Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


What's New

This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 6.3.0.

You can view and read the features that are available in the CSO Releases 5.1.2, 5.2.0, 5.3.0, 5.4.0, 6.0.0, 6.1.0, and 6.2.0 through the following links:

New and Changed Features in Contrail Service Orchestration Release 6.3.0


  • LTE support in SRX300 Series dual CPE deployments—Starting in Release 6.3.0, CSO supports configuring LTE as the access type for WAN links in SRX300 Series dual CPE SD-WAN branch site deployments. You can configure the LTE link as an Internet or MPLS link (no NAT). You can configure only one WAN link as an LTE WAN link for a site. CSO also monitors the LTE links and generates alarms when link failures occur.

  • Compute SD-WAN traffic at time intervals or per session—Starting in Release 6.3.0, CSO supports the following methods to compute the SD-WAN traffic volume on the WAN links of a site:

    • Session-based—Computes and reports the session-based traffic volume on your site's WAN links at the close of each session. This is the default method.
    • Time-based—Computes and reports traffic volume at periodic intervals during a session.

    CSO uses this data to provide a graphical representation of the WAN traffic volume on the Site Details page.

  • New Tenant Performance Report—Starting in CSO Release 6.3.0, you can generate a tenant-level report on the WAN links that touched the highest output rate (the peak of outbound bandwidth usage) in the last 24 hours. Based on the bandwidth consumption, the report lists the top WAN links, the associated sites, the peak bandwidth usage, and the subscribed bandwidth.

  • Support for Site Group as a search filter when staging or deploying device images—Starting in CSO Release 6.3.0, SP administrators, OpCo administrators, and tenant administrators can use Site Group as a filter when searching for sites to stage or deploy device images.


  • Support to configure e-mail notifications—Starting in CSO Release 6.3.0, SP, OpCo, and tenant administrators can enable or disable e-mail notifications to users. E-mail notifications include alerts for user login, user addition to a scope (service provider, tenant, and OpCo), and user removal from a scope. By default, e-mail notifications are disabled.

  • Support to import SSO server metadata—Starting in CSO Release 6.3.0, you can either import the SSO server metadata XML file directly into CSO or provide the metadata URL. In CSO Release 6.2.0 and prior releases, you could specify only the metadata URL.

Network Management and Monitoring

  • Support for BGP Alarms on Provider Hubs—Starting in Release 6.3.0, CSO supports a new alarm that provides details about the BGP connection state. CSO detects loss of BGP peering sessions between provider hubs that are connected through an IPVPN mesh. CSO uses the BGP Neighbor State Change syslog notification reported from the provider hub to generate or clear the alarm. You can view the alarm on the Monitor > Alerts & Alarms > Alarms page.

  • Support for syslog streaming—Starting in Release 6.3.0, CSO supports syslog streaming services, which enable users to access the device syslog notifications. CSO supports syslog streaming in real time using WebSocket (SSE) connections. The syslogs are stored in the Cassandra database and can be retrieved through REST API calls. For on-premises deployments, you can opt for streaming services by enabling the streaming option during the install or upgrade procedure.

  • Support for customization of PKI certificate attributes at the tenant level—Starting in Release 6.3.0, CSO supports customization of the public key infrastructure (PKI) certificate attributes at the tenant level. You can configure these attributes as custom properties on the Add Tenant page, on the Edit Tenant page, or on the Tenant Settings page. CSO uses PKI certificates to authenticate the endpoints of an IPsec Virtual Private Network (VPN) tunnel between sites if you have selected PKI Certificate as the Authentication Type for the tenant.