Test Objectives
The primary objective of this JVDE testing is the qualification testing of the Secure Data Center Fabric with SRX as the firewall. The design is based on an ERB (Type 5) EVPN/VXLAN fabric with the spine, server leaf, and border leaf switches. The SRX4600 is part of the EVPN signalling and route learning. The goal is to ensure the design is well-documented and will produce a reliable, predictable deployment for the customer. The qualification objectives include validation of deployment, device upgrade, incremental configuration pushes/provisioning, Telemetry/Analytics checking, failure mode analysis, and verification of host traffic.
Test Goals
The Secure Data Center Fabric with SRX4600 testing uses the following flow:
- Initial design and deployment
- Validate Apstra AOS can successfully provision the Spine-to-Firewall BGP underlay/overlay
- Validate SRX participation in EVPN signaling (Control Plane)
- Validate SRX capability to decapsulate and encapsulate VXLAN traffic (Data Plane)
- Validate firewall policy process by SRX on the VXLAN traffic
- Validate Application Identification by SRX on EVPN-VXLAN traffic
- Ensure resiliency and redundancy through MNHA at the SRX layer
- Validation of SRX security services operation and monitoring
- Scale testing
- Validation of end-to-end traffic flow
- System health, ARP, ND, MAC, BGP (route, next hop), interface traffic counters, and so on
- Test for anomalies
- To pass validation, the Secure Data Center Fabric with SRX4600
must also pass the following scenarios:
- Node Reboot - simulated real-world switch outage.
- Field scenarios such as interface down/up and Laser on/off impact to the fabric and check anomalies reporting in Apstra.
- Traffic recovery was validated after all failure scenarios.
For more information, see the test report.