Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Juniper Networks Cloud CPE Solution Release 3.0.

  • When you use Customer Portal to activate a network service on a network link, you must configure the following settings for each VNF in the network service:
    • Hostname
    • NTP server
    • DNS name server
  • We recommend that you use the current version of the Google Chrome Web browser to access Contrail Service Orchestration GUIs.
  • When a tenant object is created through Administration Portal or the API, Contrail OpenStack adds a default security group for the new tenant. This default security group denies inbound traffic and you must manually update the security group in Contrail OpenStack to allow ingress traffic from different networks. Otherwise, the Junos Space Virtual Appliance might fail to discover a VNF or Contrail OpenStack might drop traffic.


  • Contrail Service Orchestration does not offer a single RPC to get the device identifier for a specific site. You can use multiple API calls or the license installation tool to obtain the device identifier for a specific site.


  • You can use Administration Portal to upload licenses to Contrail Service Orchestration; however, you cannot use Administration Portal to install licenses on physical or virtual devices that Contrail Service Orchestration manages. You must use the APIs or the license installation tool to install licenses on devices.


  • Contrail Service Orchestration uses RSA key based authentication when establishing an SSH connection to a managed CPE device. The authentication process requires that the device has a configured root password, and you can use Administration Portal to specify the root password in the device template.

    To specify a root password for the device:

    1. Log in to Administration Portal.
    2. Select Resources > Device Templates.
    3. Select the device template and click Edit.
    4. Specify the encrypted value for the root password in the ENC_ROOT_PASSWORD field.
    5. Click Save.


  • You can use the logs on an NFX250 device to review the status of the device’s activation through Customer Portal.


  • When you have more than five sites configured in Customer Portal, you cannot access the configuration links for all the sites in the topology on the Monitor page.

    Workaround: Select the site in the left navigation pane to configure it.


  • You might see quotaclient error compute messages in the nso-pyramid-api.log Network Service orchestration log.

    Workaround: Ignore the messages.


Modified: 2017-04-27