header-navigation

Solutions
Products
Services
Partners
Support and Documentation
Learn

All

Company

Products And Solutions

Support

Documentation

Training

Blogs

*Search Entry is Required

Trials and Demos

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.

Prepare for liftoff

Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.

Find out more

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.

Explore enterprise routing

AI for networking

Networking for AI
- AI data center networking
- Ops4AI

Security

Campus and branch

- Campus and branch overview

AI data center

- Data center overview
- Juniper data center validated designs

Automated secure data center

Zero Trust data center
- Zero Trust data center

Data center interconnect
- Data center interconnect

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.

Visit the lab

- WAN overview

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.

Explore enterprise routing

Security
- Secure AI-Native edge
- Zero Trust data center

- Security overview

Data center

Managed services
- Managed services
- Managed SD-WAN

- Service provider overview

Data center

- Cloud operator overview
- Cloud operator validated designs

Industries

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.

Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss.

Gain insights into ecosystem security

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.

Reserve my spot

AI-Native Networking Platform
Juniper Validated Designs (JVD)
See all solutions

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics

Wireless access points

Services

Switches
- EX enterprise

Services

SD-WAN
- Session Smart Routers
- Next-generation firewalls

Edge security
- Secure Services Edge (SSE)
- Secure Connect

Services

Routers

Switches
- EX enterprise
- QFX data center

Operations

Data center automation
- Apstra Intent-Based Networking
- Data center cloud services

WAN automation

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020.

Learn more

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.

Discover how

Firewalls
- SRX next-generation firewalls

Edge security
- Secure Services Edge (SSE)
- Secure Connect

Network access control (NAC)
- Access Assurance

Security management and services

- See all security products
- See security validated designs

Mist AI™

Learn more
- Explainable AI

The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.

Catch the latest episode

Campus and branch

Data center

Security
- Security Director
- Security Assurance

Network operating system
- Junos OS
- Junos OS Evolved

Learn
- Free training
- Training and certification

Deploy and optimize

- Blueprint for AI-Native Acceleration

Optics

AI-Native Networking Platform
Trial and demos
All products A-Z

Services

Tools and resources
- Juniper Support Insights (JSI)
- Training and certification

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.

Explore AI Care Services

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.

Learn about AI Data Center Deployment Services

Guidelines and policies

Partners

Our partners

Become a partner
- Partner program overview
- Partner application

Enrolled partner

Support and Documentation

Documentation

Downloads

Tools and resources

Juniper Support Portal
- Log in

Business professional holding a tablet with digital screen

The Juniper Support Portal (JSP) mobile app is now available!

Get Juniper support anytime, anywhere with the JSP mobile application, now available for Android and iOS!

Download now

End of Life (EoL)

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights

Company

Careers

Media and analyst relations

Training

Certification

Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest

All global events

See the latest

AI-Native NOW event series

Videos

Podcasts

The NOW Way to Network

Watch the video series

Customers

Documentation

Popular resources

Data center

Network routing and switching
- What is a router?
- What is a network switch?

SD-WAN / SASE

Security
- What is advanced threat prevention?
- What is IDS and IPS?

Wireless

- See all learning topics

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.

Learn more

A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.

Watch now

Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.

Catch the latest episode

Solutions

Welcome to the NOW Way to Wi-Fi

Prepare for liftoff

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.

Find out more

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.

Explore enterprise routing

AI for networking

Networking for AI
- AI data center networking
- Ops4AI

Security

Campus and branch

- Campus and branch overview

AI data center

- Data center overview
- Juniper data center validated designs

Automated secure data center

Zero Trust data center
- Zero Trust data center

Data center interconnect
- Data center interconnect

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.

Visit the lab

- WAN overview

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.

Explore enterprise routing

Security
- Secure AI-Native edge
- Zero Trust data center

- Security overview

Data center

Managed services
- Managed services
- Managed SD-WAN

- Service provider overview

Data center

- Cloud operator overview
- Cloud operator validated designs

Industries

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss.

Gain insights into ecosystem security

The Future of In-Store Technologies

Reserve my spot

AI-Native Networking Platform
Juniper Validated Designs (JVD)
See all solutions

Products

Wireless access points

Services

Switches
- EX enterprise

Services

SD-WAN
- Session Smart Routers
- Next-generation firewalls

Edge security
- Secure Services Edge (SSE)
- Secure Connect

Services

Routers

Switches
- EX enterprise
- QFX data center

Operations

Data center automation
- Apstra Intent-Based Networking
- Data center cloud services

WAN automation

Juniper ACX7020 Cloud Metro Access Router

Learn more

Next-gen AI-Native EX4000 line of switches

Discover how

Firewalls
- SRX next-generation firewalls

Edge security
- Secure Services Edge (SSE)
- Secure Connect

Network access control (NAC)
- Access Assurance

Security management and services

- See all security products
- See security validated designs

Mist AI™

Learn more
- Explainable AI

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.

Catch the latest episode

Campus and branch

Data center

Security
- Security Director
- Security Assurance

Network operating system
- Junos OS
- Junos OS Evolved

Learn
- Free training
- Training and certification

Deploy and optimize

- Blueprint for AI-Native Acceleration

Optics

AI-Native Networking Platform
Trial and demos
All products A-Z

Services

Tools and resources
- Juniper Support Insights (JSI)
- Training and certification

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.

Explore AI Care Services

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.

Learn about AI Data Center Deployment Services

Guidelines and policies

Partners

Our partners

Become a partner
- Partner program overview
- Partner application

Enrolled partner

Support and Documentation

Documentation

Downloads

Tools and resources

Juniper Support Portal
- Log in

The Juniper Support Portal (JSP) mobile app is now available!

Get Juniper support anytime, anywhere with the JSP mobile application, now available for Android and iOS!

Download now

End of Life (EoL)

Learn

Company

Careers

Media and analyst relations

Training

Certification

Juniper certification and training news

See the latest

All global events

See the latest

AI-Native NOW event series

Videos

Podcasts

The NOW Way to Network

Watch the video series

Customers

Documentation

Popular resources

Data center

Network routing and switching
- What is a router?
- What is a network switch?

SD-WAN / SASE

Security
- What is advanced threat prevention?
- What is IDS and IPS?

Wireless

- See all learning topics

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.

Learn more

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.

Watch now

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.

Catch the latest episode

Trials and Demos

Home Documentation Microsegmentation with VXLAN Group-Based Policies in IP Clos Fabric— Juniper Validated Design Extension (JVDE)

Microsegmentation with VXLAN Group-Based Policies in IP Clos Fabric— Juniper Validated Design Extension (JVDE)

keyboard_arrow_up

close

keyboard_arrow_left

Microsegmentation with VXLAN Group-Based Policies in IP Clos Fabric— Juniper Validated Design Extension (JVDE)

Table of Contents Expand all

About this Document
Solution Overview
Solution Benefits
Use Case and Reference Architecture
Validation Framework
Considerations when implementing VXLAN-GBP
Test Objectives
Recommendations
APPENDIX: Switch Template Configuration Examples
APPENDIX: Dynamic Client Authentication Using the Mist Authentication Cloud
APPENDIX: Static Client Assignments
APPENDIX: Debugging Examples Using the Junos OS CLI
Revision History

list Table of Contents

PDF

{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }

English

Chinese - 中文 (简体)

French - français

German - Deutsch

Japanese - 日本語

Korean - 한국어

Portuguese - Português

Spanish - Español

keyboard_arrow_right

About this Document

date_range 07-Mar-25

arrow_backward

arrow_forward

JVD-IPCLOS-GBP-01-01

Overview

This document focuses on a VXLAN group-based policies (GBP) reference design using a Juniper Mist™-managed Campus Fabric IP Clos. The intent is to demonstrate how VXLAN GBPs can be implemented in a campus fabric to achieve microsegmentation beyond the level of traditional ACL-based designs. As a result of reviewing this JVD, you will learn how to leverage these features in your own network designs.

This document describes the basics of how VXLAN GBPs work and the enhancements Juniper Networks provides to the IETF standards-based approach. Common implementation questions and potential limits are also discussed. We discuss which tests are performed for this JVD. In the appendix section of this JVD, we share details about how you can repeat these tests in your own environment.

arrow_backward PREVIOUS Microsegmentation with VXLAN Group-Based Policies in IP Clos Fabric— Juniper Validated Design Extension (JVDE)

NEXT arrow_forward Solution Overview

footer-navigation

Company

Popular resources

Stay in touch

Invalid email format

Email Submitted Sucessfully

There are required fields that need filling before you can submit.

✓

Send me email updates about Juniper Networks, Inc.’s news, events, and product details. You may withdraw your consent at any time via the opt-out link in our emails. For more information, see our Privacy Notice.

Read about Juniper's privacy policy.

Invalid Captcha

Something Went Wrong. Please try again.

Scroll to top

We use cookies and similar technologies to improve your localized experience, analyze usage, and advertise.

OK Cookie Settings

Don't show this disclaimer again

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry