Contrail Service Orchestration Feature Guide · Contrail Service Orchestration Feature Guide Author: Juniper Networks Created Date: 20160201171533Z

Contrail Service Orchestration

Feature Guide

Release

1.0.1

Modified: 2016-02-01

Copyright © 2016, Juniper Networks, Inc.

Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net

Copyright © 2016, Juniper Networks, Inc. All rights reserved.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.

Contrail Service Orchestration Feature Guide1.0.1Copyright © 2016, Juniper Networks, Inc.All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.

ENDUSER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.

Copyright © 2016, Juniper Networks, Inc.ii

http://www.juniper.net/support/eula.html

Table of Contents

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Chapter 1 Overview of Contrail Service Orchestration . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Contrail Service Orchestration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Contrail Service Orchestration Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Chapter 2 Customer Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Customer Portal Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Getting Started with Customer Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Activating Sites in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Managing Network Services and Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 3 Network Service Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Network Service Designer Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Accessing Network Service Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Getting Started with Network Service Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Network Services and Service Chains Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Creating Requests for Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Designing Service Chains for Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Defining Ingress and Egress Points for a Service Chain . . . . . . . . . . . . . . . . . . . . . 30

Connecting VNFs in a Service Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

VNF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Viewing Information About VNFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Performance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Meeting Performance Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuring Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Configuring Network Services That Use LxCIPtable VNFs . . . . . . . . . . . . . . . . . . . 35

Configuring Network Services That Use vSRX VNFs . . . . . . . . . . . . . . . . . . . . . . . . 37

Managing Requests for Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Managing Service Chain Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Chapter 4 Service and Infrastructure Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Service and Infrastructure Monitor Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Accessing the Service and Infrastructure Monitor GUI . . . . . . . . . . . . . . . . . . . . . . 46

Monitoring Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Monitoring VNFs Used in Network Services and the VMs that Host the VNFs . . . 47

iiiCopyright © 2016, Juniper Networks, Inc.

Monitoring Microservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Monitoring Microservices and Their Host VMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Monitoring Physical Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Copyright © 2016, Juniper Networks, Inc.iv

Feature Guide

List of Figures


Figure 1: Service Chain with One VNF Instance That Provides All Functions . . . . . 26

Figure2:ServiceChainwithEitherMultiple Instancesof theSameVNForMultiple

VNFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

vCopyright © 2016, Juniper Networks, Inc.

Copyright © 2016, Juniper Networks, Inc.vi

Feature Guide

List of Tables

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Chapter 1 Overview of Contrail Service Orchestration . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Table 3: Cloud CPE Centralized Deployment Model Licenses . . . . . . . . . . . . . . . . 16


Table 4: LxCIPtable VNF Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Table 5: vSRX Base Configure Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 6: vSRX Firewall Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Table 7: vSRX Destination NAT Predefined Policy Settings . . . . . . . . . . . . . . . . . . 40

Table 8: vSRX UTM Predefined Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 4 Service and Infrastructure Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Table 9: Parameters for Monitoring Network Services . . . . . . . . . . . . . . . . . . . . . . 47

Table 10: Parameters for Monitoring VNFs and Their Host VMs . . . . . . . . . . . . . . 48

Table 11: Parameters for Monitoring Microservices . . . . . . . . . . . . . . . . . . . . . . . . . 49

Table 12: Parameters for Monitoring VNFs and Their Host VMs . . . . . . . . . . . . . . . 51

Table 13: Parameters for Monitoring Physical Servers . . . . . . . . . . . . . . . . . . . . . . 52

viiCopyright © 2016, Juniper Networks, Inc.

Copyright © 2016, Juniper Networks, Inc.viii

Feature Guide

About the Documentation

• Documentation and Release Notes on page ix

• Documentation Conventions on page ix

• Documentation Feedback on page xi

• Requesting Technical Support on page xii

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation,

see the product documentation page on the Juniper Networks website at

http://www.juniper.net/techpubs/.

If the information in the latest release notes differs from the information in the

documentation, follow the product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject

matter experts. These books go beyond the technical documentation to explore the

nuances of network architecture, deployment, and administration. The current list can

be viewed at http://www.juniper.net/books.

Documentation Conventions

Table 1 on page x defines notice icons used in this guide.

ixCopyright © 2016, Juniper Networks, Inc.

http://www.juniper.net/techpubs/

http://www.juniper.net/books

Table 1: Notice Icons

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page x defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

To enter configuration mode, type theconfigure command:

user@host> configure

Represents text that you type.Bold text like this

user@host> show chassis alarms

No alarms currently active

Represents output that appears on theterminal screen.

Fixed-width text like this

• A policy term is a named structurethat defines match conditions andactions.

• Junos OS CLI User Guide

• RFC 1997,BGPCommunities Attribute

• Introduces or emphasizes importantnew terms.

• Identifies guide names.

• Identifies RFC and Internet draft titles.

Italic text like this

Configure themachine’s domain name:

[edit]root@# set system domain-namedomain-name

Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.

Italic text like this

Copyright © 2016, Juniper Networks, Inc.x

Feature Guide

Table 2: Text and Syntax Conventions (continued)

ExamplesDescriptionConvention

• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.

• Theconsoleport is labeledCONSOLE.

Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.

Text like this

stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)

broadcast | multicast

(string1 | string2 | string3)

Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.

| (pipe symbol)

rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.

# (pound sign)

community namemembers [community-ids ]

Encloses a variable for which you cansubstitute one or more values.

[ ] (square brackets)

[edit]routing-options {static {route default {nexthop address;retain;

}}

}

Identifies a level in the configurationhierarchy.

Indention and braces ( { } )

Identifies a leaf statement at aconfiguration hierarchy level.

; (semicolon)

GUI Conventions

• In the Logical Interfaces box, selectAll Interfaces.

• To cancel the configuration, clickCancel.

Representsgraphicaluser interface(GUI)items you click or select.

Bold text like this

In the configuration editor hierarchy,select Protocols>Ospf.

Separates levels in a hierarchy of menuselections.

> (bold right angle bracket)

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can

improve the documentation. You can provide feedback by using either of the following

methods:

• Online feedback rating system—On any page at the Juniper Networks Technical

Documentation site at http://www.juniper.net/techpubs/index.html, simply click the

stars to rate the content, anduse thepop-up form toprovideuswith informationabout

your experience. Alternately, you can use the online feedback form at

http://www.juniper.net/techpubs/feedback/.

xiCopyright © 2016, Juniper Networks, Inc.


http://www.juniper.net/techpubs/index.html

http://www.juniper.net/techpubs/feedback/

• E-mail—Sendyourcommentsto [email protected]. Includethedocument

or topic name, URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the JuniperNetworksTechnicalAssistance

Center (JTAC). If you are a customer with an active J-Care or Partner Support Service

support contract, or are covered under warranty, and need post-sales technical support,

you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,

7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) that provides youwith the

following features:

• Find CSC offerings: http://www.juniper.net/customers/support/

• Search for known bugs: http://www2.juniper.net/kb/

• Find product documentation: http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

http://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement

(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Casewith JTAC

You can open a case with JTAC on theWeb or by telephone.

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

Copyright © 2016, Juniper Networks, Inc.xii

Feature Guide

mailto:[email protected]?subject=

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf

http://www.juniper.net/support/warranty/

http://www.juniper.net/customers/support/

http://www2.juniper.net/kb/

http://www.juniper.net/techpubs/

http://kb.juniper.net/

http://www.juniper.net/customers/csc/software/

http://kb.juniper.net/InfoCenter/

http://www.juniper.net/company/communities/

http://www.juniper.net/cm/

https://tools.juniper.net/SerialNumberEntitlementSearch/

http://www.juniper.net/cm/

For international or direct-dial options in countries without toll-free numbers, see

http://www.juniper.net/support/requesting-support.html.

xiiiCopyright © 2016, Juniper Networks, Inc.


http://www.juniper.net/support/requesting-support.html

Copyright © 2016, Juniper Networks, Inc.xiv

Feature Guide

CHAPTER 1

OverviewofContrail ServiceOrchestration

• Contrail Service Orchestration Overview on page 15

• Contrail Service Orchestration Licensing on page 16

Contrail Service Orchestration Overview

Contrail Service Orchestration is a suite of products for designing and deploying network

services in the Cloud CPE Centralized DeploymentModel. Contrail Service Orchestration

provides a RESTful API to connect with service providers’ operational support systems

(OSS) and business support systems (BSS) applications and is responsible for many

management and network orchestration (MANO) activities in the deployment. Contrail

Service Orchestration consists of the following components:

• Administration CLI, which is a tool that you use to manage customers.

• Cloud CPE Tenant Site and Service Manager and its auxiliary component, Identity and

AccessManager,whichmanagecustomersandmapeachcustomer’snetworkservices

to theappropriategateway resources, suchas theLayer 2access interfacesand routing

instances. These applications provide a northbound RESTful API to which you can

connect OSS/BSS systems.

• Customer Portal, which is an application that you can provide to customers to enable

them tomanage sites and services for their organizations through a graphical user

interface (GUI). Customer Portal uses the RESTful APIs.

• Network Service Designer, which enables design, creation, management, and

configuration of network services through a GUI. Network services are stored in the

network service catalog.

• Network Service Orchestrator, which is responsible for ETSI-compliant management

of the life cycle of network service instances. This application includes RESTful APIs

that you can use to create andmanage network service catalogs.

• Service and InfrastructureMonitor, whichworks with Icinga, an open source enterprise

monitoringsystemtoprovidedataabout theCloudCPECentralizedDeploymentModel,

such as the status of virtualized network functions (VNFs), virtual machines (VMs),

and physical servers; information about physical servers’ resources; components of a

15Copyright © 2016, Juniper Networks, Inc.

network service (VNFs and VMs hosting a VNF); counters and other information for

VNFs; and software components running in Contrail Cloud Platform.

• VNFManager, which creates VNF instances andmanages their life cycles.

This feature guide provides information about using the Contrail Service Orchestration

components with GUIs. For information about installing Contrail Service Orchestration

components, see the Cloud CPE Centralized Deployment Model Deployment Guide. For

information about the REST APIs, see the Contrail Service Orchestration API Reference

documentation.

RelatedDocumentation

Contrail Service Orchestration Licensing on page 16•

• Customer Portal Overview on page 17

• Network Service Designer Overview on page 23

• Service and Infrastructure Monitor Overview on page 45

Contrail Service Orchestration Licensing

Youmust have licenses to download and use Contrail Service Orchestration. When you

order licenses, you receive the information you need to download and use the product.

If youdidnotorder the licenses, contact your account teamor JuniperNetworksCustomer

Care for assistance.

Contrail ServiceOrchestration licensing is based onVNF capacity, which also determines

the number of separate Contrail CloudPlatformand Junos SpaceNetworkManagement

Platform licenses required. SeeTable3onpage 16.Contrail ServiceOrchestration licenses

are also included with Cloud CPE Centralized Deployment Model licenses.

Table 3: Cloud CPE Centralized Deployment Model Licenses

Number of Junos Space NetworkManagement Platform Licenses Required

Number of Contrail Cloud PlatformLicenses RequiredNumber of VNFs Supported

21500

212000

8510,000

181325,000

342550,000


• Contrail Service Orchestration Overview on page 15

Copyright © 2016, Juniper Networks, Inc.16

Feature Guide

CHAPTER 2

Customer Portal


• Getting Started with Customer Portal on page 17

• Activating Sites in the Network on page 18

• Managing Network Services and Sites on page 20

Customer Portal Overview

Customer Portal provides a visual topology of a customer’s sites and services in the

network, and enables customers to manage sites and network services in their network.

Service providers set up the network topology and service catalog for the customer, and

provide login credentials for Customer Portal.

Each site in the network connects to the Layer 3 virtual private network (VPN) and the

VPN connects directly to the Internet. Each connection in the topology can support one

network service, although use of a network service on any link is optional.

With Customer Portal, you can:

• Activate and deactivate sites in the network.

• Add a site-specific network service between a site and the VPN.

• Add a customer-specific network service between the VPN and the Internet.

• Configure network services.

• Disable and remove network services on a connection.

• Replace a network service on a connection with another network service.


Getting Started with Customer Portal on page 17•


Getting Started with Customer Portal

When you log in to Customer Portal for the first time, the startup wizard is displayed.


• To prevent the wizard from appearing next time you log in, select the DoNot Show

Start UpWizard Next Time check box.

When you log in again, you see the topology of sites and services in the network.

• To exit the wizard and view the topology of sites and services, click EXIT.

• To activate sites in the network, click NEXT.


Customer Portal Overview on page 17•

• Activating Sites in the Network on page 18


Activating Sites in the Network

Service providers add sites to customers’ networks and assign network services to

customers. Customers can then activate the sites and deploy services between sites and

the VPN.

To activate sites in the network:

1. Access the startup wizard.

• When you log in to Customer Portal for the first time, the wizard appears

automatically.

You can then configure the Customer Portal to display either the wizard or the

Monitor page for future log ins.

• From the Monitor page, click Add Sites in the bottom left of the page.

2. Click NEXT.

The wizard displays the sites that you can activate.

3. For each site that you want to activate, click the check box in the top right of the site

box.

4. Click NEXT.

The wizard displays the sites in the left navigation bar.

5. If you do not want to add services to the individual sites, proceed to Step 14.

6. In the left navigation bar, click one site.

The wizard displays the possible topologies for connecting the sites to the VPN.

7. Select the check box in the top right of the All-site Specific topology.

If a topology is not supported, you cannot select it.

8. Click NEXT.

The wizard displays a page of network services that you can add to sites.

9. Select the check box in the top right of the network service that you want to add.


Feature Guide

The Configuration dialog box appears.

CAUTION: If you click Cancel, and the network service is not fullyconfigured, Customer Portal activates the sites, but does not add thenetwork service to the connections.

10. On the Base Configure tab, specify your preferred settings.

The settings that you can configure depend on the network service, and override

configurations that the service provider specified.

11. On the Service Configure tab, specify at least one setting for each option.

12. Click Apply.

The Copy Configuration dialog box appears.

13. Decide whether you want to use the same service and configuration for other sites,

or use a different service and configuration for those sites:

• If you want to use the same service and configuration for other sites:

a. Click Yes in the Copy Configuration dialog box.

The Select CPEs to Match Configuration dialog box appears.

b. Select thecheckbox in the top right of eachsite that youwant touse thenetwork

service.

c. Click Configure.

The wizard displays the Configure Site page, and amessage indicating failure or

success of the service configuration at each site appears briefly in the bottom

right of the page.

• If you want to use a different service or configuration for other sites:

a. Click No in the Copy Configuration dialog box.

b. Repeat Step 5 through Step 13.

When you have finished, the wizard displays the page of available services.

14. Click DoneWith Step 2.

The wizard displays the site summary and the service summary for the new sites.

15. Review the details in the summaries andmake any corrections, using the PREVIOUS

and NEXT options to navigate through the pages.

16. Click DONE.

The sites are activated and the network services are started. The wizard displays the

topology of sites and services for the enterprise. Blue service icons on the connections

indicate that a service is active, and gray icons indicate that a service is disabled. It

may take a short time for a new service to become active.


Chapter 2: Customer Portal


Customer Portal Overview on page 17•

• Getting Started with Customer Portal on page 17


Managing Network Services and Sites

You activate network services to connections between sites and the VPNwhen you

activate a site in the network.When you view the network topology on theMonitor page,

you canmanage existing sites and services and activate additional services.

• To add a service on a connection:

1. In the bar below the topology graphic, click the network service that you want to

use.

The cursor changes to display the service icon.

2. Click the connection on which you want to use the network service.


3. (Optional) Configure settings for the service.

The settings that you can configure depend on the network service.

• If you want to use the default settings, click Cancel.

• If you want to use the settings that you configured, click Apply.

A gray icon for the service appears on the connection.

4. Click the service icon on the connection.

5. Click Power on themiddle left vertex of the hexagon.

The new service starts on the connection, and is displayed as a blue icon on the

connection when it becomes active.

• To replace a service on a connection:

1. In the bar below the topology graphic, click the network service that you want to

use.

The cursor changes to display the service icon.

2. Click the connection on which you want to use the network service.


3. (Optional) Configure settings for the service.

The settings that you can configure depend on the network service.

4. Click Cancel to use the default settings or Update to use the settings that you

configured.


Feature Guide

The new service starts on the connection, and is displayed as a blue icon on the

connection when it becomes active.

• To configure a service:


2. Click Configure Service on the bottom left vertex of the hexagon.

The Configure dialog box appears.

3. Specify settings for the network service.

The settings that youcanconfiguredependon thenetwork service, andwill override

configurations that the service provider specified.

• If you want to use the default settings, click Cancel.

• If you want to use the to use the settings that you configured, click Apply.

4. Click Apply.

• To disable a service for a site:


2. Click Disable Service on the top right vertex of the hexagon.

The color of the service icon changes from blue to gray.

• To remove a service from a site:

1. Disable the service.


3. Click Remove Service on the top left vertex of the hexagon.

The service icon disappears.

• To deactivate a site in the network:

1. Hover over the site in the left navigation pane.

A blue close button appears at the end of the site.

2. Click the blue close button for the site.

The site is deactivated.




Chapter 2: Customer Portal


Feature Guide

CHAPTER 3

Network Service Designer

• Network Service Designer Overview on page 23

• Accessing Network Service Designer on page 24

• Getting Started with Network Service Designer on page 24

• Network Services and Service Chains Overview on page 25

• Creating Requests for Network Services on page 26

• Designing Service Chains for Network Services on page 28

• Defining Ingress and Egress Points for a Service Chain on page 30

• Connecting VNFs in a Service Chain on page 31

• VNF Overview on page 31

• Viewing Information About VNFs on page 32

• Performance Overview on page 32

• Meeting Performance Goals on page 33

• Configuring Network Services on page 34

• Configuring Network Services That Use LxCIPtable VNFs on page 35

• Configuring Network Services That Use vSRX VNFs on page 37

• Managing Requests for Network Services on page 41

• Managing Service Chain Designs on page 42

Network Service Designer Overview

Network Service Designer is a visual design tool that you use to create andmanage

network services for Juniper Networks Cloud CPE Centralized Deployment Model. With

Network Service Designer you can:

• Create requests for new network services.

• Design customized network services for your customers.

• Design new standard network services that you can offer to all your customers.

• Update existing network services.

• Publish services to the network service catalog.


• Manage network services that you are designing or have published to the network

catalog.

• Configure somebasicparameters for theVNFsused inanetwork serviceand thevirtual

containers in which the VNFs reside.


Network Services and Service Chains Overview on page 25•

• Getting Started with Network Service Designer on page 24

Accessing Network Service Designer

To start Network Service Designer:

1. Review the username and password that you defined for Contrail OpenStack.

You can view these settings on the Contrail Configure and Control Node in the files

/etc/contrail/keystonerc and /etc/contrail/openstackrc.

2. Using a web browser, access the URL for Network Services Designer.

For example, if the IP address of the VM on which Network Service director resides is

192.0.2.1, the URL is http://192.0.2.1/nsd-ui/index.html.

3. Log in with the username and password that you specified for Contrail.


Network Service Designer Overview on page 23•

Getting Started with Network Service Designer

When you log in to Network Service Designer, the Requests page displays open requests

for new network services. Use this page to start designs for those open requests and to

create new requests for network services.

Before You Begin

• Learn about network services and service chains. See “Network Services and Service

Chains Overview” on page 25.

Creating a Network Service

You create a network service as follows:

1. Create a request for a network service.

2. Design a service chain—a structure that details specific VNFs, a performance

specification, and defined ingress and egress points for the network service.

3. Publish the final design—the network service—to the network service catalog.




Feature Guide

http://192.0.2.1/nsd-ui/index.html

• Creating Requests for Network Services on page 26


• Managing Requests for Network Services on page 41

• Managing Service Chain Designs on page 42

Network Services and Service Chains Overview

The terms network service and service chain are sometimes used interchangeably, but

they are not the same; you need to understand the difference between them:

• A network service is a final product offered to end users with a full description of its

functionality and specified performance.

Administrators deploy network services between two locations in a virtual network,

so that traffic traveling in a specific direction on that link is subject to action from that

service. This term is defined in the ETSI Network Functions Virtualization (NFV)

standard.

• A service chain refers to the structure of a network service, and consists of a set of

linked network functions, which are provided by specific virtualized network functions

(VNFs), with a defined direction for traffic flow and defined ingress and egress points.

Although not defined in the ETSI NFV standard, this term is regularly used in NFV and

software- defined networking (SDN).

In Network Service Designer, you can create a service chain using:

• One VNF instance that provides one or more functions (Figure 1).

Using one VNF instance instead of multiple instances increases performance.

• Multiple instances of the same VNF, each providing certain functions (Figure 2).

Usingmultiple instancesof the sameVNF lowersperformance, suchaswhen youwant

to create differentiated services.

• Instances of different VNFs, each providing certain functions (Figure 2).

Youmight need to use different VNFs if one VNF cannot fulfill all network functions or

if a particular VNF offers an advantage for a network function.


Chapter 3: Network Service Designer

Figure 1:ServiceChainwithOneVNFInstanceThatProvidesAllFunctions

Service Chain with Either Multiple Instances of the Same VNF or Multiple VNFs

Figure 2: Service Chain with Either Multiple Instances of the Same VNFor Multiple VNFs


Performance Overview on page 32•



Creating Requests for Network Services

When you create a request for a network service, you define the requirements for the

service, including the required network functions and the performance.

Before You Begin

• Determinewhich functions to include in the network service and the order inwhich you

want the functions to be applied.

• Understand performance specifications for network services. See “Performance

Overview” on page 32.

To create a request for a network service:

1. Click HOME in the toolbar and Requests in the left navigation bar.

2. Click NEWREQUEST at the bottom right of the page.


Feature Guide

A page in which you specify information about the request appears.

3. In the Name field, specify the name for the request.

TheName field accepts up to 60 characters, including letters, numbers, and symbols.

4. (Optional) If the request is urgent, select the Priority Request check box.

5. (Optional) In the Customer Name (Optional) field, specify a customer.

The Customer Name field accepts up to 60 characters, including letters, numbers,

and symbols.

6. In the Description field, specify a description for the service.

The Description field accepts up to 500 characters, including letters, numbers, and

symbols.

7. (Optional) In the Requirements field, specify the requirements for the request.

The Description field accepts up to 1000 characters, including letters, numbers, and

symbols.

8. (Optional) Click Select Files, navigate to a file you want to attach, and clickOpen.

The file is downloaded to the Attachments (Optional) field.

9. Click NEXT.

The Build page appears, displaying the Goals pane, the Functional Service Design

area, and the Function Palette.

10. Drag and drop the network functions in the required order from the Function Palette

to the Functional Service Design area.

• NetworkServiceDesigner automatically connects thenetwork functions in theorder

that you place them in the design area.

• You can insert a function between two functions already on the design pane.

• If youmake an error, you can right-click a component in the design area and delete

the component.

11. (Optional) In the Goals pane, click Add Goal.

The New Goal window appears.

BEST PRACTICE: Adding one ormore goals to the request enables you totrack performance of those parameters when you design a service chainfor the request. Although adding goals is not mandatory, we recommendthat you do so.

12. From the Typemenu, select a goal for the network service.

You can add goals in any order.

13. In the Goal Value field, specify the target value for this goal.



14. (Optional) In the Acceptable Value field, specify the value that you can accept if the

target value is not available.

15. (Optional) In the Must Value field, specify the minimum value for this goal.

16. In the Unit field (for the Bandwidth and Latency types only), select the units for the

goal.

17. Click SAVE.

18. (Optional) Repeat Step 12 through Step 17 to add the other goals.

19. Click NEXT.

A page appears that displays the details you entered for the request.

20.Review the details andmake corrections if necessary, using the PREVIOUS andNEXT

options to navigate through the pages.

21. When you are satisfied with the information, click CREATE.

The request for the network service design appears on the Requests page.





Designing Service Chains for Network Services

When you save a request it appears on the Requests page. You can then design a service

chain to fulfill the request, using VNFs in the Vendor catalog to provide the requested

network functions.

Before You Begin

• Understand the structure of a network service. See “Network Services and Service

Chains Overview” on page 25.

• Review the VNFs in the Vendor catalog to determinewhich VNFs to use in your design.

See “Viewing Information About VNFs” on page 32.

• Learn how to add ingress and egress points to a service chain. See “Defining Ingress

and Egress Points for a Service Chain” on page 30.

• LearnhowtoconnectVNFs inaservicechain.See “ConnectingVNFs inaServiceChain”

on page 31.

• Learn how to track the performance of your design against the requested performance

goals. See “Meeting Performance Goals” on page 33.

• Learnhowtoconfigurenetworkservices.See “ConfiguringNetworkServices”onpage34.

Designing a Service Chain for a Network Service


Feature Guide

To design a service chain:

1. Click HOME in the toolbar and Requests in the left navigation bar.

The Requests page appears, displaying requests created when you published service

chain designs.

2. Hover over the request.

A menu appears in the bottom right of the request.

3. Click BEGIN.

If the help overlay is visible, click Close Help.

You can also select I knowmywayaround. Don’t show this again., and click Close Help.

The Network Service Design page displays the requested network functions and the

goals.

4. Click the first function in the chain.

The Vendor catalog at the bottom right of the page updates to show only the VNFs

that provide this function.

5. Drag and drop a VNF from the catalog to the Network Service Design workspace.

The function appears inside the VNF image.

6. Add an ingress point to the first VNF in the chain.

The performance Goals pane updates to indicate how the network service design

meets the customer goals.

7. Click the next function in the chain.

The Vendor catalog at the bottom right of the page updates to show only the VNFs

that provide this function, and, If a VNF in the Network Service Design workspace

supports this function, a faded image of the function appears inside the VNF image.

8. Choose a VNF for this function:

• To implement this function with the same VNF, click the faded image in the VNF

image.

• To implement this function with a different VNF, drag the VNF from the Vendor

catalog to the Network Service Design workspace.

9. Repeat Step 7 and Step 8 until you have assigned a VNF to each required network

function. If youmake an error, you can right-click a component in the design area and

delete the component.

10. If you usedmultiple VNFs in your design, connect them in the direction of packet flow.

11. Add an egress point to the last VNF in the chain.

The performance Goals pane again updates to indicate how the network service

design meets the customer goals.

12. Click Save NSD in the top right of the page to save the design.



13. (Optional) Configure the Network Service.

14. Click Publish NSD in the top right of the page to add the service to the catalog.

The Publish NSD dialog box appears.

a. Specify an official name (that customers see) for this network service.

The field accepts up to 60 characters, including letters, numbers, and symbols.

b. Specify a description of the service for customers to read.


c. Select the type of service from themenu.

d. Click Publish.





• Connecting VNFs in a Service Chain on page 31


Defining Ingress and Egress Points for a Service Chain

To define the ingress point and the egress point for a service chain you are designing:

1. Click Ingress.

The dots indicating potential ingress and egress points on VNFs enlarge.

2. Click the dot that represents the ingress point for the service chain.

An arrow indicating the direction of traffic flow with the label I appears.

3. Click Egress.

4. Click the dot that represents the egress point for the service chain.

An arrow indicating the direction of traffic flow with the label E appears.





Feature Guide

Connecting VNFs in a Service Chain

To connect VNFs in a service chain you are designing:

1. Click Connect, then click ELAN.

The dots that represent potential ingress and egress points on the VNFs enlarge.

2. Hover over the egress point of the first VNF until a green circle appears.

3. Click and hold the green circle, then drag the cursor to the green circle that appears

around the ingress point for the next VNF, and release the mouse button.

A one-way arrow indicating the flow of traffic in the service chain appears.

4. Repeat Step 1 through Step 3 until you have connected all VNFs in the service chain.




VNFOverview

Avirtualizednetwork function (VNF) is a software application used inNetwork Functions

Virtualization(NFV) thathaswelldefined interfaces, andprovidesoneormorecomponent

networking functions in a well defined way. For example, a security VNFmight provide

Network Address Translation (NAT) and Firewall component functions.

For the Cloud CPE Centralized Deployment Model, you design network services for

enterprise customers based on VNFs. Each VNF used in the network service is deployed

in itsownvirtualmachine(VM).VNFs inanetworkserviceorcomponentnetwork functions

in a VNF are connected by the underlying Contrail software.

Vendors specify the following required resources for a VNF:

• Number of virtual CPUs

• Virtual memory (MB)

• Virtual disk capacity (MB)

TheCloudCPECentralizedDeploymentModel supports a rangeof JuniperNetworks and

third-partyVNFs. Vendors canprovidemultiple versionsof aVNF that offer differentiated

performance. You can see available VNFs and their specifications and resource

requirements in the Vendor catalog of the Network Service Designer tool.


Performance Overview on page 32•





Viewing Information About VNFs

You can view performance specifications, required resources, and component network

functions for each VNF in the Vendor catalog. Reviewing this information can help you

to determine which VNF to use when you are designing a network service.

Before You Begin

• Learn about VNFs. See “VNF Overview” on page 31.

• Understand performance parameters. See “Performance Overview” on page 32.

Viewing Information for a Specific VNF

To view information for a specific VNF:

1. Click the network function in the Vendor catalog.

The information window for the network function appears, displaying the following

information on the Details tab:

• Agraphical representationof thecompletenetwork functionwith ingressandegress

points.

• A list of resources required for the network function.

2. Click Functions.

You see the category of the network function, such as security, and the component

functions, such as NAT and Firewall.

3. Click Service Chains to display:

• A list of the potential internal service chains (allowed combinations of component

functions) for this network function.

Lines without arrows connecting component functions in an internal service chain

indicate that the order of the functions does not matter.

• The performance specification for each internal service chain.

4. Close the VNF information window by clicking anywhere outside the window.


VNF Overview on page 31•


Performance Overview

The following parameters define the performance of a network service, a virtualized

network function (VNF), and the component functions of a VNF:

• Bandwidth (Mbps or Gbps)—Data rate for the function or service.

• Latency (ms or ns)—Time a packet takes to traverse the function or service.


Feature Guide

• Bandwidth (Mbps or Gbps)—Data rate for the function or service.

Vendors provide specified values for these parameters for a VNF and for each allowed

combinationof components in theVNF(internal servicechain).Youcanviewthespecified

values in the Vendor catalog.

Network Service Designer evaluates the aggregate performance of the design against

the goals in the request and displays the information in the Goals pane.


VNF Overview on page 31•

• Meeting Performance Goals on page 33



Meeting Performance Goals

Network Service Designer provides comprehensive information about performance of

VNFsand their componentnetwork function in theVNFcatalog.NetworkServiceDesigner

also tracks the aggregate performance of a network service that you are designing and

saves this information to the network service catalog.

Minimizing the number of VNFs and VNF instances in a service chain optimizes the

performance of a network service. For example, using one VNF instance for both NAT

and firewall functions provides higher performance than using either separate instances

of the same VNF or different VNFs to provide the functions.

You specify performance goals for the service when you create a request for a network

service. When you are designing a service chain, you evaluate the performance of your

design against the requested goals.

Before You Begin

• Understand the definition of performance for a network service. See “Performance

Overview” on page 32.

• Review the performance specification of VNFs in the Vendor catalog. See “Viewing

Information About VNFs” on page 32.

Monitoring Performance of a Network Service Design

Youmonitor the performance of a service that you are designing as follows:

1. Click the right arrow in the Goals pane to view the performance goals.

2. Add an ingress point to the first VNF in the service chain immediately after you assign

that VNF to the first network function.

3. Monitor the values in the Goals pane as you design your service chain.








Configuring Network Services

When you are designing a service chain or after you have designed a service chain, you

can configure settings for the VNFs in the chain:

• The virtual container in which the VNF resides.

• The network functions, such as NAT or firewall, that the VNF provides.

The settings that you can configure depend on the actual VNF. Manual configurations

areoptional andoverrideautomatic configurations specifiedby theCloudCPECentralized

DeploymentModeldeploymentscript, otherContrail ServiceOrchestrationcomponents,

or default LxCIPTable VNF settings.

Before You Begin

• Review the configuration instructions for the VNF that you want to configure.

Configuring VNFs in a Service Chain

To configure the network service:

1. View the service chain design on the BUILD page.

If the design is not currently visible on the BUILD page:

a. Click HOME in the toolbar and Designs in the left navigation bar.

The list of saved and published designs appears.

b. Click Edit from themenu at the end of the row for the network service you want to

configure.

The BUILD page appears, displaying the service chain design.

2. Click Function Configuration at the right of the BUILD page.

The Configuration dialog box appears, displaying the VNFs in the service chain and

the Base Configure tab for the first VNF in the Functional Service Design workspace.

3. Edit the settings on the Base Configure tab.

4. Click Service Configure.

The New Rule dialog box appears.

5. Edit the settings on the Service Configure tab.

6. Click Apply.


Feature Guide

7. Click the next VNF icon in the Configuration dialog box.

8. Repeat Step 3 through Step 6 .

When you have configured all the VNFs in the chain, the Configuration dialog box

closes.


Configuring Network Services That Use LxCIPtable VNFs on page 35•

• Configuring Network Services That Use vSRX VNFs on page 37

Configuring Network Services That Use LxCIPtable VNFs

For service chains that contain an LxCIPtable VNF, you canmanually configure some

parameters for the Linux container in which the VNF resides, some firewall settings, and

somedestinationNATsettings.Manualconfigurationsareoptionalandoverrideautomatic

configurations specified by the Cloud CPE Centralized Deployment Model deployment

script, other Contrail Service Orchestration components, or default LxCIPTable VNF

settings.

Before You Begin

• Understand the procedure for configuring Network Services and accessing the

Configuration dialog box. See “Configuring Network Services” on page 34.

• ReviewTable 4 onpage 36 for a list of the settings you can configure for the LxCIPtable

VNF.

Configuring LxCIPtable VNF Settings in a Service Chain

To configure LxCIPtable VNF settings:

1. In the Configuration dialog box, click an LxCIPtable VNF icon in the service chain

graphic.

The Base Configure tab for the VNF appears.

2. Click Configure Loopback Address.

The Configure Loopback dialog box appears.

3. Configure the loopback_addr settingaccording to theguidelines inTable4onpage36.

4. Click Save.

The settings you configured appear under the Base Configure tab.

5. Click New Ip Route.

The New Ip Route dialog box appears.

6. Configure the new Ip Route setting according to the guidelines in Table 4 on page 36.

7. Click Save.






9. Under Firewall Policies, click Apply Pre-defined Rules.

The Apply Pre-defined Rules dialog box appears.

10. Configure one or more settings according to the guidelines in Table 4 on page 36.

11. Click Save.

The settings you configured appear under Firewall Policies in the Configuration dialog

box.

12. Under Destination NAT, click Apply Pre-defined Policies.

The Apply Pre-defined Policies dialog box appears.


14. Click Save.

The settings you configured appear under DestinationNAT in theConfiguration dialog

box.

15. Click Apply.

Table 4: LxCIPtable VNF Configuration Settings

GuidelinesSettingType of Setting

Specify a loopback address for the Linux container.

Example: 192.0.2.10

loopback_addrLinux Container

1. Click AddMore.

A text box appears.

2. Specify an IP route in the text box.

Example: 19.0.2.50/24

3. (Optional) Repeat Step 1 and Step2 to addmore name servers.

New Ip RouteLinux Container

Select thePreventSSHBruteForcecheckbox topreventBruteForceattacksin which a remote attacker indefinitely attempts to log in to SSH.

Prevent SSH BruteForce

Firewall

Select the Prevent Ping Flood check box to prevent ping floods, which aredenial-of-service attacks in which the attacker sends ICMP Echo Request(ping) packets as fast as possible without waiting for replies.

Prevent Ping FloodFirewall

Specify the IP address of the interface on fromwhich the network servicetransmits traffic to enforce predefined NAT rules packets the networkservice receives.

Left InterfaceDestination NAT

Specify the IP address of the interface to which the network servicetransmits traffic to enforce predefined NAT roles on packets the networkservice transmits.

Right InterfaceDestination NAT


Feature Guide


Configuring Network Services on page 34•


Configuring Network Services That Use vSRX VNFs

For service chains that contain a vSRX VNF, you canmanually configure settings for the

VMwhich the VNF resides and settings for the network functions the vSRX provides.

Manual configurations are optional and override automatic configurations specified by

the Cloud CPE Centralized Deployment Model deployment script, other Contrail Service

Orchestration components, or default LxCIPTable VNF settings.

Before You Begin

• Understand the procedure for configuring Network Services and accessing the

Configuration dialog box. See “Configuring Network Services” on page 34.

• If you want to configure the VM in which the VNF resides, see Table 5 on page 38 for a

list of the settings you can configure.

• If you want to configure Firewall policies, see Table 6 on page 39 for the settings you

can configure, and see the vSRX documentation for more information.

• If youwant to apply destinationNATpolicies, seeTable 7 onpage40, and see the vSRX

documentation for more information.

• If you want to apply UTM policies, see Table 8 on page 41 for the settings you can

configure, and see the vSRX documentation for more information.

Configuring vSRX VNF Settings in a Service Chain

To configure the network service:

1. In the Configuration dialog box, click a vSRX VNF icon in the service chain graphic.

The Base Configure tab for the VNF appears.

2. Click Edit Configuration.

The Apply Base Configurations dialog box appears.


4. Click Save.



6. Under Firewall policies, click NewRule.



8. Click Save.



The settings you configured appear under Firewall Policies in the Configuration dialog

box.

9. Under Destination NAT, click Apply Pre-defined Policies.



11. Click Save.

The settings you configured appear under DestinationNAT in theConfiguration dialog

box.

12. To apply additional predefined policies, repeat Step 9 through Step 11.

13. Under UTM, click Apply Pre-defined Policies.



15. Click Save.

The settings you configured appear under UTMPolicy in the Configuration dialog box.

16. Click Apply.

Table 5: vSRX Base Configure Settings

GuidelinesSetting

Specify the hostname of the VM that contains the vSRX VNF.

The field has no limit on the number of characters and accepts letters, numbers, and symbols.

Example: vm-vsrx

Host Name

Specify a loopback address for the management interface of the VM.

Example: 192.0.2.10

Loopback Addr

1. Click AddMore.

A text box appears.

2. Specify a DNS name server in the text box.

Example: $next_server

3. (Optional) Repeat Step 1 and Step 2 to addmore name servers.

Name Servers


Feature Guide

Table 5: vSRX Base Configure Settings (continued)

GuidelinesSetting

1. Click AddMore.

A text box appears.

2. In the text box, specify an NTP server.

Example: ntp.example.net

3. (Optional) Repeat Step 1 and Step 2 to addmore NTP servers.

NTP Servers

Specify the IP address of the interface that transmits data to the host.

Example: 192.0.2.20

Left Interface

Specify the IP address of the interface to which the host transmits data.

Example: 192.0.2.21

Right Interface

Table 6: vSRX Firewall Policy Settings

GuidelinesSetting

Specify the name for the policy.


Policy Name

Specify a security zone fromwhich packets originate.


Example:UT-zone

Source Zone

Specify a security zone to which packets are delivered.


Example: T-zone

Destination Zone

1. Click AddMore.

A text box appears.

2. In the text box, specify a source IP address of packets for which the application enforces thepolicy.

Example: 192.0.2.30

3. (Optional) Repeat Step 1 and Step 2 to addmore source IP addresses.

Source Ips



Table 6: vSRX Firewall Policy Settings (continued)

GuidelinesSetting

1. Click AddMore.

A text box appears.

2. In the text box, specify a destination IP address of packets for which the application enforcesthe policy.

Example: 192.0.2.31

3. (Optional) Repeat Step 1 and Step 2 to addmore destination IP addresses.

Destination Ips

Select permit to transmit packets that match the policy parameters or deny to drop packets thatmatch the policy parameters.

Action

1. Click AddMore.

A text box appears.

2. In the Apps field, specify an application to enforce the policy.

Example: http

3. (Optional) Repeat Step 1 and Step 2 to addmore applications.

Apps

Table 7: vSRX Destination NAT Predefined Policy Settings

GuidelinesSetting

Specify the name of the security zone for the private IP address space.


Example: trust

trust_zone

Specify the name of the security zone for the public IP address space.


Example: trust

untrust_zone

Specify the name of the set of NAT rules that have one or more common criteria. For example, arule set called rule-set-1 could match packets received from a specific source address.


nat_rule_set_name

Specify the name of the NAT rule that performs a particular action. The rule may be part of a set ofNAT rules with other common criteria. For example, a rule called rule-1 could match packets witha specific destination address and be part of rule set rule-set-1, which matches packets receivedfrom a specific source address.


nat_rule_name

Specify the source IP address of packets that the rule matches.

Example: 192.0.2.50

nat_src-addr


Feature Guide

Table 7: vSRX Destination NAT Predefined Policy Settings (continued)

GuidelinesSetting

Specify the destination IP address of packets that the rule matches.

Example: 192.0.2.51

nat_dest_addr

Table 8: vSRXUTMPredefined Policy Settings

GuidelinesSetting

Select the enable-antivirus check box to use the default antivirus configuration.enable_antivirus

Select theenable-webfilteringcheckbox touse thedefaultweb filtering configuration.enable_webfiltering

Select the enable-antispam check box to use the default antispam configuration.enable_antispam


Designing Service Chains for Network Services on page 28•


Managing Requests for Network Services

You use the Requests page to create andmanage requests for new network services.

When you start to design a network service for a request, the request is savedas adesign,

which you track on the Designs page. The request no longer appears on the Requests

page.

A request contains information about the required service, such as:

• The customer’s name.

• The requested functions in the network service, such as NAT.

• Attached notes about the performance goals for the service.

To view requests, click HOME in the toolbar and Requests in the left navigation bar.

• To start a design for a request:



2. Click BEGIN.

If the help overlay is visible, click Close Help.

You can also select I knowmyway around. Don’t show this again., and click Close

Help.

The BUILD page appears.

• To edit a request:





2. Click EDIT.

A page in which you specify information about the request appears.

• To delete a request for a network service:



2. Click DELETE.

A dialog box requesting confirmation for the deletion appears.

3. Click Yes to confirm that you want to delete the request.

The request is deleted.

• To view complete details for a request:

1. Click ShowDetails (hierarchy icon at the top left of the page).

2. Click the request in the hierarchy.

You see complete details for the request on one page. You can add additional notes to

this entry, and navigate to other designs in the hierarchy.


Viewing Information About VNFs on page 32•


Managing Service Chain Designs

You use the Designs Page to manage service chain designs that you have saved or

published.

To view a list of designs that you have saved or published, click HOME in the toolbar and

Designs in the left navigation bar.

• Tomodify a design that you have saved or published, click Edit from themenu at the

end of the appropriate row.

The BUILD page appears, displaying information for the service chain.

• To post a completed design to the Network Service catalog:

1. Select Publish from themenu at the end of the appropriate row.

The Publish NSD dialog box appears.

2. Specify an official name (that customers see) for this network service.



Feature Guide

3. Specify a description of the service for customers to read.


4. Select the type of service from themenu.

5. Click Publish.

A message indicating failure or success appears briefly in the bottom right of the

page.

• To delete a design that you have saved or published:

1. Click Delete from themenu at the end of the appropriate row.


2. Click Yes to confirm that you want to delete the design.

The design is deleted and is then displayed on the Requests Page.

• To delete multiple designs that you have saved or published:

1. From the list of Designs, select those that you want to delete.

2. Click Delete NSD at the top right of the page.


3. Click Yes to confirm that you want to delete the designs.

The designs are deleted and are then displayed on the Requests Page.

• To copy one or more designs that you have saved or published:

1. From the list of designs, select those that you want to you want to copy.

2. Click Copy NSD at the top right of the page.

A dialog box requesting confirmation for the copying appears.

3. Click Yes to confirm that you want to copy the designs.

The additional services appear in the table with the status Validated.

• To view complete details for a design:

1. Click ShowDetails (hierarchy icon at the top left of the page).

2. Click the design in the hierarchy.

You see complete details for the design on one page.


• Network Services and Service Chains Overview on page 25





Feature Guide

CHAPTER 4

Service and Infrastructure Monitor


• Accessing the Service and Infrastructure Monitor GUI on page 46

• Monitoring Network Services on page 46

• MonitoringVNFsUsed inNetworkServices and theVMs thatHost theVNFsonpage47

• Monitoring Microservices on page 49

• Monitoring Microservices and Their Host VMs on page 50

• Monitoring Physical Servers on page 52

Service and Infrastructure Monitor Overview

Service and Infrastructure Monitor operates with the third-party monitoring software

Icinga to provide completemonitoring and troubleshooting of the CloudCPECentralized

Deployment Model.

When you deploy the Cloud CPE Centralized Deployment Model, an Icinga agent is

installed on servers and virtual machines (VMs), which enables Icinga to monitor data

on:

• Physical servers

• VMs that host virtualized network functions (VNFs)

• VMs that host microservices

Service and Infrastructure Monitor collects events frommicroservices in the Cloud CPE

Centralized Deployment Model, and correlates the events to provide information about

network service, their component VNFs, and the VMs that host the VNFs.

All data is presented through the Icinga graphical user interface (GUI). You use the GUI

to obtain both a quick visual display of the Cloud CPE Centralized Deployment Model

status andmore detailed lists of event messages.

Colored squares, which may contains numbers, in the GUI provide a visual status of the

Cloud CPE Centralized Deployment Model network.

• A green square indicates the number of items that are working correctly.

• A yellow square indicates the number of items with potential problems to investigate.


• A red square indicates the number of items that are not working.

• A purple square indicates the number of items with a failed connection.

The following options in the left navigation pane of the Icinga GUI are customized for the

Cloud CPE Centralized Deployment Model:

• Dashboard

• Network Services

• Infrastructure

Other features in the Icinga GUI are not customized and appear in the standard Icinga

GUI.

Use this Service and Infrastructure Monitor documentation for information about using

the customized options in the GUI. See the Icinga documentation for a general overview

of the GUI and information about all non-customized features.


Monitoring Network Services on page 46•

• MonitoringVNFsUsed inNetworkServices and theVMs thatHost theVNFsonpage47

• Monitoring Microservices on page 49

• Monitoring Microservices and Their Host VMs on page 50

• Monitoring Physical Servers on page 52

Accessing the Service and Infrastructure Monitor GUI

To access the GUI for Service and Infrastructure Monitor:

1. Using a web browser, access the URL for Service and Infrastructure Monitor.

For example, if the IP address is 192.0.2.9, the URL is http://192.0.2.9/icingaweb2.

2. Log in with the username icinga and the password csoJuniper.


Service and Infrastructure Monitor Overview on page 45•

Monitoring Network Services

Service and Infrastructure Monitor displays information about network services running

in each Cloud CPE Centralized Deployment Model implementation. This information is

related to the Network Service Overview on the dashboard, which displays information

about component VNFs of network services and the VMs in which the VNFs reside. In

this view, however, the focus is on the actual network service rather than its component

VNFs and the VMs in which they reside.


Feature Guide

http://192.0.2.9/icingaweb2

Tomonitor network services:

1. In the left navigation pane, click Network Services.

Serviceand InfrastructureMonitordisplaysanarrayofnetwork servicesandmonitoring

parameters.

2. In the array, hover over an entry to see additional information for the entry.

3. Click a colored square to see detailed information for the entry.

Table9onpage47shows themeaningof themonitoringparameters for network services.

Table 9: Parameters for Monitoring Network Services

MeaningParameter

Name of the network service.Network Service

State of the network service and the time it entered that state.

• Up—operational

• Down—not operational

Network Service status

Number of VNFs in the service chain.Num of Network Functions

Number of network functions in a colored square that indicates the status of the instance.When you click the square you see:

• An entry for each VNF in the service chain.

• The status of the host in which the VNF resides.

• The IP address of the host in which the VNF resides.

• The name of the VNF.

• The result from the last ping the Icinga agent sent to the host, including any loss of packets,and the round trip average (RTA) travel time.

Network Function

Total numberof commands issued tomonitor thestatusof thenetwork service since it becameoperational.

Commands

Result of the commands issued to monitor the status of the network service. When you clickthe square you see:

• A list of parameters for a specific network function and its host.

• The state of the parameter and how long the parameter has been in that state.

• Additional details about the state of the host.

Command Status


MonitoringVNFsUsed inNetworkServices and theVMs thatHost theVNFsonpage47•

Monitoring VNFs Used in Network Services and the VMs that Host the VNFs

On the dashboard, the Network Service Overview provides information about the VNFs

used innetwork servicesand theVMs thathost thoseVNFs.Youcanalsoview information


Chapter 4: Service and Infrastructure Monitor

about the component VNFs in a network service by clicking Monitor Network Services in

the left navigation bar.

To view information about VNFs used in network services and the VMs that host the

VNFs:

1. In the left navigation bar, click Dashboard.

The dashboard appears, displaying several arrays of information.

2. (Optional) In the Network Services Overview array, hover over a colored square in the

array to see the latest event message for a specific parameter and host.

3. (Optional) In the Network Services Overview array, click a colored square to see

detailed information for a specific parameter and host.

4. (Optional) In the Network Services Overview array, click an IP address to view all the

event messages for a host.

5. (Optional) In the Network Services Overview array, click a parameter name to view

event messages on all hosts for that parameter.

See Table 10 on page 48 for information about themonitoring parameters used for VNFs

and the VMs that host them.

Table 10: Parameters for Monitoring VNFs and Their Host VMs

MeaningParameter

Rate of traffic entering the interface that transmits data to the host.left_net_interface_input_pckt_rate

Rate of traffic leaving the interface that transmits data to the host.left_net_interface_output_pckt_rate

State of the interface that transmits data to the network host.



left_net_interface_stats

State of the interface to which the host transmits data.



right_net_interface1_stats

Rate of traffic entering the interface to which the host transmits data.right_net_interface_input_packet_rate

Rate of traffic leaving the interface to which the host transmits data.right_net_interface_output_packet_rate

Percentage of the Routing Engine’s control planememory that VM is using.routing_engine_ctrlplane_memusage

Meanpercentageofavailable loadcapacity usedby theRoutingEngine’s controlplane.

routing_engine_load_average

Percentage of available CPU capacity used by the Routing Engine’s controlplane.

routing_engine_system_cpu


Feature Guide

Table 10: Parameters for Monitoring VNFs and Their Host VMs (continued)

MeaningParameter

Number of active sessions of the VNF compared to the maximum number ofsessions allowed.

<VNF>_activesessions

Number of sessions of the VNF that VNF Manager failed to activate.<VNF>_failedsessions

Number of sessions added (ramp-up rate) for the last 60 seconds. The valuedoesnotdisplay the total numberof sessionsor thenumberofdeletedsessions.

<VNF>_performance_session

Services processing unit (SPU), percentage of CPU capacity that handles thedata plane for the security service.

<VNF>_performance_spu


Monitoring Network Services on page 46•

MonitoringMicroservices

Service and Infrastructure Monitor displays information about microservices running in

each Cloud CPE Centralized Deployment Model implementation. This information is

related to theCSPMicroserverviceOverviewon thedashboard,whichdisplays information

about the VMs in which the microservices reside. In this view, however, the focus is on

the actual microservice srather than the VMs in which they reside.

Tomonitor microservices:

1. In the left navigation pane, select Infrastructure > CSPMicroservices.

Service and Infrastructure Monitor displays an array of CSPmicroservices and

monitoring parameters.

2. (Optional) In the array, hover over an entry to see additional information for the entry.

3. (Optional) Click a colored square to see detailed information for the entry.

Table 11 on page 49 shows themonitoring parameters for microservices.

Table 11: Parameters for MonitoringMicroservices

MeaningParameter

Name of the microservice.CSPMicroservice

State of the microservice and the time it entered that state.



Microservice status

Number of instances of the microservice.Number of Instances



Table 11: Parameters for MonitoringMicroservices (continued)

MeaningParameter

Number of microservices in a colored square that indicates the status of the instance. Whenyou click the square you see:

• The status of the host in which the micorservice resides.

• The IP address of the host in which the microservice resides.

• The name of the microservice.

• The result from the last ping the Icinga agent sent to the host, including any loss of packets,and the round trip average (RTA) travel time.

Instance Status

Total number of commands issued tomonitor the status of themicroservice since it becameoperational.

Monitor Commands

Result of the commands issued tomonitor the status of themicroservice.When you click thesquare you see:

• A list of parameters for a specific host.


• Additional details about the state of the host.

Command Status


Monitoring Microservices and Their Host VMs on page 50•

MonitoringMicroservices and Their Host VMs

On the dashboard, the CSPMicroservices Overview provides information about the VMs

that host microservices. The focus of the CSPMicroservices Overview is the VMs that

host the microservices.

Tomonitor microservices and their host VMs:

1. In the left navigation bar, click Dashboard.

The dashboard appears, displaying several arrays of information.

2. (Optional) In the CSPMicroservices Overview array, hover over a colored square in

the array to see the latest event message for a specific parameter and host.

3. (Optional) In the CSPMicroservices Overview array, click a colored square to see

detailed information for a specific parameter and host.

4. (Optional) In the CSPMicroservices Overview array, click an IP address to view all the

event messages for a host.

5. (Optional) In the CSPMicroservices Overview array, click a parameter name to view

event messages on all hosts for that parameter.

See Table 12 on page 51 for information about the monitoring parameters used for VNFs

and the VMs that host them.


Feature Guide

Table 12: Parameters for Monitoring VNFs and Their Host VMs

MeaningParameter

Percentage of unused CPU capacitycheck cpu usage

Status of host’s input and output mechanisms for storagecheck disk IO

Available storage on the VM that hosts the microservicecheck disk usage

Number of processes associated with the databasecheck elasticsearch

Measure of load compared to specified values for warning and critical statescheck load average

Percentage of RAM and swapmemory usedcheck memory usage

Percentage of network resources usedcheck network usage

Availability of the Network Service Designer applicationcheck nsdui

Number of open files compared to specified values for warning and criticalstates

check open files

Amount of data moved from RAM to swapmemory compared to specifiedvalues for warning and critical states

check paging stats

Number of software connections compared to specified values for warningand critical states

check socket usage

Number of Contrail API processescheck_contrail_api

Number of Contrail configuration processescheck_contrail_config

Number of Contrail control processescheck_contrail_control

Number of Contrail database processescheck_contrail_database

Number of Contrail Vrouter processescheck_contrail_vrouter

Number of Contrail Vrouter agent processescheck_contrail_vrouter_agent

Number of Contrail web core processescheck_contrail_web

Number of Interface for Metadata Access Points (IF-MAP) processescheck_ifmap_server

Number of Nova API processescheck_nova_api


Monitoring Microservices on page 49•



Monitoring Physical Servers

Service and Infrastructure Monitor tracks the state of each physical server on which the

Icinga agent is installed.

Tomonitor physical servers:

1. In the left navigation bar, click select Infrastructure > CSP BareMetal.

Serviceand InfrastructureMonitordisplaysanarrayofphysical serversandmonitoring

parameters.

2. In the array, hover over an entry to see additional information for the entry.

3. Click a colored square to see detailed information for the entry.

See Table 13 on page 52 for information about the parameters.

Table 13: Parameters for Monitoring Physical Servers

MeaningParameters

State of the server cluster and the time when it entered that state.

• Up—Operational

• Down—Not operational

Group Status

Number of servers in the server cluster.Number of Servers

Number of servers in a colored square that indicates the status of the servers. When you clickthe square you see:

• An entry for each server in the cluster.

• The status of the server.

• The IP address of the server.

• The hostname of the server.

• The result from the last ping the Icinga agent sent to the server, including any loss of packets,and the round trip average (RTA) travel time.

Server Status

Total numberof commands issued tomonitor thestatusof theserver since it becameoperational.Commands

Result of the commands issued to monitor the status of the server. When you click the squareyou see:

• A list of parameters for a specific server.


• Additional details about the state of the server.

Command Status




Feature Guide

Documents

Contrail Service Orchestration Feature Guide · Contrail Service Orchestration Feature Guide Author: Juniper Networks Created Date: 20160201171533Z