Add a Provider Hub Device

Users with the SP (service provider) Administrator role or an OpCo (operating company) Administrator role can add provider hub devices with different capabilities as indicated in Table 1.

Table 1: Provider Hub Capabilities and Roles
Capability	Description	Added By (Role)
OAM_ONLY	Transmits only OAM traffic. IPsec OAM tunnels are configured between a spoke site and the provider hub.	SP Administrator
DATA_ONLY	Transmits only data traffic. IPsec data tunnels are configured between a spoke site and the provider hub with data capability. IPsec OAM tunnels are not configured between the spoke site and the provider hub.	SP Administrator OpCo Administrator
OAM AND DATA	Transmits both data and OAM traffic. Both IPsec OAM and data tunnels are configured between a spoke site and the provider hub.	SP Administrator OpCo Administrator

You can add an SRX Series services gateway or a vSRX instance as a provider hub with DATA_ONLY capability in a hub-and-spoke topology or full mesh topology.

Note:

Because specifying a POP is mandatory for adding a provider hub, the SP Administrator or OpCo Administrator must add a POP. For more information, see Creating a Single POP.

In SD-WAN deployments, there is a provision to add a provider hub and activate it later. While the provider hub can be added by an SP or an OpCo administrator, it can be activated by another SP or OpCo administrator. The second user must enter either the serial number and the activation code, or only the serial number when manually activating the device later.

To add a provider hub device:

Select Resources > Provider Hub Devices.

The Provider Hub Devices page appears.
Click the add icon (+).

The Add Provider Hub Device page appears.
Complete the configuration according to the guidelines provided in Table 2.

Note:
Fields marked with an asterisk (*) are mandatory.
(Optional) Review the configuration in the Summary tab and modify the settings, if required.
Click OK.
- If you entered a serial number during activation and automatic activation is enabled, the Site Activation Progress page appears. The site activation process proceeds through the tasks explained in Troubleshooting Site Activation Issues.
  
  Click OK to close the Site Activation Progress page.
- If you did not enter a serial number and the automatic activation is disabled, you are returned to the Provider Hub Devices page. CSO triggers a job and displays a confirmation message with a job link. Click the link to view the status of the job. After the job is finished, CSO displays a confirmation message with a job link. The status of the site changes to CREATED.
  
  You must manually activate the device to finish the activation process.
Note:
The following procedure is applicable if zero touch provisioning (ZTP) is set true in the device template. If ZTP is disabled in the device template, you must copy the stage-1 configuration and commit it on the device for CSO to proceed with the activation.

To manually activate the provider hub:
1. Select the provider hub device that has to be activated.
2. Click Activate Device button in the Provider Hub Devices page.
  
  The Activate Site page appears.
3. Enter the serial number(s) of the device and the activation code. Click OK.
  
  The Site Activation Progress page appears displaying the progress of steps executed for activating the provider hub. On successful activation of the device, the Site Status changes from Created to Provisioned.
After the device is successfully activated, you can start using the provider hub in your network.

Table 2: Fields on the Add Provider Hub Device Page
Field	Description
Site Name	Enter the name of the provider hub device. You can use alphanumeric characters, including special character(-). The maximum length is 32 characters. Example: provider-hub-1
Device Host Name	The device host name is auto-generated and uses the format `tenant-name.host-name`. You cannot change the `tenant-name` part in the device host name. Use alphanumeric characters and hyphen (-); the maximum length allowed is 32 characters.
Management Region	Displays the regional server with which the device communicates. The management region name is populated based on the information from the device template. Example: regional
POP	Select the POP where the hub device needs to be added. Example: pop_blue
Site Capability	Select the site capability of the provider hub device: OAM_ONLY (Available only for SP Administrator users) DATA_ONLY OAM AND DATA CSO establishes a secure OAM tunnel between the provider hub with DATA_ONLY capability and a provider hub with OAM_ONLY or OAM AND DATA capability).
Authentication Type	Select the IPsec tunnel authentication method—Preshared Key (PSK) or Public Key Infrastructure (PKI).
Advanced Configuration
Domain Name Server	Specify one or more IPv4 or IPv6, or both IPv4 and IPv6 addresses of the DNS server. To specify more than one DNS server address, type the address, press Enter, and then type the next address, and so on. DNS servers are used to resolve hostnames into IP addresses.
NTP Server	Specify the fully qualified domain names (FQDNs) or IP addresses of one or more NTP servers. Example: ntp.example.net The site must have DNS reachability to resolve the FQDN during site configuration.
Select Timezone	Select the time zone of the site.
Click Next to continue.
Device Template
Device Template	The device template that is currently supported for provider hub devices is SRX as SD-WAN Hub. Based on the device series that you select, the supported device templates (containing information for configuring devices) are listed. Select a device template.
Device Information
Serial Number	Enter the serial number of the provider hub device. Serial numbers are case-sensitive. If you do not enter the serial number, the provider hub is added but not activated. See Step 5 to manually activate the provider hub later.
Auto Activate	Click the toggle button to enable or disable automatic activation of the provider hub device. The device template that you select determines whether this option is enabled or disabled by default.
Device Root Password	The default root password is fetched from the ENC_ROOT_PASSWORD field in the services template. You can retain the password or change it by entering a password in plain-text format. The password is encrypted and stored on the device.
Activation Code	If you disabled automatic activation, enter the activation code used while adding the site to manually activate the device. See Step 5 to manually activate the device later. The activation code is an authentication code created when adding the device and shared with the user who later activates the provider hub device. This is to ensure that only an authorized user activates a provider hub that was added earlier.
Boot image	Select the boot image from the drop-down list if you want to upgrade the image for the provider hub device. The boot image is the latest build image uploaded to the image management system. The boot image is used to upgrade the device when CSO starts the ZTP process. If the boot image is not provided, then the device skips the procedure to upgrade the device image. The boot image (NFX or SRX) is populated based on the device template that you have selected while creating a site.
Management Connectivity	The fields in this section are displayed based on the capability that you select for the provider hub device.
Loopback IP Prefix	By default, CSO assigns the IPv4 address prefix for the loopback interface on the device. If you prefer to use a specific loopback address, you can enter an IPv4 address prefix for the loopback interface on the provider hub device. The IP address prefix must be a /32 IP address prefix and must be unique across the entire management network.
OAM Interface	Select an interface on the provider hub device to connect to the CSO. The interface is used only for OAM connectivity. The interface names are listed based on the configuration in the selected device template.
OAM VLAN	Enter an OAM VLAN ID for in-band management of the hub device. If you specify an OAM VLAN ID, then in-band OAM traffic reaches the device through the selected OAM interface.
OAM IP Prefix	Enter an IPv4 address prefix for the OAM interface in the provider hub device. The prefix must be unique across the entire management network.
OAM Gateway	Enter the IP address of the next-hop through which the connectivity to CSO is established.
EBGP Peer AS	Enter the autonomous system (AS) number of the external BGP (EBGP) peer.
WAN Links
WAN_0 `WAN-Interface-Name`	This field is enabled by default. Enter parameters related to WAN_0. Fields marked with an asterisk (*) must be configured to proceed.
Local Interface	Displays the interface name configured in the device template. You cannot modify this field.
Link Type	Select the underlay network type (MPLS or Internet) of the WAN link.
Public IP Address	For Internet links, enter the public IPv4 address for the link. This IP address should be provided only if the static IP prefix is private and 1:1 NAT is configured.
VLAN ID	Enter the VLAN ID that is associated with the data link.
Underlay Address Families
IPv4	Click the toggle button to enable or disable IPv4 address assignment for the WAN link. By default, IPv4 address assignment is enabled for the WAN link. The WAN link requires an IPv4 address to connect to an IPv4 network.
Address Assignment Method	Displays the address assignment method used for the WAN link (STATIC). You cannot modify this field.
Static IP Prefix	Enter the IPv4 address prefix of the WAN link.
Gateway IP Address	Enter the gateway IPv4 address of the default route.
MTU	Applicable only to IPv4 addresses. Enter the maximum transmission unit (MTU) size for the media or protocol. The supported MTU range can vary depending on the device, interface type, network topology, and other individual requirements. See also: MTU Default and Maximum Values and LTE Mini Physical Interface Modules (LTE Mini-PIM). Editing the MTU values of all the OAM-enabled WAN links of a site at the same time might result in tunnel flapping. You must ensure that at least one OAM-enabled WAN link always remains undisrupted for a site. For example, if you have a site with four WAN links (including two links that support OAM traffic), you can edit the MTU values of all the WAN links except one OAM-enabled link at the same time. After the edit is complete and the changes are saved, you can edit the site again and update the remaining WAN link. Note: If you enable the PPPoE/PPP option under a WAN link, the MTU option is displayed under the PPPoE/PPP Settings section for that link.
IPv6	Click the toggle button to enable or disable IPv6 address assignment for the WAN link. By default, IPv6 address assignment is disabled for the WAN link. The WAN link requires an IPv6 address to connect to an IPv6 network.
Address Assignment Method	Displays the address assignment method used for the WAN link (STATIC). You cannot modify this field.
Static IP Prefix	Enter the IPv6 address prefix of the WAN link.
Gateway IP Address	Enter the gateway IPv6 address of the default route.
WAN_1 `WAN-Interface-Name`	Click the toggle button to enable or disable the WAN link. When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 `WAN-Interface-Name` for an explanation of the fields.
WAN_2 `WAN-Interface-Name`	Click the toggle button to enable or disable the WAN link. When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 `WAN-Interface-Name` for an explanation of the fields
WAN_3 `WAN-Interface-Name`	Click the toggle button to enable or disable the WAN link. When you enable the WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed. Refer to the fields described for WAN_0 `WAN-Interface-Name` for an explanation of the fields
Click Next to continue.
Configuration Templates (Optional)
Configuration Templates List	Select one or more configuration templates from the list. This list is filtered based on the device that you select. Configuration templates are stage-2 templates that are added by your OpCo administrators or SP administrators or Tenant administrators. Note: You must set the parameters of the configuration templates that you have selected before you move to the LAN section. To set the parameters for the selected configuration templates: After you select one or more configuration templates, click Set Parameters. The Device Configurations page appears. This page consists of two tabs—Configure and Summary In the Configure tab fill in the attributes for each of the configuration templates. (Optional) View the CLI commands in the Summary tab. Click Save. You have added and set the parameters for the configuration templates that are part of the site template that you are creating.

Add a Provider Hub Device

Related Documentation