Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Set Up the Example ConnectorOps Topology

Use the following steps to set up the exact topology used in this Apstra ConnectorOps Setup Guide. There are many ways to configure the routing and design of your fabric, and this is just one example. All the configurations done in this process are specific to this topology.

If you are using your own topology, see the Prerequisites for everything ConnectorOps needs to render SRX configurations in Apstra. High-level steps:
  1. Create a Routing Policy for Your Fabric

  2. Create and Assign a Connectivity Template Between the SRXs and Border Leaves

  3. Create External (Over the Top) Gateways in Apstra, and Designate them as Firewalls for Each SRX

  4. Create VNs and Assign Routing Zones to Nodes

  5. Configure Security Policies

To Create a Routing Policy for Your Fabric

  1. 1. Navigate to Staged > Policies > Routing Policies > Create Routing Policy.
    The Create Routing Policy window displays.
  2. Configure your Routing Policy with the following parameters:

    BGP routing policy configuration named BGP-2-SRX showing import/export rules, routing settings, and associated endpoints.
  3. Click Create.

To Create and Assign a Connectivity Template Between the SRXs and Border Leaves

  1. 1. From your blueprint, navigate to Staged > Connectivity Templates > Add Template.
    The Create Connectivity Template window displays.
  2. Enter a name for your template, then select the Primitives tab.
  3. Select IP Link, BGP Peering (Generic System), and Routing Policy.

    User interface for creating a connectivity template in a network automation platform, with tabs for configuration options, a primitives list, a visual diagram showing flow from application point to routing policy, and buttons to create or revert changes.
  4. Select the Parameters tab and configure each primitive with the following parameters:
    • IP Link

      Configuration interface for IP link setup with options for routing zone (Default routing zone selected), interface type (Untagged selected), VLAN ID (disabled, set to 2), L3 MTU (empty), IPv4 addressing type (Numbered selected), and IPv6 addressing type (None selected). Parameters tab is active.
    • BGP Peering (Generic System)

      Configuration interface for BGP peering setup with options for IPv4 and IPv6 AFI toggles, TTL, BFD toggle, password, keep-alive and hold time timers, and addressing type selection for IPv4 and IPv6.

      Network settings interface with IPv6 Addressing Type options: None, Addressed, Link local; Local ASN pre-filled with 64497; Neighbor ASN Type options: Static, Dynamic; Peer From options: Loopback, Interface; Peer To options: Loopback, Interface/IP Endpoint, Interface/Shared IP Endpoint.

    • Routing Policy: Your Routing Policy

  5. Click Create.
  6. Select your Connectivity Template and click the Assign button.

    User interface icons: chain link labeled Assign, pencil labeled Edit, and trash can labeled Delete.
  7. Assign the template to each interface of your border leaves.
    This designates the desired BGP peers.
  8. Click Assign.
    You can verify the new BGP peers by navigating to Staged > Virtual > Routing Zones > select default Routing Zone > Interfaces section.

    User interface for assigning the BGP-2-SRX configuration to network devices in a hierarchical fabric structure with pods, racks, leaf switches, and interfaces connected to vSRX devices.
    '
  9. Click Assign.
  10. Assign Link IPs to Generic Systems

    Warning: Removing existing pools may impact resource assignments. Status: 0/8 Link IPs - To Generic. Buttons: Edit, Reset, View details. Tooltip: Update assignments. Info: No pools assigned.

    You can verify in Staged > Virtual > Protocol Sessions.

  11. Commit your changes.

To Create External (Over the Top) Gateways in Apstra, and Designate them as Firewalls for Each SRX

  1. Navigate to Staged > DCI > Over the Top or External Gateways > Create Over the Top or External Gateway.

    The Create Over the Top or External Gateway window displays.

  2. 2. Configure an external gateway for each SRX, with the following parameters:

    Configuration page for network device fw-1 showing IP 192.168.1.7, ASN 65001, TTL 30, keep-alive 10, hold-time 30, EVPN route type5_only, and two gateway nodes, borderleaf1 and borderleaf2, with roles Leaf, ASNs 64516 and 64517, and respective hostnames.
  3. Click Create.
  4. Commit your changes.

To Create VNs and Assign Routing Zones to Nodes

  1. Navigate to Staged > Virtual > Routing Zones > Create Routing Zone.
    The Create Routing Zone window displays.
  2. Enter a name and Virtual Network Interface (VNI) number for your Routing Zone (RZ), then click Create.
    A Route Target and VLAN ID are automatically assigned.
  3. Repeat this process until A list of Routing Zones displays. The following is an example list of Routing Zones.

    Table showing VRF configurations with columns for VRF Name, Tags, Type, VLAN ID, Route Target, VNI, DHCP Servers, Routing Policy Name, and Actions. Key details include VRF types like EVPN and L3 Fabric, unique VLAN IDs and VNIs, Route Targets such as 20001:1, and a consistent routing policy name Default_immutable. No tags or DHCP Relay are configured. Actions column includes a delete option.
  4. Select the Virtual Networks tab.
    Let's create VNs to assign to each RZ we created.
  5. Click Create Virtual Network.

    The Create Virtual Networks window displays.

  6. Enter the following information:

    • Name: Name of the VN

    • Routing Zone: Select an RZ to associate with the VN. In this example, green-1 is associated with RZ green that we previously created.

    • VNI(s):

    • VLAN ID (on leafs):

  7. Select the box for Reserve across blueprint.
  8. Enter the following:

    • IPv4 Subnet: The subnet the VN uses for addressing.

    • Virtual Gateway IPv4: The IP address that is assigned to the Virtual Gateway.

  9. Under Create Connectivity Templates for, select the box for Untagged.
  10. In the Assigned To section, select each border leaf, and the rack containing the leaf pair.
  11. Click Create.
  12. Repeat this process until each RZ has an associated VN.

    The list of VNs displays. Now, let’s designate a Loopback IP pool for the VNs.

  13. Navigate to Virtual > Routing Zones.
  14. Click the Assign button to assign an IP pool for Loopback IP addressing.

    User interface for managing resource allocation with sections By Routing Zones and By Resource Groups. By Routing Zones shows Leaf Loopback IPs with 0 of 1 resources assigned and a tooltip to change pool assignments. By Resource Groups shows EVPN L3 VNIs with all 4 resources assigned and green: Leaf Loopback IPs with 0 of 4 resources assigned.
  15. Select all of the RZs, then select an IP pool from the dropdown at the top.
  16. Select Assign Selected, then click Update.

    User interface for updating pool assignments with a dropdown to select a pool, a table listing routing zones cats, dogs, green, and red with checkboxes and pool assignment dropdowns, and Assign Selected, Unassign Selected, and Update buttons.
  17. Commit your changes.
    Next, let’s assign the RZs to the appropriate nodes.
  18. Navigate to Staged > Connectivity Templates.
  19. Select the new VNs from the list, and select the Assign Selected Templates button at the top.
    The Assign Selected Templates window displays. Note the columns for each VN at the top of the table.

    List of items with checkboxes, 4 selected: Untagged VxLAN cats-1, dogs-1, green-1, red-1. Toolbar with icons and tooltip Assign Selected Templates.
  20. Assign each VN to a corresponding interface (endpoint).

    The following example shows the designated VN assignments.


    Network configuration interface for assigning templates in a fabric, showing a hierarchy with pod1, racks, leaves, interfaces, VxLAN assignment checkboxes, tags, and an Assign button.
  21. Navigate to Staged > Fabric Settings > Fabric Policy > Modify Settings.

    The Modify Fabric Policy Settings window displays.

  22. Under Default IP Links to Generic Systems MTU, enter 9000.
  23. Commit your changes.

To Configure Security Policies

The following are the exact Security Policies applied on the SRX devices in this example topology for end-to-end routing.

After setting up this topology, proceed to Deploy ConnectorOps and Verify Connectivity.