Scale Your Network with Juniper Mist's Campus Fabric
Table of Contents
- Introduction
- Campus Fabric Architecture
- Lab Setup
- Five-stage Clos Fabric
- Layer 3 Boundary
- Lean Distribution Layer
- Core as Border Gateway
- Transition to EX9200 Series
- Virtual Desktops and Access Switches
- IDF and Access Point
- Standalone vs. Stack
- Site and Octopology Topologies
- IP Clone GBP on Site
- Octopology Concept
- Pod Structure
- Configuring Networks
- VLAN Definitions
- Subnet and Gateways
- VRF and Segmentation
- Connecting Devices
- Cabling Setup
- Supply Chain Considerations
- Verification and Troubleshooting
- Ping Test
- BGP Neighborship
- Secure CRT and Configuration Review
- Adding New Access Switches
- Routing to the Internet
- Core Configuration
- BGP and Routing Policies
- IPv6 Support in Campus Fabric
- CLI vs. Miss Configuration
- CLI Changes Reflected in Miss
- Remediation Policies
- Pushing Configuration Changes
- Configuration Templates
- Device Connection Tables
- Accepting CLI Deviations
- Configuration Rollback and Management
Introduction
In this article, we will explore the Campus Fabric architecture and its implementation using Juniper switches. Campus Fabric provides a Simplified and scalable solution for building enterprise networks. We will dive into the lab setup, the five-stage Clos fabric design, layer 3 boundaries, lean distribution layer, and the role of the core as a border gateway.
Campus Fabric Architecture
Lab Setup
The Campus Fabric architecture is implemented in a lab hosted at the Sunnyvale campus. The lab consists of Juniper switches, including the EX9200 series, which are cloud-ready devices. These switches are easily onboarded using a mobile app, eliminating the need for manual configuration. The lab also includes virtual desktops connected to each of the access switches, representing IDF (intermediate distribution frame) locations.
Five-stage Clos Fabric
The Campus Fabric design follows the popular concept of a five-stage Clos fabric. The access switches terminate VTEPs (VXLAN Tunnel Endpoint) and VXLAN tunnels. The layer 3 boundary is established at the axis layer, and a lean distribution layer is created using high-speed routers, such as the EX5120. The core, represented by the EX9204, acts as a border gateway, terminating VXLAN tunnels and connecting to a Northbound SRX firewall cluster.
Layer 3 Boundary
At the layer 3 boundary, the Juniper switches provide routing capabilities. This allows for segmentation and isolation of different networks, ensuring privacy and security, especially in healthcare environments or guest access scenarios. The routing can be performed at the access layer itself, but for scalability, it can be moved to the distribution layer, where gateways for end hosts reside.
Lean Distribution Layer
The lean distribution layer consists of high-speed routers, such as the EX5120. These routers enable equal-cost multipath (ECMP) and quality of service (QoS) features. They are responsible for passing traffic between the access switches and the core, ensuring efficient and reliable communication within the network.
Core as Border Gateway
The core switch, represented by the EX9204, acts as a border gateway for the Campus Fabric. It terminates VXLAN tunnels and communicates with a Northbound SRX firewall cluster. This setup ensures secure access to the internet and enables the enforcement of security policies for incoming and outgoing traffic.
Transition to EX9200 Series
Juniper has transitioned from smaller, pizza-box-sized access switches to the EX9200 series. These switches are designed to be cloud-ready and provide a seamless onboarding experience. They can be easily configured using the missed AI app, similar to the traditional pizza-box switches. The transition to the EX9200 series enables scalability and cloud-ready features while maintaining simplicity in configuration.
Virtual Desktops and Access Switches
In the lab setup, virtual desktops are connected to each of the access switches. These access switches act as intermediate distribution frames (IDFs). In this demo, we focus on a standalone access switch, but the concept can be extended to a stack with up to 10 members. The latest addition, the EX4100, supports stacking and provides scalability.
Site and Octopology Topologies
The Campus Fabric configuration includes site and octopology topologies. Site topologies are used for individual sites, such as a Santa Clara Hilton building. Within a site, You can run an IP clone network. Octopology topologies come into play when you have multiple buildings in close proximity. Octopology allows you to group these buildings into pods, each with its own core and distribution devices.
IP Clone GBP on Site
Within site topologies, you have three options: EVpin multi-homing, Campus Fabric core distribution, and IP clone. EVpin multi-homing is suitable for transitioning from proprietary or L2-spanning tree technologies. Campus Fabric core distribution is used when the core and distribution devices are running EVpin and VXLAN, while the access switches use plain LACP. IP clone, the focus of this demo, extends VXLAN all the way to the edge, connecting cameras, wired networks, and access points.
Octopology Concept
Octopology is a way to Scale the network while maintaining manageable connectivity. It allows you to treat multiple buildings as a single pod, interconnecting access switches with distribution devices. Instead of spanning all devices across the entire campus, you can limit the connectivity within a pod, resulting in a more scalable and efficient network.
Pod Structure
In the Santa Clara Hilton example, each Hilton building can be treated as a pod. This approach simplifies the configuration by connecting IDFs to MDFs within a single pod, rather than spanning them across the entire campus. The pod structure improves scalability and reduces complexity.
Configuring Networks
In the Campus Fabric configuration, networks can be configured using predefined templates or by creating new networks. VLAN definitions play a crucial role in network segmentation. VLANs can be imported from existing networks or created from scratch. It is important to provide subnets for each VLAN, as they define the IP addressing scheme.
Subnet and Gateways
The IP addressing for the networks is automatically handled by Campus Fabric. Subnets are provided, and the system slices them into smaller subnets for underlay IP addressing. This ensures efficient utilization of address space, even with a large number of access leaves. Gateways for the networks are automatically configured Based on the routing policies defined within the fabric.
VRF and Segmentation
Campus Fabric supports segmentation at the layer 3 level using Virtual Routing and Forwarding (VRF). By creating instances and associating VLANs with them, you can control the traffic flow between different networks. This allows for secure isolation of corporate and guest traffic, ensuring privacy and security in the network.
Connecting Devices
Once the networks are configured, the next step is connecting the devices in the physical setup. This involves cabling the access switches, connecting the access points, and establishing the necessary connections between the switches. The physical connectivity is crucial for the proper functioning of Campus Fabric.
Cabling Setup
In the lab setup, the physical devices are already connected according to the cabling plan specified. This ensures the smooth communication between the switches and enables the flow of data within the fabric. The cables are carefully routed and connected to the appropriate ports on the switches.
Supply Chain Considerations
In real-world deployments, supply chain limitations may make it difficult to have all the devices readily available. However, with the ability to build the fabric even before the devices are online, the configuration can be prebuilt and applied to the switches when they become available. This flexibility allows for easier deployment and scalability.
Verification and Troubleshooting
Once the devices are connected, it is essential to verify the fabric's functionality and troubleshoot any issues that may arise. This involves performing ping tests between different devices to ensure end-to-end connectivity. Checking the BGP neighborship and reviewing the configuration details are important steps in verifying the fabric's configuration.
Ping Test
To test the connectivity, a ping test can be performed between various devices, such as the desktop connected to the access switch and the internet. This ensures that the traffic is properly routed through the fabric and reaches its intended destination. Ping tests help in troubleshooting any connectivity issues and ensure the fabric's functionality.
BGP Neighborship
BGP (Border Gateway Protocol) neighborship allows devices within the fabric to exchange routing information. Checking the BGP neighborship status ensures that the routing protocols are established correctly, and the devices can communicate with each other. This is a critical step in verifying the fabric's configuration and ensuring proper network operation.
Secure CRT and Configuration Review
Campus Fabric provides secure remote access to the devices for troubleshooting or configuration review purposes. The missed UI allows direct access to the CLI, enabling users to run Show commands, troubleshoot issues, and review the device configurations. This feature enhances the troubleshooting capabilities and allows for efficient configuration management.
Adding New Access Switches
As the network grows, there may be a need to add new access switches to expand the fabric. This process is straightforward in Campus Fabric. New access switches can be easily added and connected to the existing fabric. The missed AI app simplifies the configuration process, eliminating the need for manual configuration of each device.
Routing to the Internet
To connect the fabric to the internet and enable external access, proper routing configuration is necessary. This involves configuring the core switches with BGP neighbors and routing policies. The core switches act as border gateways, terminating VXLAN tunnels and communicating with external devices such as firewalls or WAN routers. The configuration ensures secure access to the internet and smooth operation of the fabric.
Core Configuration
The core switches play a critical role in routing the traffic between the fabric and external networks. BGP neighbors are established to exchange routing information, and routing policies are implemented to define the preferred paths for the traffic. These configurations are essential for proper routing within the fabric and ensure optimal performance and security.
BGP and Routing Policies
BGP (Border Gateway Protocol) is used to establish communication between the core switches and external devices such as firewalls or WAN routers. The BGP configurations, including neighbors and routing policies, are done through the missed UI. These configurations enable the core switches to act as border gateways and facilitate secure communication with the external networks.
IPv6 Support in Campus Fabric
Campus Fabric provides full support for IPv6, both in the underlay and overlay networks. This includes full IPv6 routing capabilities, overlays, and multicast support. Juniper has focused on improving IPv6 multicast capabilities within the overlay network, ensuring seamless integration of IPv6 in the fabric. The support for IPv6 enables future-proofing the network and ensures scalability for evolving requirements.
CLI vs. Miss Configuration
In Campus Fabric, the recommended approach is to perform all configurations through the missed AI UI. This ensures a single source of truth and simplifies configuration management. However, users still have the flexibility to log in to the CLI and make changes if necessary. The missed UI provides the option to push CLI configurations and reflects any changes made outside the UI.
CLI Changes Reflected in Miss
If users make configuration changes using the CLI, these changes are reflected in the missed AI UI. The UI provides visibility into CLI-based changes, indicating that the configuration was not made through the UI. This enhances transparency and allows users to track and manage CLI deviations from the standard configuration.
Remediation Policies
Campus Fabric offers granular policy administration, allowing administrators to define roles and permissions for different users. For example, a port admin role can be created, limiting users to administer specific ports without the ability to make changes to core devices. This level of granularity ensures security and prevents unauthorized configuration changes.
Pushing Configuration Changes
Configuration changes in Campus Fabric can be performed directly through the missed AI UI. Templates and predefined configurations can be applied to devices, simplifying the configuration process. Additionally, connection tables can be downloaded from the UI, providing a clear guide for physical connectivity during deployment.
Configuration Templates
Configuration templates play a crucial role in standardizing configurations and ensuring consistency across devices. Templates can be created outside the missed AI workflow and imported for use in Campus Fabric. This allows for rapid and consistent deployment of new devices, reducing the chances of human error and improving overall network reliability.
Device Connection Tables
During the physical deployment of devices, connection tables can be generated in the missed AI UI. These tables provide a detailed guide on how devices should be connected physically. The tables can be shared with deployment teams, ensuring accurate and consistent cabling, even when devices are not online during the initial fabric setup.
Accepting CLI Deviations
The missed AI UI offers visibility into CLI deviations from the standard configuration. If a CLI change is legitimate, it can be accepted and incorporated into the missed AI configuration. This ensures that the UI remains the single source of truth and allows for seamless transitions between CLI-based changes and UI-driven configurations.
Configuration Rollback and Management
In case of configuration errors or undesired changes, Campus Fabric provides a configuration rollback mechanism. If a change causes connectivity issues or disrupts network operation, the system automatically rolls back to the last known working configuration. This ensures minimal downtime and assures the stability of the fabric. Configuration management also includes seamless integration with cloud services, such as missed AI, for consistent and centralized control of the network.
Overall, Campus Fabric offers a simplified and scalable solution for building enterprise networks. With a focus on ease of configuration, seamless integration, and scalability, Juniper switches and missed AI provide a reliable foundation for modern network infrastructure.
Highlights:
- Campus Fabric architecture simplifies network configuration and scalability.
- Transition to EX9200 series switches enables cloud-ready and scalable deployments.
- Virtual desktops and access switches facilitate IDF connectivity.
- Site and octopology topologies aid in network segmentation and scalability.
- Configuring networks involves defining VLANs and assigning subnets.
- Connecting devices requires proper cabling and supply chain considerations.
- Verification includes ping tests and reviewing BGP neighborship.
- Adding new access switches expands the fabric effortlessly.
- Routing to the internet involves core configuration and BGP policies.
- Campus Fabric offers robust support for IPv6.
- Miss AI UI simplifies configuration management, but CLI changes are also possible.
- Pushing configuration changes can be done through templates or connection tables.
- Configuration rollback and management ensure stability and continuity.
FAQ:
Q: Can Campus Fabric handle IPv6 routing and overlays?
A: Yes, Campus Fabric provides full support for IPv6 in both the underlay and overlay networks. IPv6 routing, overlays, and multicast are fully supported.
Q: Can CLI-based configuration changes be reflected in the missed AI UI?
A: Yes, CLI changes are recognized by the UI, and the UI reflects both UI-driven and CLI-driven configurations. This gives administrators visibility into any deviations from the standard configuration.
Q: Can I use templates to standardize configurations in Campus Fabric?
A: Yes, templates play a crucial role in ensuring standardized configurations. Templates can be created outside the missed AI workflow and imported for use in Campus Fabric, enhancing consistency and reducing human error.
Q: Is it possible to Roll back configurations in case of errors or undesired changes?
A: Yes, Campus Fabric provides a configuration rollback mechanism. If a change disrupts network operation or causes connectivity issues, the system automatically rolls back to the last known working configuration, minimizing downtime and maintaining stability.
Q: Can Campus Fabric handle large-scale network deployments?
A: Yes, Campus Fabric is designed to handle large-scale network deployments. The architecture ensures scalability and simplifies the management of complex networks.
Q: Is the missed AI UI the recommended method for configuration management?
A: Yes, the missed AI UI is the recommended method for configuration management in Campus Fabric. It provides a single source of truth, simplifies configuration tasks, and enables consistent control of the network.