Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

No index entries found.

Topology of the Solution

Figure 1 shows the topology of the Cloud CPE solution. One Contrail Service Orchestration installation can support both a centralized deployment and a distributed deployment, although service providers can also choose to implement only one of these deployments.

Figure 1: Cloud CPE Solution Topology

Cloud CPE Solution Topology

Service providers must consider several issues when choosing whether to employ one or both types of deployment. The centralized deployment offers a fast migration route, because you can replace a traditional CPE at a customer’s site with a simple Layer 3 network interface device (NID) to enable access to the network provider’s cloud. This deployment is the recommended model for sites that can accommodate network services—particularly security services—in the cloud. In contrast, the distributed deployment supports private hosting of network services on an NFX250 at a customer’s site, and offers software defined wide area networking (SD-WAN) capabilities.

Implementing a combination network in which some sites use the centralized deployment and some sites use the distributed deployment provides appropriate access for different sites. In this case, one Contrail Service Orchestration installation supports both the centralized and distributed deployment and each deployment operates independently.

Service providers use the central server to set up the deployment through Administration Portal and create network services through Network Service Designer. Similarly, customers activate and manage network services through their own dedicated view of Customer Portal on the central server.

The Cloud CPE solution extends the NFV model through the support of physical network elements (PNEs). A PNE is a networking device in the deployment that you can configure through Contrail Service Orchestration, but not use in a service chain. Configuration of the PNE through Contrail Service Orchestration as opposed to other software, such as Contrail or Junos OS, simplifies provisioning of the physical device through automation. Combining provisioning and configuration for PNEs and VNFs provides end-to-end automation in network configuration workflows.

Centralized Deployment

Figure 2 illustrates the topology of a centralized deployment. Customers access network services in a regional cloud through a Layer 3 VPN.

Figure 2: Centralized Deployment Topology

Centralized Deployment

The central and regional POPs contain one or more Contrail Cloud Reference Architecture (CCRA) installations. VNFs reside on Contrail compute nodes in the CCRA and service chains are created in Contrail. The OpenStack Keystone is on the Contrail configure and control node in the central POP and Contrail Analytics is available as part of the Contrail OpenStack installation.

The MX Series router in the CCRA is an SDN gateway and provides a Layer 3 routing service to customer sites through use of virtual routing and forwarding (VRF) instances, known in Junos OS as Layer 3 VPN routing instances. A unique routing table for each VRF instance separates each customer’s traffic from other customers’ traffic. The MX Series router is a PNE.

Sites can access the Internet directly, through the central POP, or both. Data travels from one site to another passes through the central POP.

Distributed Deployment

Figure 3 illustrates the topology of a distributed deployment.

Figure 3: Distributed Deployment Topology

Distributed Deployment

Each site in a distributed deployment hosts an NFX250 on which the vSRX application is installed to provide security and routing services. An MX Series router in each regional POP acts as an IPSec concentrator and provider edge router (PE) router for the NFX250. An IPSec tunnel, with endpoints on the NFX250 and MX Series router, enables Internet access from the NFX250. Data flows from one site to another through a GRE tunnel with endpoints on the PE routers for the sites. The distributed deployment also supports SD-WAN functionality for traffic steering, based on 5-tuple (source IP address, source TCP/UDP port, destination IP address, destination TCP/UDP port and IP protocol) criteria.

Network administrators can configure the MX Series router, the GRE tunnel, and IPSec tunnel through Administration Portal. Similar to the centralized deployment, the MX Series router in the distributed deployment is a PNE.

The NFX250 provides the NFVI, which supports the VNFs and service chains. All network services on an NFX250 automatically include the vSRX firewall. Customers can configure policies for this firewall with Customer Portal.

The OpenStack Keystone resides on the central infrastructure server and Contrail Analytics resides on a dedicated server.

Modified: 2016-10-12