Cloud CPE Centralized Deployment Model

Transcription

1 Cloud CPE Centralized Deployment Model Deployment Guide Release 1.0 Modified:

2 Juniper Networks, Inc Innovation Way Sunnyvale, California USA All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Cloud CPE Centralized Deployment Model Deployment Guide 1.0 All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year However, the NTP application is known to have some difficulty in the year END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at By downloading, installing or using such software, you agree to the terms and conditions of that EULA. ii

3 Table of Contents About the Documentation ix Documentation and Release Notes ix Documentation Conventions ix Documentation Feedback xi Requesting Technical Support xii Self-Help Online Tools and Resources xii Opening a Case with JTAC xii Chapter 1 Overview of Cloud CPE Centralized Deployment Model Cloud CPE Centralized Deployment Model Overview VNFs Supported by the Cloud CPE Centralized Deployment Model NFV in the Cloud CPE Centralized Deployment Model Architecture of the Cloud CPE Centralized Deployment Model Benefits of the Cloud CPE Centralized Deployment Model Licensing for the Cloud CPE Centralized Deployment Model Hardware and Software Tested in the Cloud CPE Centralized Deployment Model Chapter 2 Installing and Configuring the Hardware and Software Components Minimum Hardware and Software Requirements for Servers and VMs Cabling the Hardware for the Cloud CPE Centralized Deployment Model Configuring the EX Series Ethernet Switch Configuring the QFX Series Switch Configuring the MX Series Router Setting Up the VMs for the Contrail Service Orchestration Node Deploying the Cloud CPE Centralized Deployment Model Installer Installing and Configuring the Cloud CPE Centralized Deployment Model Installing Contrail OpenStack Customizing the Configuration File for the Cloud CPE Centralized Deployment Model Installation Deploying the Cloud CPE Centralized Deployment Model Configuring Contrail for the Cloud CPE Centralized Deployment Model Configuring a Junos Space Cluster Creating an LxCIPtable VNF Image Chapter 3 Setting Up and Managing the Cloud CPE Centralized Deployment Model Setting Up the NFV Infrastructure for the Cloud CPE Centralized Deployment Model Adding Customers to the Cloud CPE Centralized Deployment Model Delivering New Network Services to Customers Creating Security Rules for New Customers iii

4 Deployment Guide Chapter 4 Using the Cloud CPE Centralized Deployment Model Working with Network Services in the Centralized Deployment Model Customer Access to Network Services Chapter 5 Troubleshooting the Cloud CPE Centralized Deployment Model Monitoring and Troubleshooting Overview Chapter 6 Appendix Terminology Glossary of Terms for Cloud CPE Centralized Deployment Model iv

5 List of Figures Chapter 1 Overview of Cloud CPE Centralized Deployment Model Figure 1: Software Components of the Cloud CPE Centralized Deployment Model Figure 2: Topology of Cloud CPE Centralized Deployment Model with CCRA and Contrail Service Orchestration Figure 3: Architecture of Contrail Cloud Platform Nodes Figure 4: Contrail Service Orchestration Node v

6 Deployment Guide vi

7 List of Tables About the Documentation ix Table 1: Notice Icons x Table 2: Text and Syntax Conventions x Chapter 1 Overview of Cloud CPE Centralized Deployment Model Table 3: Cloud CPE Centralized Deployment Model Licenses Table 4: Network Devices Tested in the Cloud CPE Centralized Deployment Model Table 5: Specification of Servers Tested for Cloud CPE Centralized Deployment Model Table 6: Software Used in Cloud CPE Centralized Deployment Model Chapter 2 Installing and Configuring the Hardware and Software Components Table 7: Minimum Hardware Requirements for Servers in Cloud CPE Centralized Deployment Model Table 8: Software Requirements for Cloud CPE Centralized Deployment Model Table 9: Connections for EX Series Switch Table 10: Connections for QFX Series Switch Table 11: Connections for MX Series Router Table 12: Software Requirements for VMs on Contrail Service Orchestration Server Chapter 3 Setting Up and Managing the Cloud CPE Centralized Deployment Model Table 13: Options for Python allow_all_ingress.py File Chapter 6 Appendix Terminology Table 14: Glossary for Cloud CPE Centralized Deployment Model vii

8 Deployment Guide viii

9 About the Documentation Documentation and Release Notes Documentation and Release Notes on page ix Documentation Conventions on page ix Documentation Feedback on page xi Requesting Technical Support on page xii Documentation Conventions To obtain the most current version of all Juniper Networks technical documentation, see the product documentation page on the Juniper Networks website at If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes. Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at Table 1 on page x defines notice icons used in this guide. ix

10 Deployment Guide Table 1: Notice Icons Icon Meaning Description Informational note Indicates important features or instructions. Caution Indicates a situation that might result in loss of data or hardware damage. Warning Alerts you to the risk of personal injury or death. Laser warning Alerts you to the risk of personal injury from a laser. Tip Indicates helpful information. Best practice Alerts you to a recommended use or implementation. Table 2: Text and Syntax Conventions Table 2 on page x defines the text and syntax conventions used in this guide. Convention Description Examples Bold text like this Represents text that you type. To enter configuration mode, type the configure command: user@host> configure Fixed-width text like this Italic text like this Represents output that appears on the terminal screen. Introduces or emphasizes important new terms. Identifies guide names. Identifies RFC and Internet draft titles. user@host> show chassis alarms No alarms currently active A policy term is a named structure that defines match conditions and actions. Junos OS CLI User Guide RFC 1997, BGP Communities Attribute Italic text like this Represents variables (options for which you substitute a value) in commands or configuration statements. Configure the machine s domain name: [edit] root@# set system domain-name domain-name x

11 About the Documentation Table 2: Text and Syntax Conventions (continued) Convention Description Examples Text like this Represents names of configuration statements, commands, files, and directories; configuration hierarchy levels; or labels on routing platform components. To configure a stub area, include the stub statement at the [edit protocols ospf area area-id] hierarchy level. The console port is labeled CONSOLE. < > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>; (pipe symbol) Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity. broadcast multicast (string1 string2 string3) # (pound sign) Indicates a comment specified on the same line as the configuration statement to which it applies. rsvp { # Required for dynamic MPLS only [ ] (square brackets) Encloses a variable for which you can substitute one or more values. community name members [ community-ids ] Indention and braces ( { } ) ; (semicolon) Identifies a level in the configuration hierarchy. Identifies a leaf statement at a configuration hierarchy level. [edit] routing-options { static { route default { nexthop address; retain; } } } GUI Conventions Bold text like this Represents graphical user interface (GUI) items you click or select. In the Logical Interfaces box, select All Interfaces. To cancel the configuration, click Cancel. > (bold right angle bracket) Separates levels in a hierarchy of menu selections. In the configuration editor hierarchy, select Protocols>Ospf. Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page at the Juniper Networks Technical Documentation site at simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at xi

12 Deployment Guide Send your comments to Include the document or topic name, URL or page number, and software version (if applicable). Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at Product warranties For product warranty information, visit JTAC hours of operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: Search for known bugs: Find product documentation: Find solutions and answer questions using our Knowledge Base: Download the latest versions of software and review release notes: Search technical bulletins for relevant hardware and software notifications: Join and participate in the Juniper Networks Community Forum: Open a case online in the CSC Case Management tool: To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at Call JTAC ( toll-free in the USA, Canada, and Mexico). xii

13 About the Documentation For international or direct-dial options in countries without toll-free numbers, see xiii

14 Deployment Guide xiv

15 CHAPTER 1 Overview of Cloud CPE Centralized Deployment Model Cloud CPE Centralized Deployment Model Overview on page 16 VNFs Supported by the Cloud CPE Centralized Deployment Model on page 16 NFV in the Cloud CPE Centralized Deployment Model on page 17 Architecture of the Cloud CPE Centralized Deployment Model on page 20 Benefits of the Cloud CPE Centralized Deployment Model on page 23 Licensing for the Cloud CPE Centralized Deployment Model on page 24 Hardware and Software Tested in the Cloud CPE Centralized Deployment Model on page 24 15

16 Deployment Guide Cloud CPE Centralized Deployment Model Overview Juniper Networks Cloud customer premises equipment (CPE) Centralized Deployment Model offers end-to-end provisioning of Layer 4 through Layer 7 network services through an open, cloud-based architecture. The deployment uses: Network Functions Virtualization (NFV) management and orchestration (MANO) based on European Telecommunications Standards Institute (ETSI) standards. Software-defined networking (SDN) to dynamically create logical service chains that form the network services. You can either use the Cloud CPE Centralized Deployment Model as a turnkey implementation or connect to other operational support and business support systems (OSS/BSS) through a northbound Representational State Transfer (REST) API. The Cloud CPE Centralized Deployment Model is fully integrated and tested to enable straightforward installation. In the Cloud CPE Centralized Deployment Model, virtualized network functions (VNFs) are located in a central cloud in a point of presence (POP) or data center owned by either a service provider, such as a telecommunications company, or a large enterprise. Customers of the service provider or remote sites of a large enterprise access the central cloud to obtain network services. You can use the deployment model for existing Layer 3 VPN customers without changing CPE or access networks. Alternatively, you can enable access through a Layer 3 network interface device (NID). In this documentation, the term service provider refers to the organization that provides services and the term customer refers to the organization that uses the services. The audience for the documentation is the service provider. Related Documentation Glossary of Terms for Cloud CPE Centralized Deployment Model on page 63 Architecture of the Cloud CPE Centralized Deployment Model on page 20 VNFs Supported by the Cloud CPE Centralized Deployment Model The Cloud CPE Centralized Deployment Model supports the following VNFs, which reside in the VNF catalog. Carrier-Grade Network Address Translation (CGNAT), Firewall, Unified Threat Management (UTM), and a demonstration version of Deep Packet Inspection (DPI) through vsrx. NAT and Firewall through the LxCIPTable VNF. This third -party VNF is free and operates in Linux Containers in the Linux kernel. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 Creating an LxCIPtable VNF Image on page 46 16

17 Chapter 1: Overview of Cloud CPE Centralized Deployment Model NFV in the Cloud CPE Centralized Deployment Model The Cloud customer premises equipment (CPE) Centralized Deployment Model uses a microservice architecture, which is a distributed, non-hierarchical framework in which multiple software components microservices interact to perform the functions of the deployment. Each software component operates independently to implement a set of focused, related functions. The Cloud CPE Centralized Deployment Model uses the following software components for Network Functions Virtualization (NFV): Contrail Cloud Platform, which provides underlying software-defined networking (SDN), NFV infrastructure (NFVI), and the virtualized infrastructure manager (VIM). Contrail Service Orchestration, whichprovides a RESTful API to connect with service providers operational support systems (OSS) and business support systems (BSS) applications and is responsible for many management and network orchestration (MANO) activities in the deployment. Contrail Service Orchestration consists of the following components: Administration CLI, which is a tool that you use to manage customers. Cloud CPE Tenant, Site and Service Manager and its auxiliary component, Identity and Access Manager, which manage customers and map each customer s network services to the appropriate gateway resources, such as the Layer 2 access interfaces and routing instances. These applications provide a northbound RESTful API to which you can connect OSS/BSS systems. Customer Portal, which is an application that you can provide to customers to enable them to manage sites and services for their organizations through a graphical user interface (GUI). The Customer Portal application uses the RESTful API. Network Service Designer, which enables design, creation, management, and configuration of network services through a GUI. Network services are stored in the network service catalog. Network Service Orchestrator, which is responsible for ETSI-compliant management of the life cycle of network service instances. This application includes RESTful APIs that you can use to create and manage network service catalogs. Service and Infrastructure Monitor, which works with Icinga, an open source enterprise monitoring system to provide data about the Cloud CPE Centralized Deployment Model, such as the status of virtualized network functions (VNFs), virtual machines (VMs), and physical servers; information about physical servers resources; components of a network service (VNFs and VMs hosting a VNF); counters and other information for VNFs; and software components running in Contrail Cloud Platform. VNF Manager, which creates VNF instances and manages their life cycles. Junos Space Virtual Appliance, which provides an element management system for Juniper Networks VNF. Figure 1 on page 18 illustrates the software components and their interactions. 17

18 Deployment Guide Figure 1: Software Components of the Cloud CPE Centralized Deployment Model OSS/BSS applications and Contrail Service Orchestration components with OSS/BBS capabilities send requests to Network Service Orchestrator through its northbound REST API. Network Service Orchestrator then communicates through its southbound API to the Northbound API of the appropriate, directly connected, component. Subsequently, each component in the deployment communicates through its southbound API to the to the northbound API of the next component in the hierarchy. Components send responses in the reverse direction. The following process describes the interactions of the components when a customer requests the activation of a network service: 1. Customers send requests for activations of network services through Customer Portal or OSS/BSS applications. 2. Service and Infrastructure Monitor is continuously tracking the software components, hardware components, and processes in the network. 3. Network Service Orchestrator receives requests through its northbound RESTful API and: Accesses information about the network service and associated VNFs from their respective catalogs, and communicates this information to the VIM. Sends information about the VNF to VNF Manager. 18

19 Chapter 1: Overview of Cloud CPE Centralized Deployment Model 4. The VIM and VNF Manager receive information from Network Service Orchestrator and: The VIM creates the service chains and associated VMs in the NFVI provided by Contrail Cloud Platform. Contrail Cloud Platform creates one VM for each VNF in the service chain. VNF Manager starts managing the VNF instances and, in the case of the vsrx, the Junos Space Virtual Appliance provides element management. 5. The network service is activated for the customer. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 19

20 Deployment Guide Architecture of the Cloud CPE Centralized Deployment Model The Cloud CPE Centralized Deployment Model uses the Contrail Cloud Reference Architecture (CCRA) to support the service provider s cloud. The CCRA consists of the hardware platforms, including the servers, and Contrail OpenStack software. The Contrail Service Orchestration software is installed on a server in the CCRA to complete the deployment model (Figure 2 on page 20). Figure 2: Topology of Cloud CPE Centralized Deployment Model with CCRA and Contrail Service Orchestration In the Cloud CPE Centralized Deployment Model: The MX Series router provides the gateway to the service provider s cloud. The EX Series switch provides Ethernet management and Intelligent Platform Management Interface (IPMI) access for all components of the Cloud CPE Centralized Deployment Model. Two interfaces on each server connect to this switch. The QFX Series switch provides data access to all servers. One server supports the following nodes: 20

21 Chapter 1: Overview of Cloud CPE Centralized Deployment Model Contrail Service Orchestration node Contrail configure and control node Two Contrail compute nodes Up to four additional servers, each with four nodes, act as additional Contrail compute nodes. The Cloud CPE Centralized Deployment Model installer and its associated configuration file reside together in a shared VM that is on a server separate from the Cloud CPE Deployment Model server cluster. Figure 3 on page 21 shows the architecture of the Contrail Cloud Platform nodes. Figure 3: Architecture of Contrail Cloud Platform Nodes The configure and control node hosts Contrail, OpenStack, and the VNFs. Contrail and OpenStack reside on the physical server and cannot be deployed in a VM. Each VNF resides in its own VM. Each compute node uses Contrail vrouter over Ubuntu and kernel-based virtual machine (KVM) as a forwarding plane in the Linux kernel. Use of vrouter on the compute node separates the deployment s forwarding plane from the control plane, which is the SDN Controller in Contrail OpenStack on the configure and control node. This separation leads to uninterrupted performance and enables scaling of the deployment. Figure 4 on page 22 shows the architecture of the Contrail Service Orchestration node. 21

22 Deployment Guide Figure 4: Contrail Service Orchestration Node The Contrail Service Orchestration Node supports multiple VMs: The following components reside together in a shared VM: Network Service Orchestrator VNF Manager Notification Engine Cloud CPE Tenant, Site and Service Manager Identity and Access Manager Network Service Designer and Customer Portal reside in a shared VM. Custom Contrail resides in a dedicated VM. Junos Space Virtual Appliances and their associated databases all reside in dedicated VMs. 22

23 Chapter 1: Overview of Cloud CPE Centralized Deployment Model The two virtual appliances and their respective databases provide high availability of the element management system. Two instances of Service and Infrastructure Monitor both reside in dedicated VMs. The Service and Infrastructure Monitor Controller and the Load Balancer reside in a shared VM. These components work with the two instances of Service and Infrastructure Monitor to provider high availability of the software components. After you have installed and configured the hardware in the Cloud CPE Centralized Deployment Model, you run a deployment script to install and configure software components and VMs. Depending on the virtual environment, you may need to complete some manual configuration. Related Documentation Deploying the Cloud CPE Centralized Deployment Model Installer on page 38 Installing and Configuring the Cloud CPE Centralized Deployment Model on page 39 Benefits of the Cloud CPE Centralized Deployment Model Use of traditional hardware-based customer premises equipment (CPE) requires dedicated network devices and proprietary software. Ordering, obtaining, and installing the equipment requires a significant amount of time. In addition, trained staff must be available to configure and maintain the equipment. This model is expensive, particularly for small and medium enterprises. Moving from traditional hardware-based CPE to the Cloud CPE Centralized Deployment Model offers opportunities for service providers and their enterprise customers to save time, save money, and increase convenience. Using the Cloud CPE Centralized Deployment Model, service providers can: Quickly introduce new services. Dynamically update existing services that customers are using. Deliver customized services. Quickly expand services offerings into new sites and enterprises. Offer network services based on virtualized network functions (VNFs) from multiple vendors. Reduce capital expenditure (CAPEX) through use of commercial off-the-shelf (COTS) servers and VNFs instead of dedicated network devices. Reduce operating expenses (OPEX) through faster and easier release of network services. Customers can use the Customer Portal or other OSS/BSS systems to quickly and easily: Add new sites to the Cloud CPE Centralized Deployment Model. Add new services for specific sites and for the enterprise. Manage services and sites. 23

24 Deployment Guide Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 Licensing for the Cloud CPE Centralized Deployment Model You must have licenses to download and use the Juniper Networks Cloud CPE Centralized Deployment Model. When you order licenses, you receive the information that you need to download and use the Cloud CPE Centralized Deployment Model. If you did not order the licenses, contact your account team or Juniper Networks Customer Care for assistance. Cloud CPE Centralized Deployment Model licensing includes licenses for Contrail Service Orchestration and Contrail Cloud Platform. The Cloud CPE Centralized Deployment Model licenses are based on VNF capacity, which also determines the number of separate Junos Space Network Management Platform licenses required. See Table 3 on page 24. Table 3: Cloud CPE Centralized Deployment Model Licenses Number of VNFs Supported Number of Contrail Cloud Platform Licenses Included Number of Junos Space Network Management Platform Licenses Required , , , Individual Contrail Service Orchestration licenses and Contrail Cloud Platform licenses can be purchased separately. Contrail Service Orchestration licenses are also based on VNF capacity. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 Hardware and Software Tested in the Cloud CPE Centralized Deployment Model The Cloud CPE Centralized Deployment Model has been tested with: The network devices described in Table 4 on page 24 The servers described in Table 5 on page 25 The software described in Table 6 on page 25 Table 4: Network Devices Tested in the Cloud CPE Centralized Deployment Model Function Device Model Quantity Gateway router Juniper Networks MX Series 3D Universal Edge Router MX80-48T with two 10 GE XFP optics 1 24

25 Chapter 1: Overview of Cloud CPE Centralized Deployment Model Table 4: Network Devices Tested in the Cloud CPE Centralized Deployment Model (continued) Function Device Model Quantity Management switch Juniper Networks EX Series Ethernet Switch EX T with: Forty eight 10/100/1000 GE interfaces 1 Four built-in 10 GE SFP interfaces Data switch Juniper Networks QFX Series Switch QFX S-AFI with: 1 Forty eight SFP+ interfaces Six QSFP+ interfaces Servers Quanta QuantaPlex T41S-2U 2U 4-Node server See Table 5 on page 25 At least 2, up to 5 The Cloud CPE Centralized Deployment Model was tested on servers with the specifications shown in Table 5 on page 25. Table 5: Specification of Servers Tested for Cloud CPE Centralized Deployment Model Function Model Quantity Base server QuantaPlex T41S-2U 2U 4-Node server with 2.5" drive bay At least 2, up to 5 CPU E v3 2 Memory 256GB DDR MHz GB DIMMs slots fully populated Hard disk drive 2.5" 1TB SATA Enterprise 5 Solid state drive Intel DC S3700 series 400GB SATA 1 Controller card Large scale integration (LSI) SAS controller e card 1 Interface card Dual port 10 GE SFP+ OCP mezzanine card 1 Interface card Dual port 1 GE mezzanine card 1 Power supply unit (PSU) 1600 W high efficiency redundant power supply 2 Table 6: Software Used in Cloud CPE Centralized Deployment Model Function Software and Version Operating system for servers Ubuntu LTS 25

26 Deployment Guide Table 6: Software Used in Cloud CPE Centralized Deployment Model (continued) Function Software and Version Operating system for MX Series router Junos OS Release 14.2R3 Operating system for EX Series switch Junos OS Release 12.3R10 Operating system for QFX Series switch Junos OS Release 13.2X51-D38 Operating system for Junos Space Virtual Appliance Junos Space Network Management Platform, Release 15.1R1 Software-defined networking (SDN) Contrail 2.21 Virtualized infrastructure manager (VIM) and virtual machine (VM) orchestration OpenStack Icehouse Network Functions Virtualization (NFV) Contrail Service Orchestration 1.0 Related Documentation Architecture of the Cloud CPE Centralized Deployment Model on page 20 26

27 CHAPTER 2 Installing and Configuring the Hardware and Software Components Minimum Hardware and Software Requirements for Servers and VMs on page 27 Cabling the Hardware for the Cloud CPE Centralized Deployment Model on page 29 Configuring the EX Series Ethernet Switch on page 31 Configuring the QFX Series Switch on page 32 Configuring the MX Series Router on page 34 Setting Up the VMs for the Contrail Service Orchestration Node on page 36 Deploying the Cloud CPE Centralized Deployment Model Installer on page 38 Installing and Configuring the Cloud CPE Centralized Deployment Model on page 39 Configuring Contrail for the Cloud CPE Centralized Deployment Model on page 45 Configuring a Junos Space Cluster on page 45 Creating an LxCIPtable VNF Image on page 46 Minimum Hardware and Software Requirements for Servers and VMs The Cloud CPE Centralized Deployment Model runs on commercial off-the-shelf (COTS) x86 servers. When obtaining servers for the Cloud CPE Centralized Deployment Model, we recommend that you: Select hardware that was manufactured within the last year. Ensure that you have active support contracts for servers so that you can upgrade to the latest firmware and BIOS versions. Table 7 on page 27 shows the required hardware specification for servers you use in the Cloud CPE Centralized Deployment Model. Table 7: Minimum Hardware Requirements for Servers in Cloud CPE Centralized Deployment Model Function Requirement Quantity Base server x86 server with 4 nodes At least 2, up to 5 27

28 Deployment Guide Table 7: Minimum Hardware Requirements for Servers in Cloud CPE Centralized Deployment Model (continued) Function Requirement Quantity CPUs Type Intel Sandybridge, such as Intel Xeon 2.5 Ghz 2 Memory 256 GB per server Hard disk drive (HDD) 1 TB, Serial Advanced Technology Attachment (SATA) or Serial Attached SCSI (SAS) 5 Solid-state drive (SSD) 200 GB 1 or more Data and Control interface 10 Gigabit Ethernet (GE) interface on PCIe adaptor or mezzanine card 2 Management Interface 1 GE interface 2 Out-of-Band Interface Intelligent Platform Management Interface (IPMI) 1 Table 8 on page 28 lists the software requirements for the servers. Table 8: Software Requirements for Cloud CPE Centralized Deployment Model Description Version Operating system for server and VMs Ubuntu LTS Hypervisor on Contrail Service Orchestration node Contrail 2.20 with OpenStack (Icehouse), or VMware ESXi Version Additional software (only required for Contrail Service Orchestration node) Secure File Transfer Protocol (SFTP) Additional requirements Disable DHCP servers on the subnet on which you install the Cloud CPE Centralized Deployment Model. The installer deploys and configures DHCP servers. Do not install MySQL software on the VM that you use for the Service and Infrastructure Monitor. The installer deploys and configures MySQL servers in this VM. If the VM already contains My SQL software, the installer may not set up the VM correctly. Related Documentation Architecture of the Cloud CPE Centralized Deployment Model on page 20 Hardware and Software Tested in the Cloud CPE Centralized Deployment Model on page 24 28

29 Chapter 2: Installing and Configuring the Hardware and Software Components Cabling the Hardware for the Cloud CPE Centralized Deployment Model This section describes how to connect cables among the network devices and servers in the Contrail Cloud Reference Architecture (CCRA). To cable the hardware: 1. Connect cables from the EX Series switch to the other devices in the network. See Table 9 on page 29 for information about the connections for the EX Series switch. 2. Connect cables from the QFX Series switch to the other devices in the network. See Table 10 on page 30 for information about the connections for the QFX Series switch. 3. Connect cables from the MX Series router to the other devices in the network. See Table 11 on page 30 for information about the connections for the MX Series router. Table 9: Connections for EX Series Switch Interface on EX Series Switch Destination Device Interface on Destination Device eth0 (management interface) EX Series switch ge-0/0/41 ge-0/0/0 Server 1 IPMI ge-0/0/1 Server 2 IPMI ge-0/0/2 Server 3 IPMI ge-0/0/3 Server 4 IPMI ge-0/0/4 Server 5 IPMI ge-0/0/20 Server 1 eth0 ge-0/0/21 Server 2 eth0 ge-0/0/22 Server 3 eth0 ge-0/0/23 Server 4 eth0 ge-0/0/24 Server 5 eth0 ge-0/0/41 EX Series switch eth0 (management interface) ge-0/0/42 QFX Series switch eth0 (management interface) ge-0/0/44 MX Series router fxp0 29

30 Deployment Guide Table 9: Connections for EX Series Switch (continued) Interface on EX Series Switch Destination Device Interface on Destination Device ge-0/0/46 MX Series router ge-1/3/11 ge-0/0/47 Server 1 eth1 Table 10: Connections for QFX Series Switch Interface on QFX Series Switch Destination Device Interface on Destination Device eth0 (management interface) EX Series switch ge-0/0/42 xe-0/0/0 Server 1 eth2 xe-0/0/1 Server 2 eth2 xe-0/0/2 Server 3 eth2 xe-0/0/3 Server 4 eth2 xe-0/0/4 Server 5 eth2 xe-0/0/20 Server 1 eth3 xe-0/0/21 Server 2 eth3 xe-0/0/22 Server 3 eth3 xe-0/0/23 Server 4 eth3 xe-0/0/24 Server 5 eth3 xe-0/0/46 MX Series router xe-0/0/0 xe-0/0/47 MX Series router xe-0/0/1 Table 11: Connections for MX Series Router Interface on MX Series Router Destination Device Interface on Destination Device fxp0 (management interface) EX Series switch ge-0/0/44 ge-1/3/11 EX Series switch ge-0/0/46 xe-0/0/0 QFX Series switch xe-0/0/46 xe-0/0/1 QFX Series switch xe-0/0/47 30

31 Chapter 2: Installing and Configuring the Hardware and Software Components Table 11: Connections for MX Series Router (continued) Interface on MX Series Router Destination Device Interface on Destination Device ge-1/0/0 and ge-1/0/1 or xe-0/0/2 and xe-0/0/3, depending on the network Service provider s device at the cloud Related Documentation Architecture of the Cloud CPE Centralized Deployment Model on page 20 Configuring the EX Series Ethernet Switch Before you configure the EX Series switch, complete any basic setup procedures and install the correct Junos OS software release on the switch. To configure the EX Series switch: 1. Define VLANs for the IPMI ports. For example: user@switch# set interfaces interface-range ipmi member-range ge-0/0/0 to ge-0/0/19 user@switch# set interfaces interface-range ipmi unit 0 family ethernet-switching port-mode access user@switch# set interfaces interface-range ipmi unit 0 family ethernet-switching vlan members ipmi user@switch# set interfaces vlan unit 60 family inet address /24 user@switch# set vlans ipmi vlan-id 60 user@switch# set vlans ipmi l3-interface vlan Define a VLAN for the management ports. For example: user@switch# set interfaces interface-range mgmt member-range ge-0/0/20 to ge-0/0/46 user@switch# set interfaces interface-range mgmt unit 0 family ethernet-switching port-mode access user@switch# set interfaces interface-range mgmt unit 0 family ethernet-switching vlan members mgmt user@switch# set interfaces vlan unit 70 family inet address /24 user@switch# set vlans mgmt vlan-id 70 user@switch# set vlans mgmt l3-interface vlan Define a static route for external network access. For example: user@switch# set routing-options static route /0 next-hop Related Documentation Hardware and Software Tested in the Cloud CPE Centralized Deployment Model on page 24 Configuring the QFX Series Switch on page 32 Configuring the MX Series Router on page 34 31

32 Deployment Guide Configuring the QFX Series Switch Before you configure the QFX Series switch, complete any basic setup procedures and install the correct Junos OS software release on the switch. To configure the QFX Series switch: 1. Configure the IP address of the Ethernet management port. For example: set interfaces vme unit 0 family inet address /24 2. Configure integrated routing and bridging (IRB). For example: user@switch# set interfaces irb unit 80 family inet address /24 3. Configure a link aggregation group (LAG) for each pair of server ports. For example: user@switch# set interfaces xe-0/0/0 ether-options 802.3ad ae0 user@switch# set interfaces xe-0/0/20 ether-options 802.3ad ae0 user@switch# set interfaces ae0 mtu 9192 user@switch# set interfaces ae0 aggregated-ether-options lacp active user@switch# set interfaces ae0 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae0 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae0 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/1 ether-options 802.3ad ae1 user@switch# set interfaces xe-0/0/21 ether-options 802.3ad ae1 user@switch# set interfaces ae1 mtu 9192 user@switch# set interfaces ae1 aggregated-ether-options lacp active user@switch# set interfaces ae1 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae1 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae1 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/2 ether-options 802.3ad ae2 user@switch# set interfaces xe-0/0/22 ether-options 802.3ad ae2 user@switch# set interfaces ae2 mtu 9192 user@switch# set interfaces ae2 aggregated-ether-options lacp active user@switch# set interfaces ae2 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae2 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae2 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/3 ether-options 802.3ad ae3 user@switch# set interfaces xe-0/0/23 ether-options 802.3ad ae3 user@switch# set interfaces ae3 mtu 9192 user@switch# set interfaces ae3 aggregated-ether-options lacp active user@switch# set interfaces ae3 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae3 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae3 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/4 ether-options 802.3ad ae4 user@switch# set interfaces xe-0/0/24 ether-options 802.3ad ae4 user@switch# set interfaces ae4 mtu 9192 user@switch# set interfaces ae4 aggregated-ether-options lacp active user@switch# set interfaces ae4 aggregated-ether-options lacp periodic fast 32

33 Chapter 2: Installing and Configuring the Hardware and Software Components set interfaces ae4 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae4 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/5 ether-options 802.3ad ae5 user@switch# set interfaces xe-0/0/25 ether-options 802.3ad ae5 user@switch# set interfaces ae5 mtu 9192 user@switch# set interfaces ae5 aggregated-ether-options lacp active user@switch# set interfaces ae5 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae5 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae5 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/6 ether-options 802.3ad ae6 user@switch# set interfaces xe-0/0/26 ether-options 802.3ad ae6 user@switch# set interfaces ae6 mtu 9192 user@switch# set interfaces ae6 aggregated-ether-options lacp active user@switch# set interfaces ae6 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae6 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae6 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/7 ether-options 802.3ad ae7 user@switch# set interfaces xe-0/0/27 ether-options 802.3ad ae7 user@switch# set interfaces ae7 mtu 9192 user@switch# set interfaces ae7 aggregated-ether-options lacp active user@switch# set interfaces ae7 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae7 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae7 unit 0 family ethernet-switching vlan members data user@switch# set interfaces xe-0/0/8 ether-options 802.3ad ae8 user@switch# set interfaces xe-0/0/28 ether-options 802.3ad ae8 user@switch# set interfaces ae8 mtu 9192 user@switch# set interfaces ae8 aggregated-ether-options lacp active user@switch# set interfaces ae8 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae8 unit 0 family ethernet-switching interface-mode access user@switch# set interfaces ae8 unit 0 family ethernet-switching vlan members data 4. Configure a VLAN for data transmission. For example: user@switch# set vlans data vlan-id 80 user@switch# set vlans data l3-interface irb Configure OSPF routing. For example: user@switch# set interfaces irb unit 80 family inet address /24 user@switch# set protocols ospf area interface irb.80 passive 6. Configure the interface that connects to the MX Series router. For example: user@switch# set interfaces xe-0/0/46 ether-options 802.3ad ae9 user@switch# set interfaces xe-0/0/47 ether-options 802.3ad ae9 user@switch# set interfaces ae9 aggregated-ether-options lacp active user@switch# set interfaces ae9 aggregated-ether-options lacp periodic fast user@switch# set interfaces ae9 unit 0 family inet address /24 user@switch# set protocols ospf area interface ae9.0 33

34 Deployment Guide Related Documentation Hardware and Software Tested in the Cloud CPE Centralized Deployment Model on page 24 Configuring the EX Series Ethernet Switch on page 31 Configuring the MX Series Router on page 34 Configuring the MX Series Router Before you configure the MX Series router, complete any basic setup procedures and install the correct Junos OS software release on the switch. To configure the MX Series router: 1. Configure interfaces, IP addresses, and basic routing settings. For example: set interfaces ge-1/0/0 unit 0 family inet address /28 user@router# set interfaces lo0 unit 0 family inet address /32 user@router# set routing-options route-distinguisher-id user@router# set routing-options autonomous-system user@router# set protocols ospf area interface lo0.0 user@router# set interfaces ge-1/0/0 unit 0 family inet service input service-set s1 service-filter ingress-1 user@router# set interfaces ge-1/0/0 unit 0 family inet service output service-set s1 service-filter ingress-1 2. Configure the interfaces that connect to the QFX Series switch. For example: user@router# set chassis aggregated-devices ethernet device-count 2 user@router# set interfaces xe-0/0/0 gigether-options 802.3ad ae0 user@router# set interfaces xe-0/0/1 gigether-options 802.3ad ae0 user@router# set interfaces ae0 aggregated-ether-options lacp periodic fast user@router# set interfaces ae0 unit 0 family inet service input service-set s1 service-filter ingress-1 user@router# set interfaces ae0 unit 0 family inet service output service-set s1 service-filter ingress-1 user@router# set interfaces ae0 unit 0 family inet address /24 user@router# set protocols ospf area interface ae Configure BGP and tunneling for the service provider s cloud. For example: user@router# set chassis fpc 0 pic 0 tunnel-services user@router# set chassis fpc 0 pic 0 inline-services bandwidth 1g user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels source-address user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels gre user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels destination-networks /24 user@router# set protocols mpls interface all user@router# set protocols bgp group Contrail_Controller type internal user@router# set protocols bgp group Contrail_Controller local-address user@router# set protocols bgp group Contrail_Controller keep all user@router# set protocols bgp group Contrail_Controller family inet-vpn unicast user@router# set protocols bgp group Contrail_Controller neighbor user@router# set protocols bgp group Contrail_Controller neighbor

35 Chapter 2: Installing and Configuring the Hardware and Software Components set protocols ospf export leak-default-only 4. Set up routing. For example: set routing-options static rib-group inet-to-public set routing-options static route /0 next-hop set routing-options static route /0 retain set routing-options static route /26 next-table public.inet.0 set routing-options rib-groups inet-to-public import-rib inet.0 set routing-options rib-groups inet-to-public import-rib public.inet.0 set routing-options rib-groups inet-to-public import-policy leak-default-only set policy-options policy-statement leak-default-only term default from route-filter /0 exact set policy-options policy-statement leak-default-only term default then accept set policy-options policy-statement leak-default-only then reject set routing-instances public instance-type vrf set routing-instances public interface lo0.10 set routing-instances public vrf-target target:64512:10000 set routing-instances public vrf-table-label set routing-instances public routing-options static route /26 discard 5. Configure NAT. For example: set services service-set s1 nat-rules rule-napt-zone set services service-set s1 interface-service service-interface si-0/0/0.0 set services nat pool contrailui address /32 set services nat pool openstack address /32 set services nat pool jumphost address /32 set services nat rule rule-napt-zone term t1 from source-address /32 set services nat rule rule-napt-zone term t1 then translated source-pool openstack set services nat rule rule-napt-zone term t1 then translated translation-type basic-nat44 set services nat rule rule-napt-zone term t2 from source-address /32 set services nat rule rule-napt-zone term t2 then translated source-pool contrailui set services nat rule rule-napt-zone term t2 then translated translation-type basic-nat44 set services nat rule rule-napt-zone term t3 from source-address /32 set services nat rule rule-napt-zone term t3 then translated source-pool jumphost set services nat rule rule-napt-zone term t3 then translated translation-type basic-nat44 set firewall family inet service-filter ingress-1 term t1 from source-address /32 set firewall family inet service-filter ingress-1 term t1 from protocol tcp set firewall family inet service-filter ingress-1 term t1 from destination-port-except 179 set firewall family inet service-filter ingress-1 term t1 then service set firewall family inet service-filter ingress-1 term t2 from source-address /32 35

36 Deployment Guide set firewall family inet service-filter ingress-1 term t2 then service set firewall family inet service-filter ingress-1 term t3 from source-address /32 set firewall family inet service-filter ingress-1 term t3 then service set firewall family inet service-filter ingress-1 term end then skip Related Documentation Hardware and Software Tested in the Cloud CPE Centralized Deployment Model on page 24 Configuring the EX Series Ethernet Switch on page 31 Configuring the QFX Series Switch on page 32 Setting Up the VMs for the Contrail Service Orchestration Node You must complete this procedure for the Contrail Orchestration node if you: Use a hypervisor other than Contrail Openstack. Already have VMs that you want to use. If you use the Contrail OpenStack hypervisor and have not yet created VMs, the installer creates the VMs with the required resources and opens the required ports. To set up the Contrail Service Orchestration node: 1. On the Contrail Service Orchestration node, create 10 VMs with the resources listed in Table 12 on page Record the hostnames of the VMs. You must specify the hostnames in the configuration file. 3. If MySQL software is installed in the VMs for Service and infrastructure Monitor, remove it. The installer deploys and configures MySQL servers in this VM. If the VM already contains My SQL software, the installer may not set up the VM correctly. 4. Open the required ports on each VM. See Table 12 on page 36. Table 12: Software Requirements for VMs on Contrail Service Orchestration Server Applications Installer Places in VM Number of VMs Resources Required Ports to Open Cloud CPE Tenant, Site and Service Manager Identity and Access Manager Network Service Orchestrator Notification Engine VNF Manager 1 8 vcpus 32 GB RAM 100 GB hard disk storage

37 Chapter 2: Installing and Configuring the Hardware and Software Components Table 12: Software Requirements for VMs on Contrail Service Orchestration Server (continued) Applications Installer Places in VM Number of VMs Resources Required Ports to Open Customer Portal 1 4 vcpus 80 Network Service Designer 8 GB RAM GB hard disk storage Junos Space Virtual Appliance 2 4 vcpus None 24 GB RAM 500 GB hard disk storage Junos Space database 2 4 vcpus None 24 GB RAM 160 GB hard disk storage Custom Contrail 1 4 vcpus None 32 GB RAM 100 GB hard disk storage Service and Infrastructure Monitor Controller Load Balancer 1 4 vcpus 16 GB RAM 100 GB hard disk storage None Service and Infrastructure Monitor 2 4 vcpus None 32 GB RAM 100 GB hard disk storage CAUTION: Make sure that MySQL software is not installed in the VM for Service and Infrastructure Monitor. The installer deploys and configures MySQL servers in this VM. If the VM already contains My SQL software, the installer may not set up the VM correctly. You can reimage the operating systems on the physical servers when you run the installer to deploy the NFV solution. Doing so ensures that you are running the Ubuntu image included with the installer on both servers. The installer does not reimage the operating system in the VMs, however. Related Documentation Minimum Hardware and Software Requirements for Servers and VMs on page 27 Architecture of the Cloud CPE Centralized Deployment Model on page 20 37

38 Deployment Guide Deploying the Cloud CPE Centralized Deployment Model Installer Before you deploy the installer: 1. Create a VM on a server that is separate from the server cluster in the Cloud CPE Centralized Deployment Model with the following resources: 6 vcpus 10 GB RAM 100 GB hard disk storage 2. Open the following ports on the VM To deploy the installer: 1. Log in to the installer VM as root. The current directory is the home directory. 2. Copy the installer package to this directory. 3. Expand the package. root@host:~/# tar xvf csp-1.0.tar 4. Set up the installer. root@host:~/# cd csp-1.0 root@host:~/csp-1.0#./setup.sh Setting up the installer deploys the following applications: Contrail Server Manager, which deploys Contrail Cloud Platform Salt Master, which deploys other components in the Cloud CPE Centralized Deployment Model Related Documentation Installing and Configuring the Cloud CPE Centralized Deployment Model on page 39 Architecture of the Cloud CPE Centralized Deployment Model on page 20 38

39 Chapter 2: Installing and Configuring the Hardware and Software Components Installing and Configuring the Cloud CPE Centralized Deployment Model NOTE: Check the Read Me file included with the Cloud CPE Centralized Deployment Model installer for additional information about installing the software. Installing Contrail OpenStack on page 39 Customizing the Configuration File for the Cloud CPE Centralized Deployment Model Installation on page 39 Deploying the Cloud CPE Centralized Deployment Model on page 44 Installing Contrail OpenStack 1. install Contrail OpenStack on the server cluster and set up the roles of the nodes in the cluster.. Refer to the Contrail documentation for information about installing Contrail OpenStack and configuring the nodes.. 2. Record the IP address of the server on which you install the Contrail OpenStack software. You use this IP address to specify the Contrail OpenStack server in the configuration file for the Cloud CPE Centralized Deployment Model Installer. Customizing the Configuration File for the Cloud CPE Centralized Deployment Model Installation The Cloud CPE Centralized Deployment Model installer uses a configuration file, which you must customize for your network. After you customize the configuration file, you run the installer to deploy and configure the software on the servers and VMs. The configuration file is located in the server_manager directory and has the name csp_topology.conf. The configuration file is in YAML format. To customize the configuration file: 1. In the [DEPLOY_OPTIONS] section of the file, specify that you have already installed Contrail OpenStack. skip_contrail_install = True CAUTION: Do not set the skip_contrail_install option to False. Doing so may corrupt the installation. 2. In the [SPACE] section, specify the following values for the Junos Space Virtual Appliance. 39

40 Deployment Guide ip IP address for the virtual appliance user Username for logging in to the virtual appliance password Password for logging in to the virtual appliance 3. In the [TARGETS] section, specify values for the network on which the Cloud CPE Centralized Deployment Model resides. gateway IP address of the gateway router cidr Range of IP addresses on the network admin_ Administrator s address domain Domain associated with administrators address dns_servers Comma-separated list of DNS name servers, including DNS servers specific to your network. timezone Time zone of the host, in the format specified in the Internet Assigned Numbers Authority (IANA) Time Zone Database. The default is the time zone of the installer. ntp_servers Comma-separated list of Network Time Protocol (NTP) servers. For networks within firewalls, specify NTP servers specific to your network. servers Comma-separated list of hostnames of the following components: Server on which you install Contrail OpenStack The following VMs on the Contrail Service Orchestration node: VM that contains Network Service Orchestrator and other components. VM that contains Custom Contrail. VM that contains Network Service Designer. VM that contains the primary instance of Service and Infrastructure Monitor. VM that contains the secondary instance of Service and Infrastructure Monitor. VM that contains the controller and the load balancer for Service and Infrastructure Monitor. 4. Specify BGP parameters for the MX Series router. external_bgp IP address of the BGP peer router_asn Autonomous system number used for the BGP peer 5. Using the settings configured when you installed Contrail OpenStack, specify the following settings: keystone_password OpenStack keystone password keystone_tenant OpenStack keystone tenant keystone_username OpenStack keystone username service_token OpenStack keystone service token 40

41 Chapter 2: Installing and Configuring the Hardware and Software Components 6. Specify configuration values for the servers and VMs that you specified in Step 3. [hostname] Name of the machine management_address IP address of the Ethernet management interface management_interface Name of the Ethernet management interface, typically eth0 management_mac MAC address for the host data_net_address IP address of the interface used to transmit data on a physical server data_interface Name of the Ethernet interface used to transmit data on a physical server data_mac MAC address for the interface used to transmit data on a physical server gateway IP address of the gateway for the host. If you do not specify a value, the value defaults to the gateway defined in the [TARGETS] section hostname Hostname of the machine username Username for logging in to the machine password Password for logging in to the machine Roles Components installed on the machine: contrail Server on which you install Contrail OpenStack custom_contrail Contrail software to support Identity and Access Manager component iam Identity and Access Manager loadbalancer Load-balancing software, which balances the volume of traffic for software components that offer redundancy. naas Network as a Service, an application that manages internal event messages nsd Network Service Designer nso Network Service Orchestrator sim Icinga server software sim_client Icinga client software, which resides on the same machine as any component monitored by Service and Infrastructure Monitor. sim_primary Primary instance of Server and Infrastructure Monitor, which works with the secondary instance to provide redundancy. sim_secondary Secondary instance of Server and Infrastructure Monitor, which works with the primary instance to provide redundancy. tssm Cloud CPE, Tenant, Site and Service Manager vnfm VNF Manager 41

42 Deployment Guide 7. (Optional) If you want to reimage the Ubuntu operating system on the Contrail Cloud Platform server with the Ubuntu version included in the installer, specify values for the following Intelligent Platform Management Interface (IPMI) parameters. CAUTION: Do not specify IPMI parameters for VMs. Doing so may prevent the Cloud CPE Centralized Deployment Model from working. ipmi_address IP address for IPMI. ipmi_username Username for IPMI operations. ipmi_password Password for IPMI operations. ipmi_type = ipmilantype of Intelligent Platform Management Interface (IPMI). The Cloud CPE Centralized Deployment Model supports IPMI over LAN (ipmilan) and Integrated Lights-Out (ilo). The default is ipmilan. 8. Specify whether you want to the installer to complete the following tasks: a. Map the keystone end points to the management network. b. Install the vsrx image in the Glance software. c. Optimize settings for Contrail-Openstack, as described in the documentation for that product. If you have already installed Contrail-OpenStack and it is working correctly, you can chose to omit Step 8. If you do so, you must complete Step a and Step b manually. skip_configuration True or False. The default is false. The following example shows a customized configuration file for an installation in which you do not want to reinstall Contrail on the Contrail Cloud Platform server: [DEPLOY_OPTIONS] skip_contrail_install = True [SPACE] ip = user = admin password = pwd1234 [MYSQL] ip = admin_user = admin admin_password = pwd1234 [TARGETS] gateway = cidr = /24 domain = location.example.net dns_servers = $next_server, timezone = UTC ntp_servers = ntp.example.net, ntp.ubuntu.com 42

43 Chapter 2: Installing and Configuring the Hardware and Software Components servers = ccp-host, custom-contrail-vm, nsd-vm, nso-vm, sim-vm external_bgp = router_asn = keystone_password = pwd123 keystone_tenant = admin keystone_username = admin service_token = [ccp-host] management_address = /24 management_interface = eth0 management_mac = 00:25:90:C8:11:86 data_net_address = /24 data_interface = eth1 data_mac = 00:25:90:C8:11:88 gateway = hostname = ccp-host username = root password = pwd1234 ipmi_address = ipmi_username = ADMIN ipmi_password = ADMIN ipmitype = ilo skip_configuration = False roles = contrail, sim_client [c-c-vm] management_address = /24 hostname = c-c-vm username = root password = pwd1234 roles = custom_contrail, sim_client [nsd-vm] management_address = /24 hostname = nsd-vm username = root password = pwd1234 roles = nsd, sim-client [nso-vm] management_address = /24 hostname = nso-vm username = root password = pwd1234 roles = naas, nso, vnfm, tssm, iam, sim_client [sim1-vm] management_address = /24 hostname = sim1-vm username = root password = pwd1234 roles = aim_primary [sim2-vm] management_address = /24 hostname = sim2-vm username = root 43

44 Deployment Guide password = pwd1234 roles = aim_primary [simcontroller-vm] management_address = /24 hostname = simcontroller-vm username = root password = pwd1234 roles = loadbalancer, aim Deploying the Cloud CPE Centralized Deployment Model After you have completed all previous installation tasks, you can run the installer from the installer host. To deploy the Cloud CPE Centralized Deployment Model: 1. Log in to the installer VM as root. 2. Access the directory for the installer. root@host:~/# cd /~/csp1.0/ 3. Run the installer. root@host:~/csp1.0/#./install_csp_solution.sh The installation begins and you see status messages about the installation. Setting up CSP Solution Components ============================= This may take a while... preparing salt prod environment During installation, view the log file csp_deploy.log to observe detailed messages about the installation of the components. root@install-host:# cd ~/csp1.0/logs root@install-host:/csp1.0/logs# tailf csp_deploy.log In the same directory, you can also view the log file csp_console.log 5. When you see that the deployment is complete, run the verification script. root@install-host:# cd ~/csp1.0 root@host:~/csp1.0/#./verify_csp_solution.sh If the deployment script installs all components successfully, the verification script returns the following output. Verifying CSP Solution Components ================================== This may take a while checking health of contrail checking health of Custom contrail checking health of nfvo checking health of nsd checking health of vnfm checking health of iam checking health of icinga Verification completed for Contrail, JSM, VNFM, NSD, IAM and ICINGA The verification script returns error messages if: 44

45 Chapter 2: Installing and Configuring the Hardware and Software Components The deployment script was not able to install one or more of the software components. One or more software components has not started. The software components are not connected correctly. The software components are not exchanging tokens correctly. Related Documentation Architecture of the Cloud CPE Centralized Deployment Model on page 20 Deploying the Cloud CPE Centralized Deployment Model Installer on page 38 Configuring Contrail for the Cloud CPE Centralized Deployment Model After you have installed the Cloud CPE Centralized Deployment Model, you must configure BGP in Contrail to establish neighborship with the SDN gateway router. For details, see the following links: Related Documentation Installing and Configuring the Cloud CPE Centralized Deployment Model on page 39 Architecture of the Cloud CPE Centralized Deployment Model on page 20 Configuring a Junos Space Cluster The Junos Space cluster provides high availability of the Element Management System. The cluster incorporates two Junos Space Virtual Appliances and two associated databases in a redundant configuration. To configure the Junos Space cluster: 1. Log into the Junos Space Network Management Web GUI. The dashboard and the Password Expiry dialog box appear. 2. Click Yes in the Password Expiry box to change the default password. The Change User Settings dialog box appears. 3. Enter a new password and click OK, 4. Log out, then log in again with your new password. 5. In the left navigation bar, select Administration > Fabric. The Adminstration > Fabric page appears. 6. In the toolbar, click Add Node. 45

46 Deployment Guide The Add Node to fabric dialog box appears. a. Select DB Node for Node Type. b. Enter the hostname and IP address of the VMs for the primary and secondary Junos Space databases. c. For the primary database, specify the IP address of the VM for the primary Junos Space Virtual Appliance. d. Click Add. 7. In the toolbar, click Add Node. The Add Node to fabric dialog box appears. a. Select JBoss Node. b. Enter the hostname and IP address of the VM for the secondary Junos Space Virtual Appliance. c. Click Add. Related Documentation Architecture of the Cloud CPE Centralized Deployment Model on page 20 Creating an LxCIPtable VNF Image You use this process to make the LxCIPtable VNF available in the Cloud CPE Centralized Deployment Model. To create an LxCIPtable Image: 1. From download the appropriate Ubuntu cloud image to the Contrail Openstack server. 2. On the Contrail OpenStack server, upload the Ubuntu image into the Glance software. glance image-create --name IPtables --is-public True --container-format bare --disk-format qcow2 < ubuntu server-cloudimg-amd64-disk1.img 3. In a local directory on the Contrail OpenStack server, create a user-data (metadata) file for the image. For example: bash$ cat user-data.txt #cloud-config password: <PASSWORD> chpasswd: { expire: False ) ssh_pwauth: True 4. Create an instance of the image called IPtable-temp in this directory. nova boot --flavor m1.medium --user-data=./user-data.txt --image IPtables IPtable-temp --nic net-id=<management network id> 46

47 Chapter 2: Installing and Configuring the Hardware and Software Components CAUTION: Do not delete this instance. Doing so makes the LxCIPtable VNF unavailable in the Cloud CPE Centralized Deployment Model. 5. From the OpenStack GUI, login to the instance with the username ubuntu and the password specified in the user-data file. 6. Customize the instance. a. Obtain the password specified in the section [iptables_creds] of the file nfvo.conf. b. Set the root password to this value. For example: sudo passwd root pwd1234 c. In the file /etc/ssh/sshd_config, specify the following setting: PermitRootLogin = yes d. Restart the service. service ssh restart e. In the file /etc/network/interfaces, modify the eth0, eth1 and eth2 settings as follows: auto eth0 iface eth0 inet dhcp metric 100 auto eth1 iface eth1 inet dhcp metric 100 auto eth2 iface eth2 inet dhcp metric 100 f. Verify that IPtables is active. service ufw status 7. Taking a Snapshot of the Instance. a. Close the instance. sudo shutdown -h now b. From the OpenStack Instances page, select Create Snapshot for this instance, and specify the Name as LxcImg 6. You may not delete the temporary instance that we create is Step 3 (named IPtable-temp) Related Documentation VNFs Supported by the Cloud CPE Centralized Deployment Model on page 16 47

48 Deployment Guide 48

49 CHAPTER 3 Setting Up and Managing the Cloud CPE Centralized Deployment Model Setting Up the NFV Infrastructure for the Cloud CPE Centralized Deployment Model on page 49 Adding Customers to the Cloud CPE Centralized Deployment Model on page 52 Delivering New Network Services to Customers on page 55 Creating Security Rules for New Customers on page 57 Setting Up the NFV Infrastructure for the Cloud CPE Centralized Deployment Model After you install the Cloud CPE Centralized Deployment Model, you need to set up the NFV infrastructure, which includes: A virtual infrastructure manager (VIM). Points of presence (POPs). An Internet virtual network. A management virtual network. To set up the NFV infrastructure: 1. Log in through the Identity and Access Manager API. a. Get the authentication information. curl -X GET -H Authorization:Basic admin-user xyz b. Assign the result to the OS_TOKEN variable. 2. Create a VIM for the POP. a. Define information for the VIM in a JSON file. vim.json { "name": "testvim", "address": " ", "provider": "Contrail-Openstack" } 49

50 Deployment Guide b. Create the VIM instance. curl -X POST -D headers -H "content-type:application/json" "x-auth-token: $OS_TOKEN" 3. Using the Network Service Orchestrator API, create a POP. a. Define information for the POP in a JSON file. popid.json { "name": "testpop", "vim-id": "0d a5-4d9b-a60d-93340b7b7ccd", "compute-zone": "nova" } b. Create the POP. curl -X POST -D headers -H "content-type:application/json" "x-auth-token: $OS_TOKEN" c. Define the POP identifier in a JSON file. pop-enable.json { "input": { "pop-id": <POP_ID> } } d. Activate the POP. curl -X POST -D headers -H "content-type:application/json" "x-auth-token: $OS_TOKEN" e. Get a list of POPs from the Network Service Orchestrator API. curl -X GET "x-auth-token: $OS_TOKEN" f. Assign the result to the POP_LIST variable. g. Define mapping information for each POP in a JSON file. popid_vcpe.json { "pop": { "type": "jsm", /* cannot be specific to target-type */ "fq_name": [ "jsm-1, "jsm-popid-1 ], "nfv_popid": <POP_ID>, 50

51 Chapter 3: Setting Up and Managing the Cloud CPE Centralized Deployment Model "parent_type":"target" } } h. Add the POPs to the Cloud CPE Tenant, Site and Service Management API. curl -H "x-auth-token: $OS_TOKEN" -X POST -H "Content-Type: application/json" 4. Using the Network Service Orchestrator API, create the Internet virtual network and assign it to the Internet[index] variable. 5. Using the Network Service Orchestrator API, create the management virtual network and assign it to the Mgtm[index] variable. 6. Import the Internet virtual network and management virtual network into the Cloud CPE Tenant, Site and Service Manager API. a. Get a list of virtual networks from the Network Service Orchestrator API. curl -X GET "x-auth-token: $OS_TOKEN" b. Assign the result to the VN_LIST variable. c. Get a list of POPs from the Cloud CPE Tenant, Site and Service Management API. curl -H "x-auth-token: $OS_TOKEN" d. Assign the result to the CSAS_POP_LIST variable. e. Define information about the virtual networks in a JSON file. update_popid_vcpe.json { pop : { "properties": { "property": [ { "name": internet_id, "value": \ VN_LIST[Internet][index]\ }, { "name": "mgmt_net_id, "value": "\"VN_LIST[Mgmt][index]\ } ] }, "targettype": "jsm", "uuid": <CSAS_POPID> } } f. Using the Cloud CPE Tenant, Site and Service Management API, assign the virtual networks to the POP. 51

52 Deployment Guide curl -H "x-auth-token: $OS_TOKEN" -X PUT -H "Content-Type: application/json" Related Documentation Delivering New Network Services to Customers on page 55 Adding Customers to the Cloud CPE Centralized Deployment Model on page 52 Adding Customers to the Cloud CPE Centralized Deployment Model Use this procedure to add new customers to the Cloud CPE Centralized Deployment Model. To set up a customer: 1. Log in through the Identity and Access Manager API. a. Get the authentication information. curl -X GET -H Authorization:Basic admin-user xyz b. Assign password to the OS_TOKEN variable. 2. (One time only) Using the Identity and Access Manager API, create a tenant type with defined resources. After you have created the tenant type, you can use it for other customers. a. Define the resources required in a JSON file. c_tenant-type.json { "tenant-type": { "fq_name": [ small ], "resource_limit": { "bandwidth": 2, "cores": 5, "ns_instances": 2, "ram": 2, "vl_instances": 2, "vm_instances": 2, "vnf_instances": 2, "volume_size": 2, "volumes": 2 }, "type_name": small } } b. Create the tenant type. 52

53 Chapter 3: Setting Up and Managing the Cloud CPE Centralized Deployment Model curl -i -X POST -H "X-Auth-Token: $OS_TOKEN" -H "Content-Type: application/json" assign to TENANTTYPE_ID 3. Using the Cloud CPE Tenant, Site and Service Manager API, create an enterprise and associate it with the tenant type that you created. a. Define the customer information in a JSON file. customer_c.json { "customer": { "fq_name": [ "default-domain", ExampleEnterprise, ExampleEnterprise ], "properties": { "property": [ { "name": "left-net-rt", "value": "\"64512: 10080\"" } ] }, "pop": <CSAS_POPID>, "tenant_type": small } } b. Create the enterprise. curl -H "x-auth-token: $OS_TOKEN" -X POST -H "Content-Type: application/json" 4. Using the Identity and Access Manager API, create a user and assign a role to the user. a. Define the information for the user in a JSON file. puser.json{ "user": { "name": "ExampleEnterprise-user1, "password": "password123" } } b. Create the user. curl -H "X-Auth-Token: $OS_TOKEN" -H "Content-Type: application/json" -X POST c. Specify the name and password for the user, and assign the result to the USER_ID variable. d. Obtain an identifier for the administrative role. 53

54 Deployment Guide curl -H "x-auth-token: $OS_TOKEN" e. Assign the result to ADMIN_ROLE_ID variable. f. Assign the role to the user that you created. curl -H "x-auth-token: $OS_TOKEN" -X PUT 5. Using the Cloud CPE Tenant, Site and Service Manager API, create a site for the enterprise. a. Define information about the site in a JSON file. site_c.json { "site": { "fq_name": [ "default-domain", ExampleEnterprise, ExampleEnterprise, ExampleEnterprise-site-1" ], "pop": "b460cd37-f27f-4ce a d97c, "properties": { "property": [ { "name": "left-net-rt", "value": "\"64512: 10050\"" } ] } } } b. Create the site. curl -H "x-auth-token: $OS_TOKEN" -X POST -H "Content-Type: application/json" 6. Using the Cloud CPE Tenant, Site and Service Manager API, create a link from the site to the Internet. a. Define the link information in a JSON file. link_c.json { "link": { "description": "Primary Link", "device": "vuntut", "display_name": "primary", "fq_name": [ "default-domain", ExampleEnterprise, ExampleEnterprise, ExampleEnterprise-site-1", 54

55 Chapter 3: Setting Up and Managing the Cloud CPE Centralized Deployment Model Example_Enterprise-primarylink-1 ], "interface_name": "ge-1/1/3.130", "parent_type": "site", "route_instance": "pvt_routing_instance" } } b. Create the link. curl -H "x-auth-token: $OS_TOKEN" -X POST -H "Content-Type: application/json" Related Documentation Creating Security Rules for New Customers on page 57 Setting Up the NFV Infrastructure for the Cloud CPE Centralized Deployment Model on page 49 Delivering New Network Services to Customers on page 55 Delivering New Network Services to Customers When you first set up a customer, you need to deliver the network services that they ordered. Subsequently, you need to deliver service updates, service upgrades, and new services to customers. Use this procedure for these tasks. To deliver network services to customers: 1. Log in through the Identity and Access Manager API. a. Get the authentication information. curl -X GET -H Authorization:Basic admin-user xyz b. Assign the result to the OS_TOKEN variable. 2. Import the network service package from the Contrail Service Orchestrator API to the Cloud CPE Tenant, Site and Service Manager API. a. Using the Cloud CPE Tenant, Site and Service Manager API, get a list of network service packages. curl -X GET -H "X-Auth-Token: $OS_TOKEN" b. Assign the result to the NSD_ID_LIST variable. c. Define the network service name in a JSON file. import-sprofile.json {"nsdid": <NSD_ID> } d. For each network service in the list, import the service profile into the Cloud CPE Tenant, Site and Service Manager API. 55

56 Deployment Guide curl -i -X POST -H "X-Auth-Token: $OS_TOKEN" -H "Content-Type: application/json" e. Assign the result to the CSAS_NSD_ID variable. 3. Publish the service profile to a customer. a. Using the Cloud CPE Tenant, Site and Service Manager API, get a list of NFV service profiles. curl -H "x-auth-token: $OS_TOKEN" -X GET b. Assign the result to the SERVICE_PROFILE_LIST variable. c. Using the Cloud CPE Tenant, Site and Service Manager API, get a list of customers. curl -H "x-auth-token: $OS_TOKEN" d. Assign the result to the CUSTOMER_LIST variable. e. Define customer-specific service profiles in a JSON file. update_customer_nsprofile.json { "customer": { "nfv_service_profile": [{ uuid : <SERVICE_PROFILE_LIST_ID_1> },{ uuid : <SERVICE_PROFILE_LIST_ID_2> }, ] }, } f. Publish the service profile to the customer. curl -H "x-auth-token: $OS_TOKEN" -X PUT -H "Content-Type: application/json" g. Define global service profiles, which are packages of services you offer to multiple customers, in a JSON file. update_global_nfv_service_profile.json { global-nfv-service-profile : { "nfv_service_profile": [{ uuid : <SERVICE_PROFILE_LIST_ID_1> },{ uuid : <SERVICE_PROFILE_LIST_ID_2> }, ] }, } h. Publish global service profiles to the customer. curl -H "x-auth-token: $OS_TOKEN" -X PUT -H "Content-Type: application/json" 4. Get all network services imported from the Network Service Orchestrator API into the Cloud CPE Tenant, Site and Service Manager API. 56

57 Chapter 3: Setting Up and Managing the Cloud CPE Centralized Deployment Model curl -H "x-auth-token: $OS_TOKEN" -X GET 5. Get all network services delivered to a customer. curl -H "x-auth-token: $OS_TOKEN" -X GET Related Documentation Setting Up the NFV Infrastructure for the Cloud CPE Centralized Deployment Model on page 49 Adding Customers to the Cloud CPE Centralized Deployment Model on page 52 Creating Security Rules for New Customers After you create new tenants (which represent customers), you must add a security group to all ingress traffic. You perform this task through the APIs or by running the allow_all_ingress.py script on the installer VM. With the script, you can you create up to three rules for the default security group that allow all ingress traffic for the tenant. To create the rules for the default security group: 1. Log in to the installer VM as root. The current directory is the home directory. 2. Run the allow_all_ingress.py script: root@host:~/#python allow_all_ingress.py [-h] [--config-dir DIR] [--config-file PATH] [--log-level LOG_LEVEL] [--os-auth-url OS_AUTH_URL] [--os-password OS_PASSWORD][--os-regionOS_REGION][--os-tenant-nameOS_TENANT_NAME] [--os-username OS_USERNAME] [--version] See Table 13 on page 58 for information about the options for the script. For example: root@host:~/# root@esstnfvi:~# python allow_all_ingress.py --os-username testadmin --os-password testadmin --os-tenant-name test --os-auth-url Creating {'direction': 'ingress', 'protocol': 'icmp', 'ethertype': 'IPv4', 'port_range_max': 255, 'security_group_id': u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 0, 'remote_ip_prefix': ' /0'} INFO: main :Creating {'direction': 'ingress', 'protocol': 'icmp', 'ethertype': 'IPv4', 'port_range_max': 255, 'security_group_id': u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 0, 'remote_ip_prefix': ' /0'} Creating {'direction': 'ingress', 'protocol': 'tcp', 'ethertype': 'IPv4', 'port_range_max': 65535, 'security_group_id': u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 1, 'remote_ip_prefix': ' /0'} INFO: main :Creating {'direction': 'ingress', 'protocol': 'tcp', 'ethertype': 'IPv4', 'port_range_max': 65535, 'security_group_id': 57

58 Deployment Guide u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 1, 'remote_ip_prefix': ' /0'} Creating {'direction': 'ingress', 'protocol': 'udp', 'ethertype': 'IPv4', 'port_range_max': 65535, 'security_group_id': u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 1, 'remote_ip_prefix': ' /0'} INFO: main :Creating {'direction': 'ingress', 'protocol': 'udp', 'ethertype': 'IPv4', 'port_range_max': 65535, 'security_group_id': u'77e019cf-289b-4db2-b090-66fe981a23bf', 'tenant_id': u'b72ec59df9cf484292cfa3d0b0d316c0', 'port_range_min': 1, 'remote_ip_prefix': ' /0'} Table 13: Options for Python allow_all_ingress.py File Argument Meaning -h, --help Show online help and exit. --config-dir DIR Path to a directory that contains the configuration (*.conf ) files. --config-file PATH Path to a configuration file. You can use this option multiple times to specify multiple configuration files. If the script finds duplicate settings among the files, it uses the most recent values for the settings. --log-level LOG_LEVEL Log level. --os-auth-url OS_AUTH_URL OpenStack keystone management endpoint. --os-password OS_PASSWORD Password for OpenStack Administrator. --os-region OS_REGION OpenStack region to manage. --os-tenant-name OS_TENANT_NAM OpenStack tenant for the security group. --os-username OS_USERNAME OpenStack administrator for the tenant. --version Show program's version number and exit. Related Documentation Adding Customers to the Cloud CPE Centralized Deployment Model on page 52 58

59 CHAPTER 4 Using the Cloud CPE Centralized Deployment Model Working with Network Services in the Centralized Deployment Model on page 59 Customer Access to Network Services on page 59 Working with Network Services in the Centralized Deployment Model You use Network Service Designer or the Contrail Service Orchestrator APIs to: Create requests for new network service designs. Design service chains for network services. Configure network services. Publish network services to the network service catalog. For detailed information about using Network Service Designer, see the Contrail Service Orchestration Feature Guide. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 Customer Access to Network Services After you have set up the network for a customer, a customer can access the network either through the Customer Portal application or a portal that you design that interfaces with the Cloud CPE Tenant, Site and Service Manager and Identity and Access and Identity Manager APIs. With Customer Portal, customers can: Activate and deactivate sites in the network. Add a site-specific network service between a site and the VPN. Add a customer-specific network service between the VPN and the Internet. Configure network services. 59

60 Deployment Guide Disable and remove network services on a connection. Replace a network service on a connection with another network service. For detailed information about using Customer Portal, see the Contrail Service Orchestration Feature Guide. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 60

61 CHAPTER 5 Troubleshooting the Cloud CPE Centralized Deployment Model Monitoring and Troubleshooting Overview on page 61 Monitoring and Troubleshooting Overview Service and Infrastructure Monitor provides a continuous and comprehensive monitoring of the Cloud CPE Centralized Deployment Model. The application provides both a visual display of the state of the deployment and the ability to view detailed event messages. Service and Infrastructure Monitor tracks the status of: Network services Virtualized network functions Microservices (all the software components of the Cloud CPE Centralized Deployment Model) Virtual machines Physical servers For detailed information about using Service and Infrastructure Monitor, see the Contrail Service Orchestration Feature Guide. Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 61

62 Deployment Guide 62

63 CHAPTER 6 Appendix Terminology Glossary of Terms for Cloud CPE Centralized Deployment Model on page 63 Glossary of Terms for Cloud CPE Centralized Deployment Model Table 14 on page 63 explains glossary terms that are new for the Cloud CPE Centralized Deployment Model. Table 14: Glossary for Cloud CPE Centralized Deployment Model Acronym Term Meaning HOT Heat Orchestration Template YAML file that provides that provides the infrastructure for a cloud application. IPMI Intelligent Platform Management Interface Standard interface through which you can manage industry-standard servers over a network, rather than though their individual CPUs, OS, and firmware. IPMI enables consistent management of multiple servers from different vendors, and leads to efficiencies in IT operations, potentially through automation. Microservices architecture Distributed, non-hierarchical framework for a software application in which multiple software modules microservices interact to perform the functions of the application. Each microservice operates independently to implement a set of focused, related functions. The modular approach enables developers to make targeted updates to the software and facilitates a continuous software delivery model. NFV MANO NFV management and orchestration Optimization of network performance through automated coordination of compute, storage and networking resources, using data models based on network services. NFV MANO is performed by the NFVO, VIM, and VNFM. Also a working group in the European Telecommunications Standards Institute (ETSI). See also NFVO, VIM, VNFM. NFVO NFV orchestration Coordination of NFVI resources across one or more POPs through creation of network services using one or more VNFs. See also NFVO, VIM, VNFM. network function In NFV, a component that has well-defined interfaces and provides a specific networking capability in a well-defined way. A network function may be implemented by a physical networking device or a virtual application. See also PNF, VNF. NFVI network functions virtualization infrastructure In NFV, all hardware and software components used to create the environment in which VNFs can be implemented. See also VNF. 63

64 Deployment Guide Table 14: Glossary for Cloud CPE Centralized Deployment Model (continued) Acronym Term Meaning PNF physical network functions In NFV, a network function that is provided by a physical networking device, such as a router or switch. See also network function, VNF. service chain, service chaining Use of multiple network services on a connection between two locations in a virtual network. For example, a server can connect to the Internet through firewall and NAT services. In a dynamic service chain, additional network services can be added to an active chain. Service chaining is analogous to a series of network devices such as one security device that is a firewall and another device that performs NAT between two locations in a physical network. VIM virtualized infrastructure manager In NFV, the software component that manages the compute, storage, and network resources. VNF virtualized network function In NFV, a network function that is provided by a virtual application. See also network function, PNF. VNF instance Active implementation of a VNF that the VNF manager has created, made operational, and is controlling through MANO. VNFM VNF manager In NFV, the software component that manages the lifecycle of VNF instances. See also VNF, VNF instance. You can view a comprehensive list of networking acronyms and terms in the Juniper Networks Glossary at Related Documentation Cloud CPE Centralized Deployment Model Overview on page 16 Architecture of the Cloud CPE Centralized Deployment Model on page 20 64