running Configuration tab under the Configuration tab to view the current configuration on the device. This tab also provides the option to access the device console remotely.
Support for editing site name—Starting from CSO Release 6.0.0, site name and device host name can be edited for branch sites, enterprise hubs, and DATA_ONLY provider hubs.
Support for NAT Configuration Template for Provider Hub Breakout—Starting from CSO Release 6.0.0, CSO provides a NAT template to configure NAT on provider hubs for central breakout of data traffic. The NAT can be applied to existing WAN interfaces in provider hubs with DATA_ONLY and DATA_and_OAM capabilities. The preconfigured breakout/NAT template is available for CSOaaS and on-premises deployments.
Support for configuring and mapping two WAN interfaces to a single physical port on an NFX150 device—Starting from CSO Release 6.0.0, you can configure and map up to two WAN (ge-1/0/x) interfaces to a single physical port (heth-0-x) on an NFX150 device. In releases before CSO Release 6.0.0, you can configure and map only one WAN interface to a single physical port on an NFX150 device.
Support to generate device RSI—Starting from Release 6.0.0, CSO enables you to generate the request support information (RSI) log file for provider hub, enterprise hub, and spoke devices.
Remote CLI access using Junos login credentials—Starting from CSO Release 6.0.0, you can remotely access the CPE device CLI in read-write (configuration) mode using your Junos login credentials. Alternatively, you can access the CLI in read-only (operational) mode.