Recommendations

The following simple guidelines will help you to successfully implement a campus fabric using VXLAN-based GBPs in your network:

• Consider building and managing the fabric using the Juniper Mist portal as part of what is tested in this JVD.
• The only supported fabric type for VXLAN-based GBPs is IP Clos.
• The only supported switch types for access switches are the EX4400 and EX4100 Switches.
• When you intend to do static GBP tag assignments via VLAN ID, it is better to use the IP prefix of a VLAN since the IP prefix would also be recognized by EX4100 Switches.
• Dynamic assignments via third-party RADIUS servers should be easy to implement once you have configured the RADIUS dictionaries to support the vendor attribute “Juniper-switching-filter” with the right string value.
• If your wired clients are in different VRFs of the same fabric, consider configuring the segmentation in the WAN router for controlling the forwarding between the two VRFs.
• If you attach a desktop switch at the access switch then you may need to do a second authentication at the access switch before entering the fabric.
• Microsegmentation of wired and wireless clients is managed using the Juniper Mist portal but in different sections of the portal.
• Always use a switch template for all switches in the fabric to sync all changes you do in regards to GBP tag assignments and SGT Policies. Do not configure each switch individually. Switch templates help applying consistent policies across the network and any CRUD operations performed will be uniformly applied.
• When configuring GBP for the first time, you need to schedule a maintenance window for your access switches to restart the PFE for a standalone switch or a reboot of a Virtual Chassis before your GBP configuration gets activated.
• All deployments must be done with Junos OS Release 24.2R2 or higher as only this guarantee syncing between Layer 2 and Layer 3 GBP tag internal tables. Also check that the Juniper Mist fabric pushes the set forwarding-options evpn-vxlan gbp mac-ip-inter-tagging Junos OS command to each switch activating this sync. If this is missing, add it as an additional CLI command to your access switch template. Campus fabrics deployed after June 2024 also need Junos OS Release 24.2R2 since you need GBP support for EVPN Type 2/5 coexistence configured on the fabric.
• When using static classifiers, it is recommended to avoid overlapping assignments where different GBP tags can be assigned to the same client based on different classifiers. This avoids confusion on needing to know about tag hierarchy and when it takes place or not. You will find more information about the expected behaviour via this link.

Recommended installation and activation procedure for GBP in IP Clos campus fabrics.

1. Schedule a maintenance window for the entire fabric.
2. Download the recommended Junos OS Release (currently 24.2R2) to all standalone access and Virtual Chassis switches.
3. Reboot all standalone access and Virtual Chassis switches so that they have the recommended Junos OS release version running.
4. Using switch template:
   1. Have at least one initial GBP tag assignment created.
   2. Have at least one initial switch policy created.
   3. Save the template.
5. Juniper Mist cloud will then deploy the global tags and policy onto all access switches.
   1. Standalone switches will automatically reboot the PFE when the first GBP configuration is populated by Juniper Mist cloud.
   2. The Virtual Chassis will need to be rebooted manually in step 7.
6. Go to the access switches and check they all received the initial GBP configuration.
   1. Use a remote shell and use the CLI show configuration | display set | match gbp to review.
   2. Ensure that needed commands like set forwarding-options evpn-vxlan gbp mac-ip-inter-tagging are part of the configuration on each access switch.
7. Manually reboot all Virtual Chassis access switches now as they must have the GBP configuration when they start to reserve the needed resources.
8. After Virtual Chassis access switches are up again you can close the maintenance window of the campus fabric and start using it again.
9. You can now start to test GBP and change the GBP tag assignments and switch policy according to your needs.
   1. Make sure from now on you always have at least one GBP tag assignment and switch policy defined.