Appendix: Layer 2 Exit with Transport VLAN

When defining the transport VLANs in the switch template, do not set the subnet information. You configure this information later as an Additional IP Subnet on each service block function. See Figure 1, Figure 2, and Figure 3.

Figure 1: Empty Subnet Configuration on Transport VLAN 1

Figure 2: Empty Subnet Configuration on Transport VLAN 2

Figure 3: Empty Subnet Configuration on Transport VLAN 3

The following CLI configuration shows the exported version of the switch template used in the transport VLAN fabric. This allows you to review our setup when importing. As you can see, there is a minimum of two VLANs per VRF plus an additional transport VLAN per VRF.

Within the Campus Fabric Configuration dialogue, there is a section called Configure Networks. This is where you import your six access VLANs from the switch template. When finished, the configuration should be as shown in Figure 4 and the result in our case will look as shown below. Since the three transport VLANs are not part of the access layer, they are not defined in the service block function.

Figure 4: Access VLAN Import Within Campus Fabric Configuration Dialogue

Next, you create 3 VRFs and attach two of the access networks to each VRF as shown in Figure 5.

Figure 5: VRF Configuration

Next, go to each VRF and confirm that you only have access networks defined with no default route. You will define the transport VLANs and default routes later in the service block function. See Figure 6, Figure 7, and Figure 8.

Figure 6: VRF1—Access VLANs Without Default Routes

Figure 7: VRF2—Access VLANs Without Default Routes

Figure 8: VRF3—Access VLANs Without Default Routes

Core1 and Core2 Switch Configuration

In the transport VLAN attach example, the service block function is virtual and co-located on the core switch. Therefore, you must configure the two core switches. The following pseudocode represents the configuration you must apply to the core1 and core2 switches:

The following four images display the Juniper Mist portal configuration that results from the previous pseudocode starting with the additional IP configuration required to assign the local IP addresses to each transport VLAN.

Figure 9: Transport VLAN Additional IP Configuration

Figure 10: VLAN trans1 Configuration

Figure 11: VLAN trans2 Configuration

Figure 12: VLAN trans3 Configuration

Next, you define the Port Profile used for the uplinks. It is critical that you only include the transport VLAN in the Trunk Networks definition since only those VLANs are used and visible to the WAN router.

Figure 13: Port Profile for WAN Router Attach Using Transport VLAN

Next, you assign the port profiles to each uplink port.

Figure 14: Port Profile Assignment for Transport VLAN Attach

Figure 15 shows the configuration of the first uplink to the first WAN router.

Figure 15: Port Configuration for First Uplink to First WAN Router

Figure 16 shows the configuration of the second uplink to the first WAN router.

Figure 16: Port Configuration for Second Uplink to First WAN Router

Next, you create and modify local VRFs. Remember, this is an exception made only for the transport VLAN exit method. Usually, the fabric creates the VRFs automatically. In this case, we must enable the Override Site/Template Settings checkbox in the VRF configuration. Figure 17 shows the required configuration in the Juniper Mist portal.

Figure 17: Override Template Settings for Transport VLAN Exit

Next, you must perform the following three configurations in each of your three VRF instances:

• Enable the Override Template Defined VRF Instance checkbox.
• Add your transport VLAN to the pre-populated list of access VLANs.
• Add a default route where the gateway IP address is the VRRP VIP address of your WAN router.

Figure 18, Figure 19, and Figure 20 show the override configurations for each of the three VRFs.

Figure 18: VRF1 Override Configurations

Figure 19: VRF2 Override Configuration

Figure 20: VRF3 Override Configuration

Now, you must configure additional CLI to modify the transport VLANs to use VGA configuration to help avoid excess hair-pin routing of traffic within the fabric. In the switch configuration for each of your service block function switches, locate the CLI Configuration section in the Juniper Mist portal. You must paste the required configuration into the field indicated in the figure below:

Figure 21: Location of Additional CLI Commands Field

The example CLI configuration for your core1 switch, is shown in the following code block. We have configured the static IP address as the virtual gateway IP address + 1 (10.99.1.2).

For your core2 switch, only the static IP addresses of the transport VLAN are changed to be the virtual gateway IP address + 2 (10.88.1.3).

Juniper MX as WAN Router

The following CLI snippet example contains the configuration of the interfaces, the VRRP gateway redundancy, and the static routes for the first WAN router. You may need to add default routes and interfaces to complete the configuration.

On the second WAN router, the notable configuration changes are the AE keys and indexes, and the static IP addresses.

You may wonder about those static routes in the 172.16.19x.0 range. Remember that IP Clos is an anycast fabric. As such, you must have the static routes to prepare for when the DHCP relay will use IP addresses in the fabric overlay. See the figure below for an example:

Figure 22: Loopback per VRF Subnet

The overlay loopbacks IPs are assigned to each VRF on a switch as a /24 range. You can figure them out by looking at a fabric access switch as shown in the figure below. Hence, you must map them back like any other additional VLAN attached to the VRF to achieve the required reachability.

Figure 23: VRF Loopback IP Addresses

The following commands help to debug the connections on WAN router1.

The following commands help you to debug connections on WAN router2.