This document details a migration strategy from a traditional Enterprise network to a Juniper Campus Fabric EVPN-VXLAN architecture.
Campus Fabric Wired Assurance:
Juniper’s Campus Fabric leverages EVPN VXLAN as the underlying technology for small, mid, and large Enterprise deployments. Campus Fabric is built and managed using Mist’s Wired Assurance Cloud-ready framework. For additional information on Juniper’s Campus Fabric, please leverage the following Wired Assurance Datasheet, Video Overview, and Build demos:
Enterprise Network Overview:
This document focuses on an Enterprise network consisting of the traditional 3 Stage Architecture of Access, Distribution, and Core. In this case, Core is providesL3 connectivity to all users, printers, AP, etc. The Core interconnects with Dual WAN routers using standards based OSPF or BGP technologies.
Figure 1: Traditional Enterprise Network
Migration Steps from the Enterprise Network to the Juniper Campus Fabric:
- The steps to migrate to a Campus Fabric architecture are found below
- Build Campus Fabric in parallel to existing Enterprise Network
- Interconnect Campus Fabric to existing Network using a Services Block
- Migrate VLANs on a 1 by 1 basis to the Campus Fabric
- Migrate Critical infrastructure such as DHCP Server, Radius to the Services Block
- Migrate WAN router(s) to the Services Block
- De-commission existing Enterprise Network once all connectivity is verified
- Build Campus Fabric in parallel to existing Enterprise Network:
The first step in the migratory process is to build the Campus Fabric using Mist’s Wired Assurance framework. This allows the end-user to deploy an operational Campus Fabric in parallel to the existing Network. The Campus Fabric IP Clos was the architecture chosen based on the customer’s micro-segmentation strategy deployed at the Access layer. The customer has chosen the following Juniper equipment to be deployed within the Campus Fabric IP Clos architecture:
Core: QFX5120 switches
Distribution:  QFX5120 switches
Access:  EX4100/EX4400 switches in Virtual Chassis mode
Services Block: QFX5120 switches
Figure 2: Campus Fabric co-existence with Enterprise Network
- Interconnect the Campus Fabric to the existing Network using a Services Block:
The Services Block is the entity that interconnects the Campus Fabric with the Enterprise Network. This can be accomplished using ESI-LAG technologies at L2 (Layer 2) or standard routing protocols such as BGP and OSPF if L3 is required. In this case, we interconnect the Services Block to the Core Enterprise using OSPF:
Figure 3: Services Block interconnects with the Core using OSPF
Loopback reachability between the 2 networks should be realized through the Services Block. For example, the Campus Fabric build assigns loopback addresses to each device; by default, they are all part of the same subnet. OSPF should exchange these addresses with routable prefixes sent by the Core layer through the Services Block. The end-user should verify reachability between these prefixes before moving to the next step.
- Migrate VLANs on a 1 by 1 basis to the Campus Fabric:
This process requires the VLAN and associated L3 interface to be removed from the Enterprise Network. All devices within the VLAN need to be migrated to the Campus Fabric then have the end-user verify full connectivity from the devices on the migrated VLAN to applications and devices on the Enterprise Network. The following summarizes this step:
- Migrate VLANs to Campus Fabric by disabling or removing L3 subnet on current network
- Users and devices migrate to the Access Layer of the Campus Fabric
- L3 interconnect provides reachability on a VLAN-by-VLAN basis
- Users and devices must validate all application reachability before moving to the next VLAN
Figure 4: All VLANs and Access devices have migrated to the Campus Fabric
- Migrate Critical Infrastructure such as DHCP and Radius Server to the Services Block:
Juniper recommends the dual homing of each Critical Infrastructure service to the Services Block. L2 integration using ESI-LAG or L3 via BGP or OSPF are supported within the Mist Wired Assurance User Interface. Accessibility of Critical Infrastructure services within the Campus Fabric and from the Enterprise Network should be verified before moving to the next step in the migratory process.
Figure 5: Critical Infrastructure migration to the Services Block
- Migrate WAN router(s) to the Services Block:
WAN router(s) connect to the Services Block using BGP or OSFP, configured through the Mist Wired Assurance UI (User Interface). Accessibility of WAN services to and from the Campus Fabric should be verified before moving to the next step in the migratory process.
Figure 6: WAN router(s) migration to the Services Block
- De-commission existing Enterprise Network once all connectivity is verified:
It is recommended to keep the Enterprise Network up and operational for at least 1 week after all services and applications are reachable without issue to and from the Campus Fabric.