Additional Features and Services
This document describes the additional features and services that you can configure on a Juniper Mist™ Edge appliance.
Autopreemption
An access point (AP) will failover to the next Edge appliance within the Layer 2 (L2) cluster or to its backup Layer 3 (L3) cluster in the following instances:
-
During a temporary network disruption
-
When an AP is unable to reach or exchange hellos successfully with its preferred edge
Autopreemption is a mechanism through which APs are nudged to terminate the tunnels on the preferred peer, assuming that the peer is reachable.
The feature is disabled by default. With the default presets, if an AP tunnel fails over to a nonpreferred Edge appliance, the AP continues forwarding traffic to that appliance. You can move these AP tunnels manually by preempting or disconnecting the tunnels through the API or the Juniper Mist portal.
You can configure preemption at individual Mist tunnels. When you enable this feature, the cloud orchestrates the preemption and slowly moves the AP tunnels to preferred Edge appliances to cause the least traffic disruption. A service running in the cloud monitors for any APs that have failed over from a preferred Edge appliance, given that the appliance is up and healthy.
Based on the options selected from the following list, the cloud nudges the AP to disconnect from the current Edge appliance and move to the preferred peer. Clients on the AP are not deauthenticated.
-
Every 15 minutes—If the connectivity between the APs and the Mist Edge cluster is jittery, AP tunnels may end up failing over to a Mist Edge from a secondary cluster. This failover may cause clients to do get renewed IP addresses from the DHCP server, if the secondary edge is in an L3-separated data center with a different IP schema. In such cases, we recommend that you use the option of Every 15 minutes.
Note:In most cases you do not need this setting of Every 15 minutes. We recommend you to use Time of the day for off hours.
-
Time of the day—You can specify a time of the day during which you want to move APs back to the preferred edge, if the APs have failed over between the specified times. We recommend choosing a day and time of day when your network is least busy.
Anchor Tunnel
In specific deployments where traffic must be tunneled to a DMZ area deeper in the data centers, you can use anchor tunnels. Anchor tunnels enable you to configure Juniper Mist Edge to carry all traffic to DMZ and to tunnel specific traffic to another Mist Edge. You configure an anchor tunnel from the Mist Tunnel page.
Tunnel Termination Services
The Tunnel Termination Service is a service that is used by APs to request L2TPv3 tunnel connection. The service is automatically installed once Mist Edge is fully configured.
In the Mist portal, Tunnel Termination Services field autopopulates in a few scenarios.
When you configure a new Mist Edge device, you update the Tunnel IP Configuration pane. This includes an IP address, netmask, and gateway information. In the example here, the Mist Edge device, test_1 has an IP address of 10.1.2.1.
Go to Mist Edges > Mist Edge Clusters pane and select Create Cluster. You can add the newly created Mist Edge device to the Cluster.
When you add this Mist Edge device to Cluster, the IP address is autopopulated in the Hostnames/ IPs field in the Tunnel Termination Services pane. In this example, the IP address 10.1.2.1 of Mist Edge device, test_1 auto populates in the Tunnel Termination Services pane of the Cluster, Test_Cluster.
If you edit the IP address in the Tunnel IP Configuration pane present in the Mist Edge inventory page, the IP address in the Tunnel Termination Services pane of the Mist Edge Clusters page autopopulates.
In this example, IP address of Mist Edge device, test_1 in the Mist Edge Inventory is edited to 10.1.2.3. Notice that the IP address autopopulates in the Tunnel Termination Services pane of, Test_Cluster in the Mist Edge Clusters page.
In a teleworker use case, where an AP must connect to a Mist Edge through firewall, you require an additional external IP address. You can enter the external IP address in the Hostnames/ IPs field present in the Tunnel Termination Services pane. You must separate the addresses with commas.
In this example, add an external IP address 172.10.1.1 in the Hostnames/ IPs field of Test_Cluster. Notice that the IP address of Mist Edge device, test_1, which belongs to the Test_Cluster is not impacted.
When you add any additional IP address in the Tunnel Termination Services pane of a cluster, there is no impact on the IP address of Mist Edge device, which belongs to the cluster.
When you edit the IP address in the Mist Edge page, the edited IP address autopopulates in the Hostnames/ IPs field present in the Tunnel Termination Services pane of the Mist Edge Clusters page.
In this example, the IP address of Mist Edge device test_1, is edited from 10.1.2.3 to 10.1.2.4. You can notice that the IP address in the Hostnames/ IPs field of Test_Cluster autopopulates with the edited IP address, 10.1.2.4.
Ensure that the IP addresses are correct before you proceed.
Critical Resource Monitoring (CRM)
You can configure Juniper Mist Edge to monitor the health of the upstream resources. This configuration helps determine the reachability of those resources from the Juniper Mist Edge data ports. If the health check of the upstream resource fails, the Juniper Mist Edge prompts the APs to failover to the next member and shuts down the tunnel terminator service temporarily. The shutdown continues until the upstream resources are healthy and reachable again.
You can configure the upstream resource monitoring on the Mist Cluster page. The option is disabled by default. Protocols to monitor a resource include ARP, PING, and TCP. You can configure multiple resources using different protocols to monitor the health check. Even if one of the health checks fails, the Juniper Mist Edge prompts the APs to failover to another edge. Commonly used health checks are ARPing or PINGing the default gateways.
Insights
You can view analytics on the Insights page in the Juniper Mist portal to manage and monitor the Juniper Mist Edge Insights provides information about the tunnel trend and Mist Edge events (service restarts, configuration changes, upgrade, and Juniper Mist Edge reboots). The page summarizes the network experience across devices, clients, or an entire site.
On the Insights page, you can view:
-
Event timelines.
-
Mist Edge events.
-
Port utilization information.
-
Current Mist Edge properties.
You can launch Insights from the Statistics pane in the Mist Edge Inventory page. Alternatively, from the left pane of the Juniper Mist portal, navigate to Monitor > Service Levels > Insights
The following image illustrates the Mist Edge Events that you can view on the Insights page.
The following image illustrates a time series graph of traffic passing through a data port. The graph also presents a list view of the data ports.
The following image illustrates the Link Aggregation Control Protocol (LACP) status and Link Layer Discovery Protocol (LLDP) neighbor information that you can view on the Insights page. With this information, you can verify the upstream switch port connections.
Alerts
The Alerts Dashboard gives you visibility into issues with Mist Edge devices deployed across your sites. The dashboard provides information about all alerts that you enable on the Alerts Configuration page. You can also enable e-mail notifications for issues that you want to monitor closely or forward the alerts as webhooks. For information about configuring alerts, see Configure Alerts and Email Notifications. For information about webhook alerts, see Webhooks and Alerts.
You can configure alerts to monitor:
-
Resource usage
-
Cloud connection status
-
PSU status
-
Power cable status
-
Service status
For a list of alerts that you can enable for your Mist Edge device, see Juniper Mist Alert Types.
Here is a sample screenshot that shows the alerts for Mist Edges:
QoS
By default, Mist Edge tunnels the packets by preserving the inner packet’s DSCP by copying it onto the outer L2TP packet. Juniper Mist Edge can also run DHCP Proxy and IGMP snooping services that are configured under the specific Juniper Mist Edge page.