Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

CSO Terminology

Table 1 provides definitions for the terminology used throughout this guide.

Table 1: CSO Terminology

Term

Definition

Branch

A tenant site, connected to other sites in either a full mesh or hub-and-spoke topology. Also known as a spoke site.

CPE

Customer-premises equipment—A device placed at a remote customer spoke site that provides services (such as WAN routing or firewall filtering) for the remote site. The CPE allows the remote site to connect with a hub or other spoke sites. Legacy CPE devices provide single services, newer CPE devices (such as the NFX Series and SRX Series devices) provide multiple services to enable the SD-WAN and NGFW solutions. See also on-premises spoke device.

CSO

Contrail Service Orchestration—A Juniper Networks software product that facilitates the Contrail SD-WAN and NGFW solutions. You access CSO through a graphical user interface (GUI) to harness its built-in automation capabilities, which enable you to provision, manage, and monitor your WAN, campus, and branch networks.

Dynamic Mesh

A resource conserving method for implementing full-mesh topologies. All of the sites in the full mesh are included in the topology; but the site-to-site VPNs are not brought up until traffic crosses a user-defined threshold called the Dynamic VPN threshold.

Enterprise Hub

A single-tenant on-premises spoke device deployed as a hub at an enterprise hub site. The enterprise hub can serve as the hub portion of a hub-and-spoke topology. When deployed like this, the provider hub (if any) serves as a backup hub to the enterprise hub for site-to-site communications.

Enterprise Hub Site

A special type of spoke site with enhanced capabilities that approximate those of a provider hub site.

Hub Site

A site that acts as a hub for traffic from multiple spokes in a hub-and-spoke topology. In the absence of an enterprise hub, all spoke-to-spoke traffic flows through the provider hub. See also Provider Hub and Enterprise Hub.

MANO

Management and Orchestration

Mesh Tag

A text-based label for WAN interfaces on CPE devices. Mesh tags enable SLA-based dynamic VPN creation between customer sites. Only interfaces with matching mesh tags can form a VPN.

Microservices

Lightweight, modular building blocks that implement a specific function and communicate with other functions using well defined interfaces (e.g. RESTFul APIs). Can be scaled independently.

MP-BGP

Multiprotocol BGP—A routing protocol used for large-scale, multi-tenancy deployments

NGFW

Next-generation firewall—An SRX Series Services Gateway placed at a remote customer site that acts as a CPE and provides WAN and advanced security services.

NSC

Network Service Controller—The SD-WAN controller layer of CSO, provides topology and CPE lifecycle management functionality, as well as site-to-site routing and reachability.

On-premises spoke device

See CPE.

OpCo

Operating Company—Typically a service provider who has multiple large tenants. A single instance of CSO can have multiple OpCos, each with multiple tenants.

Note:

An OpCo administrator is the highest level of administrator available for CSOaaS.

PNF

Physical Network Function—Network service provided by a physical device, such as firewall services provided by an SRX Series Services Gateway.

POP

Point of Presence—Typically a physical location where the provider has assets used to deploy one or more of the available solutions. Assets are network devices such as edge routers, provider hubs, and server resources. The POP can also be a data center where the provider can deploy CSO.

Provider Hub

A multitenant hub device located in a POP on the service provider’s network. A provider hub can terminate IPsec tunnels for both overlay and secure OAM networks. Provider hub devices can also terminate MPLSoGRE and MPLSoGREoIPsec tunnels. Only an SP administrator or OpCo administrator can add, modify, or delete provider hub devices.

Note:

For CSOaaS, an OpCo administrator can add only DATA_ONLY hubs.

SD-WAN

Software-defined wide area network—Uses CSO to provision, manage, and monitor on-premises spoke devices, provider hubs, and enterprise hubs located across a WAN environment. Typically includes the use of NFX Series Network Services Platforms and SRX Series Services Gateways.

Secure OAM

Juniper Networks security-focused implementation of operations, administration, and management (OAM) functions within CSO.

Site

Any customer location, such as an on-premises spoke, an enterprise hub, or cloud spoke.

Spoke

A tenant branch site in a hub-and-spoke topology.

Tenant

Typically an enterprise customer with many branches (sites) who subscribes to the offerings provided by the service provider. Sites are provisioned within a tenant. One tenant cannot see the sites or assets of another.

VNF

Virtualized Network Function—Network service provided by software running in a virtual environment, such as the vSRX virtual firewall.

ZTP

Zero touch provisioning, also known as autoinstallation.