CSDS Solution Architecture
Read this topic to understand the components of CSDS Architecture.
The CSDS Architecture primarily consists of the following components:
- Forwarding Layer—The forwarding layer includes MX Series routers that receive and return traffic of the underlying network and distribute upwards to the different services layer devices. The MX Series routers in this layer serves as the single pane of glass responsible for synchronizing and distributing the configuration to the service layer devices. You can deploy the MX Series routers in 1:1 redundancy.
- Services Layer—The services layer provides security features using the SRX Series Firewalls. The layer supports different SRX Series Firewalls in the solution but a group of same firewall models together offer a security service offering such as carrier-grade NAT (CGNAT), IPsec VPN. Note that multiple groups, each hosting different security services can also co-exist. The guide covers configuration examples with one group of SRX Series Firewalls.
- Distribution Layer (Optional)—The distribution layer is placed between the forwarding and the services layer. The devices in this layer primarily provide additional port count, if needed, when enough ports are not available on the devices in the forwarding and the services layers. The devices can also offer different ports speeds and types that are not built in into the forwarding or services layer devices. These devices serve as a switch fabric that interconnects all the different devices. You can use QFX Series in this layer for large-scale deployments.
- Management Layer—The management layer provides a management platform for the entire CSDS solution and connects to the forwarding layer as a single pane of glass. The management layer includes the capability to monitor the utilization of the services layer devices. In this layer, you can optionally use EX Series switches for the management of devices.
Figure 1 depicts the high-level architecture of the CSDS solution.