Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding SDN Provisioning and Cloud CPE Selfcare Application for MX Series Routers

    cCPE Selfcare Application enables you to configure Contrail-based virtual CPE services, which are hosted in your cloud computing environment, by defining SDN properties in the Selfcare Portal. Customer network administrators can then enable these virtual CPE services through the cCPE Selfcare Portal on a self-serve basis. Contrail, which works within open cloud orchestration systems such as OpenStack and CloudStack, provides orchestration and management of networking functions, such as a virtual firewall, in virtual machines (VM) instead of physical hardware appliances. You can integrate this Contrail-based virtual network services solution into your existing router-based cCPE Application environment.

    Note: Integrating Contrail-based virtual CPE services relies on the preconfigured routing instances and interfaces on your MX Series routers, which the cCPE Selfcare Portal identifies and can modify.

    You configure Contrail-based virtual CPE services in the Selfcare Portal, which then passes the authentication credentials and virtual service definition properties to Contrail and OpenStack to create the virtual service. cCPE Selfcare Application communicates with Contrail over the Contrail northbound RESTful APIs. The Selfcare Portal acts as a software-defined networking (SDN) orchestrator that enables your MX Series routers to route selected traffic to virtual services managed by Juniper Networks Contrail Controller. You define Contrail-based virtual services as parameterized service templates and virtual machine (VM) images in Contrail that are instantiated by the Contrail Controller and OpenStack. Your cCPE customers can then enable these virtual services on a self-serve basis in the cCPE Selfcare Portal. Figure 1 shows the basic topology of Contrail-based virtual CPE services.

    Figure 1: Branch Topology of Contrail-Based Virtual CPE Services

    Branch Topology of Contrail-Based
Virtual CPE Services

    Contrail, by combining a controller and virtual routers on virtualized servers, enables the chaining of virtual services provided by applications running on virtual machines (VM). In Figure 1, Juniper Networks Firefly provides a virtual firewall machine and Contrail provides the virtual router. From a cCPE perspective, Contrail, together with OpenStack, helps automate the addition of new features and virtual services for customers who have IP or VPN connectivity based on MX Series edge routers. The VMs that Contrail manages are connected to the MX Series routers by adding them to the customer VPNs. Contrail runs the BGP protocol, which announces the routes with SDN targets so that all routers in the VPN can provide connectivity between the VPN sites and the VMs dynamically created by Contrail (using OpenStack).

    You can also use the SDN capabilities in cCPE Selfcare Application, along with Contrail, to experiment with leveraging virtual services to augment your existing business connectivity services. Dynamically provisioned services, under your control or the control of the cCPE customer, replace traditional router-based services running on your edge routers.

    Services can have very different meanings; in particular, many service providers may refer to services as something that their customers can purchase. For this discussion, we define services in the traditional sense: a function that resides in the service plane. For example:

    • Router-based services — Services provided by your MX Series router like DHCP server or static firewall.
    • Cloud based services — Services provided by VMs in your cloud-based environment like an external DHCP server or Juniper Networks Firefly firewall services.

    SDN Integration Model

    Figure 2 shows the SDN integration model for cCPE Selfcare Application.

    Figure 2: SDN Integration Model

    SDN Integration Model

    Service providers can use the Selfcare Portal to define Contrail-based virtual CPE services. In this release of cCPE Selfcare Application, all Contrail-based virtual CPE services you configure are visible and may be enabled by all cCPE customers in the Selfcare Portal. cCPE customers are not allowed to configure their own virtual services; they are allowed only to enable them. To enable a virtual service, cCPE customers simply select the service in the Selfcare Portal. When a virtual service is enabled, cCPE Selfcare Application passes the authentication credentials and virtual service SDN property definitions to Contrail and OpenStack where the virtual service is instantiated.

    Note: cCPE Selfcare Application does not replicate the VM management services of OpenStack nor does it replicate any Contrail functionality. The SDN capabilities in cCPE Selfcare Application safely permit cCPE customers to enable virtual services that only affect their own environments. When a cCPE customer enables a virtual CPE service, cCPE Selfcare Application and Contrail exchange SDN virtual service definition properties. Any SDN property values that are defined in braces { } in cCPE Selfcare Application are replaced with the property values defined in Contrail. Contrail then communicates with OpenStack, which instantiates the virtual service. cCPE Selfcare Application does not directly manipulate the VM instances through OpenStack; everything is mediated by a combination of the Contrail system and the configuration of your MX Series routers (BGP policies, VRF route identifiers, and so on).

    Modified: 2015-11-09