Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Recommendations

The following list summarizes the recommendations that are given throughout this document.

  • If you have a choice of WAN router type and attachment protocol, we recommend that you choose a WAN router such as a Juniper MX Series router and use eBGP as the L3 attachment protocol to the fabric. This is the most robust method and would likely support new features when they become available.
  • We recommend the use of a pair of dedicated physical service block functions. In fact, this is a requirement if you have more than two core switches.
  • For small fabrics, or lab and PoC designs, you can:
    • Use a single WAN router rather than a redundant pair of WAN routers.
    • Use any of the other tested methods such as stretched VLAN, transport VLAN, or OSPF.
  • Feature requirements for third-party WAN routers to support L2 fabric attach:
    • IEEE 802.3ad LAG with active LACP. Without this, you must use an L3 attach method.
    • If the WAN router supports 2 or more devices for HA, it must support a failover mechanism such as VRRP for its GW IP.
  • Feature requirements for third-party WAN routers to support L3 fabric attach:
    • OSPF or standard eBGP-based route exchanges.
    • OSPF is easier and less to configure but currently lacks filters for import and export policies in the Juniper Mist portal.
    • We recommend that you use eBGP with third-party WAN routers, but this requires more work to set up.
  • Know and understand if the fabric you use is a virtual gateway fabric or an anycast fabric:
    • For virtual gateway fabrics you must leave room for four static IP addresses in each overlay VLAN that the fabric might use.
    • For anycast fabrics you must export host routes from the overlay loopback per-VRF subnet (typically 172.16.192.0/19) for future DHCP relay use.
  • If you use a firewall as WAN router, make sure the vendor provides a way to synchronize the firewall states between the two devices. In addition, the failover mechanism provided must be stateful.
  • When using Mist edges, they should be attached via ESI-LAG to the two service block function. Also ensure not using more than one Mist-Edge per cluster. A Tunnel from an Access Point should then anchor to a primary and secondary cluster. This helps to limit the MAC movement announcements through the fabric.
  • When using an L2 attach with transport VLAN, make sure the netmask is /28 or longer. Also, remember to leave room for four static IPs for virtual gateways and the static IPs for VRRP on the WAN router side. We also recommend using virtual-gateway-address (VGA) configuration for optimal traffic forwarding in the fabric.
  • When using bridged overlay, be aware of the limitations discussed previously.
  • The following considerations apply when using IPv6 in the overlay:
    • At present, IPv6 must also be enabled in the underlay configuration.
    • Keep in mind that the fabric scale design must account for additional route resources in the fabric global route table that is distributed through EVPN Type2/5 routes. An IPv6 client typically has at least a local and a global IPv6 address, both of which the system must propagate and maintain.
    • When assigning a dynamic IPv6 address to a client, it is recommended to use DHCP relay with a DHCPv6 server. SLAAC should not be used, as the client may request additional temporary IPv6 addresses, which would consume more route resources in the fabric. For this reason, SLAAC support is disabled by default.