Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Topology of the Cloud CPE Solution

    Topology of the Solution

    Figure 1 shows the topology of the Cloud CPE solution. One Contrail Service Orchestration installation can support both a centralized deployment and a distributed deployment, although service providers can also choose to implement only one of these deployments.

    Figure 1: Cloud CPE Solution Topology

    Cloud CPE Solution Topology

    Service providers use the central server to set up the deployment through Administration Portal and create network services through Network Service Designer. Similarly, customers activate and manage network services through their own dedicated view of Customer Portal on the central server.

    Centralized Deployment

    Figure 2 illustrates the topology of a centralized deployment. Customers access network services in a regional cloud through a Layer 3 VPN.

    Figure 2: Centralized Deployment Topology

    Centralized Deployment

    The central and regional POPs contain one or more Contrail Cloud Reference Architecture (CCRA) installations. VNFs reside on Contrail compute nodes in the CCRA and service chains are created in Contrail. The OpenStack Keystone is on the Contrail configure and control node in the central POP and Contrail Analytics is available as part of the Contrail OpenStack installation.

    The MX Series router in the CCRA is an SDN gateway and provides a Layer 3 routing service to customer sites through use of virtual routing and forwarding (VRF) instances, known in Junos OS as Layer 3 VPN routing instances. A unique routing table for each VRF instance separates each customer’s traffic from other customers’ traffic. The MX Series router is a PNE.

    Sites can access the Internet directly, through the central POP, or both. Data travels from one site to another passes through the central POP.

    Distributed Deployment

    Figure 3 illustrates the topology of a distributed deployment.

    Figure 3: Distributed Deployment Topology

    Distributed Deployment

    Each site in a distributed deployment hosts an NFX250 on which the vSRX application is installed to provide security and routing services. An MX Series router in each regional POP acts as an IPSec concentrator and provider edge router (PE) router for the NFX250. An IPSec tunnel, with endpoints on the NFX250 and MX Series router, enables Internet access from the NFX250. Data flows from one site to another through a GRE tunnel with endpoints on the PE routers for the sites. The distributed deployment also supports SD-WAN functionality for traffic steering, based on 5-tuple (source IP address, source TCP/UDP port, destination IP address, destination TCP/UDP port and IP protocol) criteria.

    Network administrators can configure the MX Series router, the GRE tunnel, and IPSec tunnel through Administration Portal. Similar to the centralized deployment, the MX Series router in the distributed deployment is a PNE.

    The NFX250 provides the NFVI, which supports the VNFs and service chains. All network services on an NFX250 automatically include the vSRX firewall. Customers can configure policies for this firewall with Customer Portal.

    The OpenStack Keystone resides on the central infrastructure server and Contrail Analytics resides on a dedicated server.

    Modified: 2016-10-11