What's New
This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 6.2.0.
You can view and read the features that are available in the CSO Releases 5.1.2, 5.2.0, 5.3.0, 5.4.0, 6.0.0, and 6.1.0 through the following links:
New and Changed Features in Contrail Service Orchestration Release 6.2.0
SD-WAN
-
Support for configuring routing policies in LAN segments—Starting in CSO Release 6.2.0, you can define routing policies for more control over the route advertisements in a LAN segment. You can use a combination of the LAN Route(s) to Overlay option, Overlay Route(s) to LAN option, and policies to determine the routes that can be advertised between the LAN router and the SD-WAN overlay.
You can configure:
- Export policies for granular control of the routes that a CPE device advertises to the SD-WAN overlay.
- BGP or OSPF import policies for granular control of the routes that a CPE device accepts from the list of routes advertised by the LAN router.
- BGP or OSPF export policies for granular control of the routes that a CPE device advertises to the LAN router.
-
ADSL/VDSL Annex J support (SRX300, SRX320, SRX340, SRX345, and SRX380)—Starting in CSO Release 6.2.0, we support Annex J specification by means of xDSL SFP modules for ADSL2, ADSL2+, and all VDSL2 profiles on SRX300 Series devices deployed as branch-site CPE devices. You can configure this feature by enabling the ADSL/VDSL SFP Annex option for management interfaces or WAN links when creating sites, adding new WAN links, or granting Return Material Authorization (RMA).
- MTU support on
WAN and LAN interfaces—Starting in CSO Release 6.2.0, you can configure the maximum
transmission unit (MTU) size for the media or protocol on the following interfaces:
- WAN interfaces of a branch site, enterprise hub, cloud spoke, or a provider hub. The supported MTU range varies depending on the device type and the interface type (Ethernet, ADSL, VDSL, or LTE).
- LAN interfaces of SRX Series devices, after the site zero-touch provisioning (ZTP) process is complete. The MTU size configured on an SRX Series device must be within the MTU range supported by the switch or router connected to the SRX.
The MTU configuration is applicable only to IPv4 addresses.
-
Support for editing tenant-owned public IP pool—Starting in CSO Release 6.2.0, you can add, edit, or delete the public IPv4 subnets that are part of the tenant’s pool of public IPv4 addresses. If you modify the IP address pool of a tenant, CSO runs a job to automatically update and reprovision the tenant sites. We consider the tenant IP pool addresses to be public IP addresses that represent public LAN subnets in SD-WAN branch sites.
-
Support for vSRX cluster in SD-WAN deployments—Starting in CSO Release 6.2.0, you can configure a vSRX cluster as a spoke in SD-WAN deployments. To configure a vSRX cluster as a spoke, the vSRX instances must run Junos OS Release 20.4R3-S1.
Licensing
-
Support for golden license to onboard SRX Series devices—Starting in CSO Release 6.2.0, tenants can onboard all SRX Series devices in their network using a single license, referred to as the golden license. Using the golden license simplifies the license deployment and management process. Tenants can procure and install only a single license file instead of installing individual device licenses. The golden license is unique to a tenant.
Miscellaneous
-
Usability enhancements—Starting in CSO Release 6.2.0, you can:
- Use site locations and site groups as keywords to search for sites on the Site Management page. You can also save these keywords as quick filters.
- View the WAN link's SLA performance from the WAN tab of a site.
- View a job summary, which provides the number of sites where a job succeeded or failed. The summary section on the Job Status page lists all the sites where the job failed, with hyperlinks to the site-specific logs containing the job details that include the reason for the failure. When you run a job on multiple sites together, you can quickly identify the sites where the job failed and take actions, if required.
-
Support for alternate partition snapshot (SRX300, SRX320, SRX340, SRX345, and SRX380)—Starting in CSO Release 6.2.0, you can copy the device image and configuration from the primary (active) partition to the alternate partition of an SRX300 Series device so that both the partitions have the same Junos OS version and device configuration. To update the alternate partition, you can use one of the following methods:
- Enable the Snapshot Alternate Partition option (which is disabled by default) on the device image deployment screen. CSO automatically triggers a separate job to copy the image and the device configuration from the primary partition to the alternate partition only after the image is successfully deployed on the primary partition.
- Use the Snapshot Alternate Partition action from the device list. We recommend this option as it allows you to verify the behavior of the primary partition before copying the image to the alternate partition.
-
Support for tenant-specific SSO server—Starting in CSO Release 6.2.0, tenants can determine the authentication method for their users. Tenants can either use the authentication method configured by the operating company (OpCo) or change the authentication method for their users from the Authentication page (Administration > Authentication). Additionally, tenants can also configure their own SSO server to authenticate users.
Similar to OpCos, tenants can now select one of the following methods to authenticate their users:
-
Local—CSO maintains the tenant user accounts locally and authenticates users.
-
Authentication by using an SSO server—Tenants use an SSO server (for example, Microsoft Azure Active Directory) to maintain the user identity accounts, while the service provider (CSO) maintains the authorization information. Users are authenticated by using the credentials stored in the SSO server.
-
Authentication and authorization by using an SSO server—Tenants use an SSO server to maintain the user identity accounts and their permitted roles. Users are authenticated by the SSO server and authorized by CSO using Security Assertion Markup Language (SAML) role attributes.
-
-
Support to edit bootstrap and image upgrade time for SRX Series and NFX150 devices—Starting in Release 6.2.0, CSO provides the flexibility to configure the bootstrap and image upgrade time for SRX Series and NFX150 devices. By default, the bootstrap time is 30 minutes and the image upgrade time is 60 minutes. Based on the network operation and performance, global or tenant administrators can choose to either increase or decrease the time.