Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Build

 

Explanation of Procedure

In the build stage, you add site-specific details to your template to create a blueprint. While your template is generic and can be reused across multiple data centers, a blueprint is intended to be specific to a data center site.

The blueprint contains site-specific details for both your physical fabric and your virtual overlay networks.

In the blueprint, you assign IP addresses and other network resources like AS numbers, and you specify the actual hardware to use in your physical underlay network. You also create your overlay networks, which are defined by security zones and virtual networks running in those zones. Since overlay networks are part of the blueprint, it’s expected that you’ll regularly change the virtual part of your blueprint as your overlay connectivity requirements change.

Create the Blueprint

  1. Select Blueprints in the left-nav bar to bring up the Blueprints page.
  2. Click Create Blueprint. The Create Blueprint window appears.
  3. Type in the Name you want to call this blueprint. The name should distinguish this data center site from your other data center sites (for example DC1-Fabric).
  4. Use the drop-down list to select the Template that you created earlier (for example, L2 Pod 2x2).
  5. Click Create.

    Your new blueprint is now shown on the Blueprints page.

Build the Blueprint - Physical

This part of the blueprint covers the underlay network. You specify the actual physical devices you want to use in your site, the loopback IP address assignments for those devices, the IP address assignments for the intra-fabric ports, the BGP AS numbers to use, and other underlay parameters.

  1. On the Blueprints page, click the blueprint you want to build (for example, DC1-Fabric).

    You are placed on the Dashboard page for your blueprint. Since you haven’t deployed your blueprint yet, the Dashboard page is empty.

  2. Click the Staged tab. This is the page where you stage your blueprint with site-specific details.

    The Staged page consists of a row of tabs at the top (Figure 7). Once you select a tab, the rest of the page is placed in context with that selection. By default, the Physical tab is selected.

    Figure 7: Blueprints - Staged
    Blueprints - Staged

    When the Physical tab is selected, the right-most pane shows various icons with color-coded warnings under the Build tab (Figure 8).

    Figure 8: Physical Build
    Physical Build

    Hover over each icon to see what each represents (from left to right):

    • Resources

    • Device Profiles

    • Devices

    • External Routers (not used in this use case)

    • Configlets (not used in this use case)

    When you select an icon, the area below the icons is placed in context with that selection. By default, the Resources icon is selected.

  3. With the Physical tab and Resources icon selected (Figure 9), specify the resource pools to use.
    Figure 9: Physical Build - Resources
    Physical Build - Resources

    1. Click the red warning icon to the left of ASNs - Spines to expand the selection and click the Update assignments icon in the expanded section.
    2. Select the DC1-ASN pool you created earlier and click the Save icon.
    3. Click the red warning icon to the left of ASNs - Leafs to expand the selection and click the Update assignments icon in the expanded section.
    4. Select the DC1-ASN pool again and click the Save icon.
    5. Click the red warning icon to the left of Loopback IPs - Spines to expand the selection and click the Update assignments icon in the expanded section.
    6. Select the DC1-Loopback-IP pool you created earlier and click the Save icon.
    7. Click the red warning icon to the left of Loopback IPs - Leafs to expand the selection and click the Update assignments icon in the expanded section.
    8. Select the DC1-Loopback-IP pool again and click the Save icon.
    9. Click the red warning icon to the left of Link IPs - Spines<>Leafs to expand the selection and click the Update assignments icon in the expanded section.
    10. Select the DC1-Intra-Fabric-IP pool you created earlier and click the Save icon.
    Note

    When you click the Update assignments icon, you may need to use the pagination chevrons to find your selection. Each page displays a maximum of 5 entries.

    As you progress through this step, the red warning icons turn green to indicate that you’ve successfully assigned the respective resource.

  4. Click the Device Profiles icon to select the device profiles to use (Figure 10).

    This is where you tell AOS about the device hardware models and device OS versions you want to deploy. You do this by telling AOS what interface maps you want to use for the logical devices in your template. Recall that the interface map associates a device profile (hardware model and allowed OS versions) to a logical device. By specifying the interface map, you’re selecting the device hardware model and allowed OS versions to use for the selected logical device.

    Figure 10: Physical Build - Device Profiles
    Physical Build -
Device Profiles

    1. Click the red warning icon to the left of AOS-2x40 to expand the selection and click the Change interface maps assignments icon in the expanded section. The Update interface map for AOS-2x40 window appears.
    2. For both spine1 and spine2, use the drop-down lists to select Juniper_QFX10002-36Q____AOS-2x40. The drop-down lists show all the interface maps that have been defined for the AOS-2x40 logical device. In this use case, you created only one interface map for this logical device, so that’s the only selection available. By selecting this interface map, you’re indicating that you want to use the QFX10002-36Q switch as the spine device in this fabric.
    3. Click Update Assignments.
    4. Click the red warning icon to the left of AOS-2x10+2x40 to expand the selection and click the Change interface maps assignments icon in the expanded section. The Update interface map for AOS-2x10+2x40 window appears.
    5. For both l2_1l2s_001_leaf1 and l2_1l2s_002_leaf1, use the drop-down lists to select Juniper_QFX5110-48S____AOS-2x10+2x40. The drop-down lists show all the interface maps that have been defined for the AOS-2x10+2x40 logical device. In this use case, you created only one interface map for this logical device, so that’s the only selection available. By selecting this interface map, you’re indicating that you want to use the QFX5110-48S switch as the leaf device in this fabric.Note

      In the blueprint, the names of the leaf devices differ from the template. The main difference is that AOS does not use the name you gave to the leaf device when you defined the rack. Instead, the format is <rack name>_<rack instance>_leaf<leaf instance> (see Table 12).

    6. Click Update Assignments.
    7. Click the red warning icon to the left of AOS-1x10-1 to expand the selection and click the Change interface maps assignments icon in the expanded section. The Update interface map for AOS-1x10-1 window appears.
    8. For all servers, use the drop-down lists to select Generic_Server_1RU_1x10G_Centos_AOS-1x10-1. Recall that you’re using the predefined AOS-1x10-1 logical device for your servers. This logical device has multiple predefined interface maps. The Generic_Server_1RU_1x10G_Centos_AOS-1x10-1 interface map associates a CentOS server to this device.Note

      In the blueprint, the names of the servers differ from the template. The main difference is that AOS does not use the name you gave to the server when you defined the rack. Instead, the format is <rack name>_<rack instance>_server<server instance> (see Table 12).

    9. Click Update Assignments.
    10. (Optional) Click the Links tab to display the links that AOS is creating based on your interface map assignments (Figure 11). Recall that the interface maps contain information on how the ports are used in your fabric. When you created the interface maps earlier, you specified that the leaf devices use ports et-0/0/48 and et-0/0/50 to connect to your spine devices, and your spine devices use ports et-0/0/34 and et-0/0/35 to connect to your leaf devices. Note that you did not specify which specific port connects to which specific port. AOS makes those assignments automatically when you assign an interface map to a device.
      Figure 11: Physical Links Table
      Physical Links Table

      In this example, you can see that AOS has assigned port et-0/0/48 on each leaf device to connect to the spine1 device, and that AOS has assigned port et-0/0/50 on each leaf device to connect to the spine2 device. These port assignments are purely arbitrary.

      If you’ve pre-wired your fabric, then there’s a chance that these arbitrary port assignments do not match your actual wiring. In the Deploy stage, we’ll show you how you can override these assignments.

    As you progress through this step, the red warning icons turn green to indicate that you’ve successfully assigned the respective device profile.

  5. Click the Devices icon to assign the actual devices you want to use to your blueprint (Figure 12).

    These are the devices you specified when you created the device agents. AOS only allows you to assign devices that match the interface maps you picked in the previous step. Once you assign a device, that device is no longer available for assignment in this blueprint or any other blueprint. In this way, AOS prevents you from double booking a device by mistake.

    Figure 12: Physical Build - Devices
    Physical Build - Devices
    Note

    You can defer this step if you haven’t installed your physical devices yet. You only need to install and assign devices before you deploy.

    1. Click the amber warning icon to the left of Assigned System IDs to expand the entry and click the Change System IDs assignments icon in the expanded section. The Assign Systems window appears.
    2. For spine1, use the drop-down list to select 10.123.162.1 and ensure the Deploy Mode is set to Deploy.
    3. For spine2, use the drop-down list to select 10.123.162.2 and ensure the Deploy Mode is set to Deploy.
    4. For l2_1l2s_001_leaf1, use the drop-down list to select 10.123.151.1 and ensure the Deploy Mode is set to Deploy.
    5. For l2_1l2s_002_leaf1, use the drop-down list to select 10.123.151.2 and ensure the Deploy Mode is set to Deploy.
    6. Click Update Assignments.
    7. (Optional) Click the Nodes tab to display the nodes that AOS is creating based on your device assignments (Figure 13). You can see the device names, serial numbers, loopback IP addresses, AS numbers, and other information here.
      Figure 13: Physical Nodes Table
      Physical Nodes Table
Note

You don’t need to update assignments for the 4 servers when you’re connecting the servers to a leaf device using layer 2. Because the servers are not assigned, the Assigned Systems IDs warning icon remains amber. You can safely ignore this warning.

At this point, AOS has sufficient information to configure your underlay network. You can now proceed to define your overlay networks.

Build the Blueprint - Virtual

This part of the blueprint covers the overlay networks that run on top of the underlay. Recall from Figure 2 that you’ll be creating two security zones (or VRFs), DC1-Green and DC1-Red. DC1-Green contains routes for subnets 192.168.100.0/24 and 192.168.101.0/24. DC1-Red contains routes for subnet 192.168.200.0/24. In AOS, each subnet is represented by a virtual network, which you’ll configure as DC1-Green-VN1, DC1-Green-VN2, and DC1-Red-VN1.

Figure 14 shows these subnets in the context of the physical leaf devices and servers.

Figure 14: Virtual Networks and Subnets
Virtual Networks
and Subnets

As in the design stage, AOS automatically names devices in a particular format. This format allows you to determine the rack and device types and instances solely from the name, but may be difficult to parse. Use Table 12 to correlate between the devices in the figure above with the device names that AOS uses.

Table 12: Device Names

Device

AOS Device Name

Leaf1

l2_1l2s_001_leaf1

Leaf2

l2_1l2s_002_leaf1

BMS1

l2_1l2s_001_server001

BMS2

l2_1l2s_001_server002

BMS3

l2_1l2s_002_server001

BMS4

l2_1l2s_002_server002

Note: You can’t change how the devices are named in AOS, but you can change the hostname that AOS configures on the device. Changing the hostname on the device is easy to do in AOS but is outside the scope of this document.

  1. Click the Virtual tab. A new row of tabs appears immediately below: Virtual Networks, Security Zones, Remote EVPN Gateways, Virtual Infra, Endpoints.
  2. Create the DC1-Green security zone (VRF).

    1. Select the Security Zones tab.
    2. Click Create Security Zone.

      The Create Security Zone window appears.

    3. Enter a VRF Name (for example, DC1-Green) and click Create.
  3. Create the DC1-Red security zone (VRF).

    1. Click Create Security Zone.

      The Create Security Zone window appears.

    2. Enter a VRF Name (for example, DC1-Red) and click Create.
  4. Select the resource pools for your security zones.

    1. In the right-most pane (Figure 15), click the red warning icon to the left of DC1-Green:Leaf Loopback IPs to expand the selection and click the Update assignments icon in the expanded section.
      Figure 15: Virtual Security Zones - Build
      Virtual Security
Zones - Build
    2. Select the DC1-Green-Loopback IP pool and click the Save icon.
    3. Click the red warning icon to the left of DC1-Red:Leaf Loopback IPs to expand the selection and click the Update assignments icon in the expanded section.
    4. Select the DC1-Red-Loopback IP pool and click the Save icon.
    5. Click the red warning icon to the left of EVPN L3 VNIs to expand the selection and click the Update assignments icon in the expanded section.
    6. Select DC1-VNI and click the Save icon.

    As you progress through this step, the red warning icons turn green to indicate that you’ve successfully assigned the respective resources.

  5. Create the first DC1-Green virtual network.

    1. Click the Virtual Networks tab.
    2. Select Create Virtual Networks.

      The Create Virtual Network window appears.

    3. Fill in the required fields (Table 13) and click Create.

      Table 13: Create Virtual Network - DC1-Green-VN1

      Parameter

      Description

      Setting in this Use Case

      Type

      VLAN for single-rack scope.

      VXLAN for fabric-wide scope.

      VXLAN

      Name

      The name you want to call this virtual network.

      DC1-Green-VN1

      Security Zone

      The security zone that this virtual network belongs to.

      DC1-Green

      IPv4 Connectivity

      Specify whether to enable IPv4 capability on the switch interface. This creates an IRB interface on the switch and assigns the Virtual Gateway IPv4 address to the interface.

      Enabled

      IPv4 Subnet

      The subnet for this virtual network.

      192.168.100.0/24

      Virtual Gateway IPv4

      The gateway IP address for this virtual network. AOS assigns this IP address to the IRB interface on the switch.

      192.168.100.1

      Assigned To

      Select the leaf switches that are part of this virtual network.

      From Figure 14, both Leaf1 and Leaf2 are part of this virtual network.

      l2_1l2s_001_leaf1

      l2_1l2s_002_leaf1

  6. Create the second DC1-Green virtual network.

    1. Select Create Virtual Networks.

      The Create Virtual Network window appears.

    2. Fill in the required fields (Table 14) and click Create.

      Table 14: Create Virtual Network - DC1-Green-VN2

      Parameter

      Description

      Setting in this Use Case

      Type

      VLAN for single-rack scope.

      VXLAN for fabric-wide scope.

      VXLAN

      Name

      The name you want to call this virtual network.

      DC1-Green-VN2

      Security Zone

      The security zone that this virtual network belongs to.

      DC1-Green

      IPv4 Connectivity

      Specify whether to enable IPv4 capability on the switch interface. This creates an IRB interface on the switch and assigns the Virtual Gateway IPv4 address to the interface.

      Enabled

      IPv4 Subnet

      The subnet for this virtual network.

      192.168.101.0/24

      Virtual Gateway IPv4

      The gateway IP address for this virtual network. AOS assigns this IP address to the IRB interface on the switch.

      192.168.101.1

      Assigned To

      Select the leaf switches that are part of this virtual network.

      From Figure 14, only Leaf1 is part of this virtual network.

      l2_1l2s_001_leaf1

  7. Select the resource pools to use for your virtual networks.

    1. In the right-most pane (Figure 16), click the red warning icon to the left of VNI Virtual Network IDs to expand the selection and click the Update assignments icon in the expanded section.
      Figure 16: Virtual Networks - Build
      Virtual Networks
- Build
    2. Select DC1-VNI and click the Save icon.
  8. Configure the server-facing ports on the leaf device for the first DC1-Green virtual network.

    1. In the virtual networks table, click DC1-Green-VN1.
    2. Scroll down to Endpoints>Port Maps. This section shows a port pictogram of both leaf devices.

      Select port 1 (xe-0/0/0) in both pictograms and click Untagged (Figure 17).

      Figure 17: DC1-Green-VN1 Port Maps
      DC1-Green-VN1 Port Maps
    3. Scroll back up and see the preview (Figure 18) showing how the DC1-Green-VNI virtual network is connected.
      Figure 18: DC1-Green-VN1-Preview
      DC1-Green-VN1-Preview
  9. Configure the server-facing ports on the leaf device for the second virtual network.

    1. Scroll back up and select the Virtual Networks tab.
    2. In the virtual networks table, click DC1-Green-VN2.
    3. Scroll down to Endpoints>Port Maps. This section shows a port pictogram of the leaf device in Rack 1.

      Select port 2 (xe-0/0/1) and click Untagged (Figure 19).

      Figure 19: DC1-Green-VN2 Port Maps
      DC1-Green-VN2 Port Maps
    4. Scroll back up and see the preview (Figure 20) showing how the DC1-Green-VN2 virtual network is connected.
      Figure 20: DC1-Green-VN2 Preview
      DC1-Green-VN2 Preview
  10. Create the DC1-Red virtual network.

    1. Scroll back up and click the Virtual Networks tab.
    2. Select Create Virtual Networks.

      The Create Virtual Network window appears.

    3. Fill in the required fields (Table 15) and click Create.

      Table 15: Create Virtual Network - DC1-Red-VN1

      Parameter

      Description

      Setting in this Use Case

      Type

      VLAN for single-rack scope.

      VXLAN for fabric-wide scope.

      VXLAN

      Name

      The name you want to call this virtual network.

      DC1-Red-VN1

      Security Zone

      The security zone that this virtual network belongs to.

      DC1-Red

      IPv4 Connectivity

      Specify whether to enable IPv4 capability on the switch interface. This creates an IRB interface on the switch and assigns the Virtual Gateway IPv4 address to the interface.

      Enabled

      IPv4 Subnet

      The subnet for this virtual network.

      192.168.200.0/24

      Virtual Gateway IPv4

      The gateway IP address for this virtual network. AOS assigns this IP address to the IRB interface on the switch.

      192.168.200.1

      Assigned To

      Select the leaf switches that are part of this virtual network.

      From Figure 14, only Leaf2 is part of this virtual network.

      l2_1l2s_002_leaf1

  11. Configure the server-facing ports on the leaf device for the DC1-Red virtual network.

    1. In the virtual networks table, click DC1-Red-VN1.
    2. Scroll down to Endpoints>Port Maps. This section shows a port pictogram of the leaf device in Rack 2.

      Select port 2 (xe-0/0/1) and click Untagged (Figure 21).

      Figure 21: DC1-Red-VN1 Port Maps
      DC1-Red-VN1 Port
Maps
    3. Scroll back up and see the preview (Figure 22) showing how the DC1-Red-VN1 virtual network is connected.
      Figure 22: DC1-Red-VN1-Preview
      DC1-Red-VN1-Preview
  12. Double check your virtual networks.

    1. Scroll back up and click the Virtual Networks tab.
    2. In the virtual networks table, check that the Security Zone, Assigned to, and IPv4 Subnet settings are as shown in Figure 23.
      Figure 23: Virtual Networks
      Virtual Networks
    3. Correct any mistakes before going to the Deploy stage.

You’ve now finished creating and building your site-specific blueprint. You’re ready to deploy.