Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SD-LAN with EX Series Switches

 

For those tenants with LAN service capabilities, you can add an SD-LAN site using EX Series access switches and Virtual Chassis. CSO supports EX2300, EX3400, EX4300, EX4600, and EX4650 switches. The number of members supported in a Virtual Chassis are shown in Table 1.

Table 1: EX Virtual Chassis Member Count by Switch

Switch Model

Maximum Virtual Chassis Member Count

EX2300

4

EX3400

10

EX4300

10

EX4600

10

EX4650

2

The VC must be fully formed prior to provisioning in CSO. CSO only requires the master member’s serial number. Other member devices are automatically discovered during provisioning.

The use cases below show variations in how the EX switches are added to remote sites within CSO and apply equally to individual switches or VC.

Software defined LAN (SD-LAN) using EX Series access switches can be implemented in the following two ways:

  • As an extension of an existing spoke/branch site

  • As a standalone spoke/branch site

Standalone SD-LAN Site

For this solution, the EX switch at the remote site must be installed behind an Internet Gateway device. The Internet Gateway device provides the WAN routing necessary for the switch to reach CSO. Figure 1 shows a simple example of this.

Figure 1: Standalone SD-LAN Site
Standalone SD-LAN Site

To implement a site like this, you must create a new site and only select the LAN service capability during the site onboarding process.

Extend SD-WAN Site

For existing SD-WAN spoke sites, CSO allows you to add an EX Series LAN switch to a branch/spoke site, behind a CPE device, as shown in Figure 2. In this case the CPE device provides the WAN routing needed to reach CSO. If the CPE device is an SRX Series device, the routing is handled natively on the SRX security gateway itself. If the CPE device is an NFX Series device, then the built-in vSRX VNF handles the WAN routing duties.

Figure 2: SD-LAN Behind CPE
SD-LAN Behind CPE

To implement a site like this, you can add the EX switch behind an existing branch/spoke site, or you can create a new site and select both SD-WAN and LAN service capabilities during the site onboarding process.

SD-LAN Behind NGFW Site

Another option for deploying an SD-LAN site is to deploy it behind a NGFW as shown in Figure 3. In this case, the NGFW provides the WAN routing needed to get to CSO.

Figure 3: SD-LAN Behind NGFW
SD-LAN Behind NGFW

Regardless of how the switch is deployed, CSO provides the same ability to configure, monitor, and maintain the device at the remote site.