- About this Document
- Overview
- Benefits of Campus Fabric IP Clos
- play_arrow Technical Overview
- Juniper Mist Wired Assurance
- Campus Fabric IP Clos High-Level Architecture
- Campus Fabric IP Clos Components
- Juniper Mist Wired Assurance
- Juniper Mist Wired Assurance Switches
- Verification
- EVPN Insights
- Summary
- Additional Information
Juniper Mist Wired Assurance Switches
You must validate that each device participating in the campus fabric has been adopted or claimed and assigned to a Site. The switches are named for respective layers in the fabric to facilitate building and operating the fabric. See Figure 1.
Overview
Use this JVD to deploy a single campus fabric with an L3 IP-based underlay network that uses EVPN as the control plane protocol and VXLAN as the data plane protocol in the overlay network.
Mist Wired Assurance configures eBGP on the directly connected links to exchange loopback routes, and eBGP between the core and distribution devices and distribution and access devices in the overlay to share reachability information about endpoints in the fabric.
Templates
A key feature of switch management through the Juniper Mist cloud is to use templates and a hierarchical model to group the switches and make bulk updates. Templates provide uniformity and convenience, while the hierarchy (Organization, Site, and Switch) provides both scale and granularity.
Templates and the hierarchical model mean that you can create a template configuration and then all the devices in each group inherit the template settings. When a conflict occurs, for example, when there are settings at both the Site and Organization levels that apply to the same device, the narrower settings (in this case, Site) override the broader settings defined at the Organization level.
Individual switches, at the bottom of the hierarchy, can inherit all or part of the configuration defined at the Organization level, and again at the Site level. Individual switches can also have their own unique configurations.
You can include individual command line interface (CLI) commands at any level of the hierarchy. Mist appends these commands to all the switches in that group on an “AND” basis. If the additional CLI commands apply to the pre-existing configuration on the device, the original configuration is overwritten with the configuration sent by Mist. If the added commands apply to a configuration that did not exist on the device previously, then the new configuration is appended to the existing device configuration during the update.
If you run CLI commands for items not native to the Mist GUI, this configuration data is applied last. These commands overwrite existing configuration data within the same stanza. You can access the CLI command option from the Switch Template or individual switch configuration.
Under Organization > Switch Templates, we use the following template:
We provide a copy of the template configuration in JSON format below for import into your system for verification.
{
"ntp_servers": [],
"dns_servers": [
"8.8.8.8",
"9.9.9.9"
],
"dns_suffix": [],
"additional_config_cmds": [],
"networks": {
"vlan1099": {
"vlan_id": 1099,
"subnet": "10.99.99.0/24"
},
"vlan1088": {
"vlan_id": 1088,
"subnet": "10.88.88.0/24"
},
"vlan1033": {
"vlan_id": 1033,
"subnet": "10.33.33.0/24"
}
},
"port_usages": {
"myaccess": {
"mode": "trunk",
"disabled": false,
"port_network": "vlan1033",
"voip_network": null,
"stp_edge": false,
"port_auth": null,
"all_networks": false,
"networks": [
"vlan1033",
"vlan1088",
"vlan1099"
],
"speed": "auto",
"duplex": "auto",
"mac_limit": 0,
"persist_mac": false,
"poe_disabled": false,
"enable_qos": false,
"storm_control": {},
"mtu": 9018,
"description": ""
},
"myesilag": {
"mode": "trunk",
"disabled": false,
"port_network": null,
"voip_network": null,
"stp_edge": false,
"port_auth": null,
"all_networks": true,
"networks": [],
"speed": "auto",
"duplex": "auto",
"mac_limit": 0,
"persist_mac": false,
"poe_disabled": false,
"enable_qos": false,
"storm_control": {},
"mtu": 9014,
"description": ""
},
"dynamic": {
"mode": "dynamic",
"reset_default_when": "link_down",
"rules": []
},
"vlan1099": {
"mode": "access",
"disabled": false,
"port_network": "vlan1099",
"voip_network": null,
"stp_edge": false,
"all_networks": false,
"networks": null,
"port_auth": null,
"speed": "auto",
"duplex": "auto",
"mac_limit": 0,
"persist_mac": false,
"poe_disabled": false,
"enable_qos": false,
"storm_control": {},
"mtu": 9014,
"description": "Corp-IT",
"disable_autoneg": false,
"mac_auth_protocol": null,
"enable_mac_auth": null,
"mac_auth_only": null,
"guest_network": null,
"bypass_auth_when_server_down": null
},
"vlan1088": {
"mode": "access",
"disabled": false,
"port_network": "vlan1088",
"voip_network": null,
"stp_edge": false,
"all_networks": false,
"networks": null,
"port_auth": null,
"speed": "auto",
"duplex": "auto",
"mac_limit": 0,
"persist_mac": false,
"poe_disabled": false,
"enable_qos": false,
"storm_control": {},
"mtu": 9014,
"description": "Developers",
"disable_autoneg": false,
"mac_auth_protocol": null,
"enable_mac_auth": null,
"mac_auth_only": null,
"guest_network": null,
"bypass_auth_when_server_down": null
},
"vlan1033": {
"mode": "access",
"disabled": false,
"port_network": "vlan1033",
"voip_network": null,
"stp_edge": false,
"all_networks": false,
"networks": null,
"port_auth": null,
"speed": "auto",
"duplex": "auto",
"mac_limit": 0,
"persist_mac": false,
"poe_disabled": false,
"enable_qos": false,
"storm_control": {},
"mtu": 9014,
"description": "Guest-WiFi",
"disable_autoneg": false,
"mac_auth_protocol": null,
"enable_mac_auth": null,
"mac_auth_only": null,
"guest_network": null,
"bypass_auth_when_server_down": null
}
},
"switch_matching": {
"enable": true,
"rules": [
{
"name": "core",
"match_model": "EX9204",
"port_config": {},
"additional_config_cmds": [
""
],
"ip_config": {
"type": "dhcp",
"network": "default"
},
"oob_ip_config": {
"type": "dhcp",
"use_mgmt_vrf": false
}
},
{
"name": "distribution",
"port_config": {},
"additional_config_cmds": [
""
],
"ip_config": {
"type": "dhcp",
"network": "default"
},
"oob_ip_config": {
"type": "dhcp",
"use_mgmt_vrf": false
},
"match_model[0:7]": "QFX5120"
},
{
"name": "access",
"port_config": {
"ge-0/0/16": {
"usage": "myaccess",
"dynamic_usage": null,
"critical": false,
"description": "",
"no_local_overwrite": true
}
},
"additional_config_cmds": [
""
],
"ip_config": {
"type": "dhcp",
"network": "default"
},
"oob_ip_config": {
"type": "dhcp",
"use_mgmt_vrf": false
},
"match_model[0:6]": "EX4400"
}
]
},
"switch_mgmt": {
"config_revert_timer": 10,
"root_password": "juniper123",
"protect_re": {
"enabled": false
},
"tacacs": {
"enabled": false
}
},
"radius_config": {
"auth_servers": [],
"acct_servers": [],
"auth_servers_timeout": 5,
"auth_servers_retries": 3,
"fast_dot1x_timers": false,
"acct_interim_interval": 0,
"auth_server_selection": "ordered",
"coa_enabled": false,
"coa_port": ""
},
"vrf_config": {
"enabled": false
},
"remote_syslog": {
"enabled": false
},
"snmp_config": {
"enabled": false
},
"dhcp_snooping": {
"enabled": false
},
"acl_policies": [],
"mist_nac": {
"enabled": true,
"network": null
},
"name": "campus-fabric"
}Topology
Wired Assurance provides the template for LAN and loopback IP addressing for each device once the device’s management IP address is reachable. Each device is provisioned with a /32 loopback address and /31 point-to-point interfaces that interconnect adjacent devices within the Campus Fabric IP Clos.
The WAN router can be provisioned using the Mist UI but is separate from the campus fabric workflow. The WAN router has a southbound link aggregation group (LAG) configured to connect to the ESI-LAG on the core switches. WAN routers can be standalone or built as high-availability clusters.
