CSO SD-WAN Topologies
This topic explains two Contrail Service Orchestration (CSO) SD-WAN topologies to give you a basic understanding. You can then construct other topologies based on your network requirements.
Figure 1 shows a simplified CSO SD-WAN topology. The SD-WAN branch site (on-premises spoke) is shown with two WAN links configured: one Internet link and one MPLS link. The WAN links are connected to a single SD-WAN hub site. In CSO, you can configure two types of hubs: enterprise hubs and provider hubs.
Provider hubs can be configured to carry only Operation, Administration, and Maintenance (OAM) traffic, data traffic, or both data and OAM traffic. On the other hand, enterprise hubs can carry only data traffic. Furthermore, provider hubs can be shared by multiple tenants, but enterprise hubs are dedicated to a single tenant.
As shown in Figure 1, control (OAM) traffic between the sites and CSO is carried over a secure tunnel through an OAM hub. In the CSO SaaS version, the OAM functionality is provided by Juniper Networks, so the OAM hub is transparent to the CSO SaaS user. However, in the CSO on-premises version, the service provider is responsible for providing the OAM functionality.
An example of a CSO on-premises deployment is managed services provider (MSP) who deploys a minimum of two provider hubs (that are configured to carry both OAM and data traffic), which takes care of the OAM functionality. An example of a CSO SaaS deployment is an enterprise (tenant) who wants to use only enterprise hubs. In this case, the OAM functionality is provided by the provider hubs configured and maintained by Juniper Networks.
The CSO release 5.4.0 and later versions support management of OAM hub on provider hub from CSO running either on AWS via Direct Connect or in private data center with data center connectivity. In the deployment model involving AWS, CSO is connected to the provider hubs through AWS direct connect (see Figure 2). In the deployment model involving private data center, CSO is connected to the provider hubs within the data center (see Figure 3). The provider hubs also support MPLS and Internet WAN links for branch site connectivity.
Figure 4 shows a multihoming scenario (also called hub redundancy), where the branch site connects to two hub sites: a primary and a secondary. In this case, each WAN link has two overlay tunnels to each hub site, thereby providing redundancy.
If the primary hub site goes down, then traffic is redirected to the secondary hub site until the primary hub site comes back up. In addition, two OAM hubs are configured to provide redundancy for OAM traffic. In this case, CSO establishes secure tunnels between the:
Branch site and the two OAM hubs.
Two hub sites and the two OAM hubs.
CSO and the two OAM hubs.
Therefore, if one OAM hub goes down, OAM traffic can flow through the second OAM hub, thereby providing redundancy.