Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Introduction

 

The Juniper Networks Contrail Service Orchestration (CSO) transforms traditional branch networks, offering opportunities for high flexibility of the network, rapid introduction of new services, automation of network administration, and cost savings. The solution supports both Juniper Networks and third-party virtualized network functions (VNFs) that network providers use to create the network services.

Contrail Service Orchestration (CSO) Release 3.2.2 is a secure software-defined WAN (SD-WAN) solution that builds on the capabilities of CSO Release 3.2. The following are the highlights of the features available in Release 3.2:

  • SD-WAN

    • Centralized application, service-level agreement (SLA), and performance management

    • Intent-based advanced policy-based routing (APBR)

    • Traffic visualization and monitoring at a per-application level across branch sites

  • Security management

    • Intent-based firewall policies

    • Network Address Translation (NAT) policy management

    • UTM policy management

    • Threats map

    • Application visibility and signature management

    • Security reports

The solution can be implemented by service providers to offer network services to their customers or by Enterprise IT departments in a campus and branch environment. In these release notes, service providers and Enterprise IT departments are called service providers, and the consumers of their services are called customers.

The solution offers the following deployment models:

  • Cloud CPE Centralized Deployment Model (centralized deployment)

    In the centralized deployment, customers access network services in a service provider’s cloud. Sites that access network services in this way are called cloud sites in these release notes.

  • Cloud CPE Distributed Deployment Model (distributed deployment)

    In the distributed deployment, customers access network services on a CPE device, located at a customer’s site. These sites are called on-premise sites in these release notes.

  • A combined centralized and distributed deployment

    In this combined deployment, the network contains both cloud sites and on-premise sites. One customer can have both types of sites; however, you cannot use the same network service package for cloud sites and on-premise sites. If you require the same network service for cloud sites and on-premise sites, you must create two identical network service packages with different names.

CSO uses the following components for the NFV environment:

  • When end users access network services in the cloud:

    • Network Service Orchestrator provides ETSI-compliant management of the life cycle of network service instances.

      This application includes RESTful APIs that you can use to create and manage network service catalogs.

    • Contrail Cloud Platform provides the underlying software-defined networking (SDN), NFV infrastructure (NFVI), and the virtualized infrastructure manager (VIM).

  • When end users access network services on a local CPE device:

    • Network Service Orchestrator, together with Network Service Controller, provides ETSI-compliant management of the life cycle of network service instances.

    • Network Service Controller provides the VIM.

    • The CPE device provides the NFVI.

The following Contrail Service Orchestration (CSO) components connect to Network Service Orchestrator through its RESTful API:

Note

From CSO Release 3.1.1 onward, the Administration and Customer Portals are unified into a single portal with role-based access control (RBAC) enforcement.

  • Administration Portal, which you use to set up and manage your virtual network and customers through a graphical user interface (GUI).

  • Customer Portal, which is an application that you can provide to customers to enable them to manage sites and services for their organizations through a GUI.

  • The Designer Tools, which enable design, creation, management, and configuration of network services through a GUI. Network services are stored in the network service catalog.

  • Service and Infrastructure Monitor, which works with Icinga, an open source enterprise monitoring system to provide real-time data about the CSO, such as the status of virtualized network functions (VNFs), virtual machines (VMs), and physical servers; information about physical servers’ resources; components of a network service (VNFs and VMs hosting a VNF); counters and other information for VNFs.

    You can deploy the CSO in a demonstration (demo) or production environment. Table 1 shows the number of sites and VNFs supported for each environment.

    Table 1: Number of Sites and VNFs Supported

    Contrail Service Orchestration Environment Type

    Number of VNFs Supported for a Centralized Deployment

    Number of Sites and VNFs Supported for a Distributed Solution

    Number of Sites Supported for an SD-WAN Deployment

    Demo environment without HA

    10 VNFs

    25 sites, 2 VNFs per site

    25

    Demo environment with HA

    100 VNFs, 20 VNFs per Contrail compute node

    200 sites, 2 VNFs per site

    200, up to 50 full mesh sites

    Production environment without HA

    500 VNFs, 20 VNFs per Contrail compute node

    200 sites, 2 VNFs per site

    200, up to 50 full mesh sites

    Production environment with HA

    500 VNFs, 20 VNFs per Contrail compute node

    2200 sites, 2 VNFs per site

    3000