For IT teams, the expectation continues: Do more with less.
As campus networks become more business-critical, their complexity increases. They’re more difficult to operate as mobile, IoT, and cloud initiatives are added. Meanwhile, your network and security policies must scale automatically and consistently to accommodate new users and devices and keep productivity and efficiency high.
At the intersection of these campus challenges is your opportunity to use artificial intelligence and machine learning to drive better user experiences and simplify network operations.
Juniper’s secure, AI-driven campus solution spans wired and wireless, from access to core and aggregation to the network edge.
A Campus fabric with EVPN-XLAN and Virtual Chassis.
Deliver better experiences and simplified operations with an AI-driven campus.
Drive remarkable experiences with Juniper Mist Wired Assurance as part of the Self-Driving Network™. It uses streaming telemetry from EX Series Switches to enable simpler operations, shorter mean time to repair, and improved visibility into the experiences of connected devices. Wired Assurance offers onboarding and auto-provisioning, to streamline management and troubleshooting of EX Series Switches.
A collapsed core architecture takes the normal three-tier hierarchical network and collapses it into a two-tier network. In a two-tier network, the function of the switches in the core layer and distribution layer are “collapsed” into a combined core and distribution layer on a single switch.
The example shows how to deploy a collapsed core architecture for a campus network. The access point devices are connected to the access layer switches, which in turn are multihomed to the collapsed core switches.
There are separate VLANs for employees, guests, and IoT devices. You can use use the EX4650 or the QFX5120 switch as the collapsed core switch. In this example, we use the EX4650 switch as the collapsed core switches and EX series switches as access switches.
Secure network access for IoT devices at distributed enterprises . IP Clos networks provide increased scalability and segmentation.
Enterprise Internet of Things (IoT) deployments have become business scale. However, most IoT devices connected to enterprise networks are not managed by nor visible to the IT department. As a result, many enterprises fail to meet the basic security, scalability, and agility requirements needed to support these IoT network environments, making them hot targets for security breaches.
You can use an IP Clos network from the distribution and core layers to the access layers of your topology Network Architects need to apply a combination of microsegmentation, macrosegmentation, and application segmentation techniques to secure data and assets.
Macrosegmentation is the logical separation of the network across shared links and within a shared device.
Microsegmentation addresses critical network protection issues, reduces risks, and adapts security to changing demands. The three traditional microsegmentation practice includes host-agent segmentation, hypervisor segmentation, and network.
Application segmentation uses higher layer controls to isolate one application tier from another. It isolates and protects an application from other applications and other resources.You can use microsegmentation to implement application segmentation with greater visibility and granularity.
Network segmentation leverages an EVPN-VXLAN architecture that supports a highly scalable and agile environment while maintaining the security and performance requirements needed to protect users and IoT devices .
Benefits
• Enhanced security, visibility, and control of users and IoT devices
• Flexible and scalable architecture
• Simple, agile network operations
Your campus network is your users’ on-ramp to the area of cloud-based computing. Compared to data centers, campus networks have increased variability and unpredictability stemming from a wide range of user and IoT devices.
The heuristic and adaptive methods of machine learning and artificial intelligence (ML/AI) help you meet this challenge to vastly improve operations and user experience. Enter the
AI-driven enterprise where experience is the new uptime!
Beyond solving for better AI-driven campus operations,
Juniper’s portfolio of services, software and hardware products securely address end to end campus network solutions across the WAN, LAN, and Wi-Fi, with support for open standards like EVPN-VXLAN that drive architectural simplicity, scale, and performance.
Juniper validated solutions provide building blocks to ensure your network is built using best practices.
In a campus environment, Juniper Access Points provide network access to end-user devices like access switches. With increased wireless performance and proliferation of mobile devices, wireless connectivity is becoming the primary mode of access on the campus network. Both real-time and bandwidth-demanding applications are running over wireless networks. However, the user expects the same level of network services (security, QoS, accessibility, and HA) as with a wired connection. Wireless access must be robust and reliable to deliver these demands.
The Juniper Networks Midsize Campus solution is built upon a standard solution architectural approach. The baseline architecture is based on a series of building blocks, built by Juniper Networks, that are meant to address the entire network.
For the Midsize Campus Solution Reference Architecture using Mist Wired Assurance, the following modules are detailed:
• Access • Aggregation • Edge
The midsize branch office solution from Juniper Networks offers a low-cost, low-maintenance, and secure solution using an SRX Series device to provide security, EX4300 family of switches to provide versatility, and Mist access points to provide a stellar wireless experience.
Enterprise networks respond to IT innovations and show their business agility by quickly adopting the software-defined WAN (SD-WAN) technology.
The financial benefits of SD-WAN include automated provisioning to improve operational efficiency, lower WAN operational expenditures (OpEx), and lower capital expenditures (CapEx).
You can use SD-WAN to optimize application experiences and network performance by prioritizing business-critical applications on the network links that guarantee Quality-of-service (QoS).
An IP Clos fabric is also known as an "end-to-end" architecture because in this design EVPN-VXLAN functionality is extended to the access layer switches. IP Clos fabrics are optimal for large scale deployments and the support of IOT and device mobility.
The use case shows how you can deploy a single campus fabric that uses EVPN in the control plane and VXLAN tunnels in the overlay network with Juniper Mist Access Points integration.
AI-Driven Operations: AI-Driven Operations: When experiences are the new uptime, the role the campus network plays becomes much more critical. The network shift towards a self-driving network leverages data for AI and automation to quickly and effectively surface anomalies and identify root causes.
Power over Ethernet (PoE): As with any decades-old technology, there are several versions of PoE. The various standards allow delivery of power, from 15W to 100W allowed by the new PoE++.
Multigigabit Ethernet: The shift from traditional 802.11n Wi-Fi networks to new Wi-Fi 6 standards requires more throughput than 1GbE access speeds to the Wi-Fi access point
MACsec: Many federal government agencies mandate the use of MACsec encryption between access switches and various compute devices in the campus environment.
Compact and Fanless Access Devices: Advancements in integrated circuits now allow organizations to deploy silent, fanless switches throughout their campus environment.
With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices to update the architecture.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices to update the architecture.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
Juniper Network’s EVPN-VXLAN fabric is an efficient and scalable way to build and connect data center, public cloud, and campus networks. EVPN-VXLAN decouples the virtual topology from the physical topology to improve network flexibility and simplify management of the network. As a result, endpoints that require Layer 2 adjacency can be p
Juniper Network’s EVPN-VXLAN fabric is an efficient and scalable way to build and connect data center, public cloud, and campus networks. EVPN-VXLAN decouples the virtual topology from the physical topology to improve network flexibility and simplify management of the network. As a result, endpoints that require Layer 2 adjacency can be placed anywhere in the network and remain connected to the same logical Layer 2 network.
(Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN provides large enterprises a common framework used to manage their campus and data center networks. An EVPN-VXLAN architecture supports efficient Layer 2/Layer 3 network connectivity with scale, simplicity, and agility, while also reducing OpEx.
The rapidly growing use of mobile devices (including the growing number of Internet of Things (IoT) devices), social media, and collaboration tools, adds an increasing number of endpoints to a network. To provide endpoint flexibility, EVPN-VXLAN decouples the underlay network (physical topology) from the overlay network (virtual topology). By using overlays, you gain the flexibility of providing Layer 2/Layer 3 connectivity between endpoints across campus and data centers, while maintaining a consistent underlay architecture.
In traditional Layer 2 networks, reachability information is distributed in the data plane through flooding. With EVPN-VXLAN networks, this activity moves to the control plane.
EVPN is an extension to BGP that allows the network to carry endpoint reachability information such as Layer 2 MAC addresses and Layer 3 IP addresses. This control
In traditional Layer 2 networks, reachability information is distributed in the data plane through flooding. With EVPN-VXLAN networks, this activity moves to the control plane.
EVPN is an extension to BGP that allows the network to carry endpoint reachability information such as Layer 2 MAC addresses and Layer 3 IP addresses. This control plane technology uses MP-BGP for MAC and IP address endpoint distribution, where MAC addresses are treated as routes. EVPN enables devices acting as VTEPs (see next section) to exchange reachability information with each other about their endpoints.
EVPN also provides multipath forwarding and redundancy through an all-active multihoming model. An endpoint or device can connect to two or more upstream devices and forward traffic using all the links. If a link or device fails, traffic continues to flow using the remaining active links.
Because MAC learning is now handled in the control plane, EVPN can support different data plane encapsulation technologies between EVPN-VXLAN-enabled switches. With EVPN-VXLAN architectures, VXLAN provides the overlay data plane encapsulation.
Network overlays are created by encapsulating traffic and tunneling it over a physical network. T
Because MAC learning is now handled in the control plane, EVPN can support different data plane encapsulation technologies between EVPN-VXLAN-enabled switches. With EVPN-VXLAN architectures, VXLAN provides the overlay data plane encapsulation.
Network overlays are created by encapsulating traffic and tunneling it over a physical network. The VXLAN tunneling protocol encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, enabling Layer 2 virtual networks or subnets that can span the underlying physical Layer 3 network. The entity that performs VXLAN encapsulation and decapsulation is called a VXLAN tunnel endpoint (VTEP).
In a VXLAN overlay network, each Layer 2 subnet or segment is uniquely identified by a virtual network identifier (VNI). A VNI segments traffic the same way that a VLAN ID segments traffic - endpoints within the same virtual network can communicate directly with each other, while endpoints in different virtual networks require a device that supports inter-VNI (inter-VXLAN) routing.
Like many technologies, EVPN-VXLAN started out as a proprietary set of vendor-specific solutions and evolved into a standard to address several enterprise business challenges. Today, EVPN-VXLAN, a widely supported open standard, is evolving into the best way for enterprises to achieve multivendor network virtualization.
Deploying an EVPN-VXLAN framework provides the following benefits:
With the explosive growth in employees working from home (i.e. telecommuting), it has never been more critical to transition to the AI-Driven Enterprise from Juniper Mist.
Our connected solutions enable you to:
If your remote worker already has a client-based VPN solution in place, you can easily extend AI-driven Wi-Fi to their homes by simply plugging a Mist Access Point into their broadband router.
With Zero Touch Provisioning (ZTP), the APs can be configured in minutes with desired networking and security policies. Once up, you get unprecedented insight and automation into the user experience to save time and money while increasing network reliability well beyond what is available in traditional consumer grade Wi-Fi solutions.
To eliminate overlay VPN technologies and extend your enterprise network to employees’ homes, you can deploy the Mist Edge in conjunction with Mist Wi-Fi Access Points.
This solution enables you to securely extend your corporate SSID and AAA services to remote offices, while maximizing traffic security with an IPSec tunnel. In addition, this use case is also perfect for managing auxiliary devices in the home, such as a VoIP phone (which can be powered from the auxiliary Ethernet port on the Mist Access Point).
For the telecommuter who has many devices and/or advanced security requirements, the ideal solution is Juniper Connected Security for remote workers. This solution is composed of a Mist Wi-Fi Access Point, Mist Edge, and Juniper SRX security device with Firewall and Advanced Threat Protection (ATP).
This innovative solution delivers automated enforcement, increased visibility, and cloud protection to effectively safeguard your organization while streamlining operations with Mist’s AI-Driven platform. By leveraging PoE on the SRX, telecommuters can easily connect and power multiple Mist Wi-Fi Access Points, VoIP desk phones, videoconferencing equipment, and more.
Corporate traffic, both wired and wireless, is secured through an IPSec VPN tunnel. With both the Mist APs and Juniper SRXs supporting Zero Touch Provisioning (ZTP), rapid deployment is supported with ease.
By combining Mist Wi-Fi and Mist Edge with Juniper Connected Security, financial organizations can extend the AI-driven Enterprise into employee homes to provide the necessary level of protection.
With the Juniper Networks® Enterprise at Home solution, financial organizations can deploy Juniper security hardware and Mist Wi-Fi access points using zero-touch provisioning (ZTP) to roll out managed networking equipment without requiring a visit from a technician. Juniper’s cloud based management solution provides the scalability to meet the needs of even the largest deployments .
Remote work has not only become increasingly common in recent years, it’s grown essential to enterprises during times of crisis. The COVID-19 pandemic has made companies acutely aware of their shortcomings when it comes to providing flexible, secure, and productive work from home (WFH) environments. This is especially true when it comes to virtual private networks (VPNs), which are integral to working from home – or anywhere outside of the office.
With its innovative Wireguard/SD-WAN hybrid approach, 128 Technology can provide universal WFH connectivity, or it can supplement cloud-centric or home-appliance solutions where specialized solutions by worker classification are more economical. 128 can build the virtual, extensible VPN of the future.
The 128T Networking Platform provides centralized control, simplified deployment of context-aware networks, intelligent service routing with in-band signaling, fine-grained micro-segmentation, and infused security based on a zero trust model.
This mix of features and capabilities goes above ad beyond traditional router offerings by solving several underlying network issues that would otherwise inhibit WFH success.
The result is a context-aware network that can easily, dynamically, and securely stretch across boundaries, enabling organizations to build application-friendly infrastructures that are flexible enough to cope with the demands of a dispersed workforce.
This website uses cookies. By continuing to use this site, you accept our use of cookies.