Campus Networking
Overview
For IT teams, the expectation continues: Do more with less.
As campus networks become more business-critical, their complexity increases. They’re more difficult to operate as mobile, IoT, and cloud initiatives are added. Meanwhile, your network and security policies must scale automatically and consistently to accommodate new users and devices and keep productivity and efficiency high.
At the intersection of these campus challenges is your opportunity to use artificial intelligence and machine learning to drive better user experiences and simplify network operations.
Juniper’s secure, AI-driven campus solution spans wired and wireless, from access to core and aggregation to the network edge.
A Campus fabric with EVPN-XLAN and Virtual Chassis.
How Juniper Can Help
The AI DRIVEN Campus
The Collapsed Core Architecture
The Collapsed Core Architecture
Deliver better experiences and simplified operations with an AI-driven campus.
Drive remarkable experiences with Juniper Mist Wired Assurance as part of the Self-Driving Network™. It uses streaming telemetry from EX Series Switches to enable simpler operations, shorter mean time to repair, and improved visibility into the experiences of connected devices. Wired Assurance offers onboarding and auto-provisioning, to streamline management and troubleshooting of EX Series Switches.
- Streamline operations with cloud management. The campus portfolio is managed by the Mist Cloud, eliminating the need for an onsite IT staff to handle daily management activities. With zero-touch provisioning, new sites can be brought up anywhere, with just a few clicks.
- Simplify switch management with automated and scalable campus fabrics. Virtual Chassis and standardized technologies such as MC-LAG and EVPN-VXLAN reduce network complexity by allowing multiple switches to be interconnected and managed as a single fabric. Several deployments are supported: EVPN multihoming (collapsed core or distribution), Campus Fabric: Core-Distribution, and Campus Fabric: IP Clos.
- Support higher scale and performance with enterprise-grade, cloud-ready hardware. The portfolio includes Juniper EX Series Switches and access points driven by the Mist AI engine and managed by the Mist Cloud. It’s API-driven and 100% programmable with open SDKs and ecosystems for seamless software upgrades and automation best practices.
- See, automate, and protect your campus. Juniper Connected Security unifies all network elements into a threat-aware network and dynamically enforces security policies. SecIntel for EX Series Switches and access points provides security intelligence through detection and enforcement at every point of connection within a network, augmenting the defenses provided by traditional perimeter security technologies.
The Collapsed Core Architecture
The Collapsed Core Architecture
The Collapsed Core Architecture
A collapsed core architecture takes the normal three-tier hierarchical network and collapses it into a two-tier network. In a two-tier network, the function of the switches in the core layer and distribution layer are “collapsed” into a combined core and distribution layer on a single switch.
The example shows how to deploy a collapsed core architecture for a campus network. The access point devices are connected to the access layer switches, which in turn are multihomed to the collapsed core switches.
There are separate VLANs for employees, guests, and IoT devices. You can use use the EX4650 or the QFX5120 switch as the collapsed core switch. In this example, we use the EX4650 switch as the collapsed core switches and EX series switches as access switches.
Network Segmentation-IoT
Secure network access for IoT devices at distributed enterprises . IP Clos networks provide increased scalability and segmentation.
Enterprise Internet of Things (IoT) deployments have become business scale. However, most IoT devices connected to enterprise networks are not managed by nor visible to the IT department. As a result, many enterprises fail to meet the basic security, scalability, and agility requirements needed to support these IoT network environments, making them hot targets for security breaches.
You can use an IP Clos network from the distribution and core layers to the access layers of your topology Network Architects need to apply a combination of microsegmentation, macrosegmentation, and application segmentation techniques to secure data and assets.
Macrosegmentation is the logical separation of the network across shared links and within a shared device.
Microsegmentation addresses critical network protection issues, reduces risks, and adapts security to changing demands. The three traditional microsegmentation practice includes host-agent segmentation, hypervisor segmentation, and network.
Application segmentation uses higher layer controls to isolate one application tier from another. It isolates and protects an application from other applications and other resources.You can use microsegmentation to implement application segmentation with greater visibility and granularity.
Network segmentation leverages an EVPN-VXLAN architecture that supports a highly scalable and agile environment while maintaining the security and performance requirements needed to protect users and IoT devices .
Benefits
• Enhanced security, visibility, and control of users and IoT devices
• Flexible and scalable architecture
• Simple, agile network operations
Campus Design Center
Open Standards Design With AI
Open Standards Design With AI
Open Standards Design With AI
Your campus network is your users’ on-ramp to the area of cloud-based computing. Compared to data centers, campus networks have increased variability and unpredictability stemming from a wide range of user and IoT devices.
The heuristic and adaptive methods of machine learning and artificial intelligence (ML/AI) help you meet this challenge to vastly improve operations and user experience. Enter the
AI-driven enterprise where experience is the new uptime!
Beyond solving for better AI-driven campus operations,
Juniper’s portfolio of services, software and hardware products securely address end to end campus network solutions across the WAN, LAN, and Wi-Fi, with support for open standards like EVPN-VXLAN that drive architectural simplicity, scale, and performance.
Juniper validated solutions provide building blocks to ensure your network is built using best practices.
Midsize Campus Design
Open Standards Design With AI
Open Standards Design With AI
In a campus environment, Juniper Access Points provide network access to end-user devices like access switches. With increased wireless performance and proliferation of mobile devices, wireless connectivity is becoming the primary mode of access on the campus network. Both real-time and bandwidth-demanding applications are running over wireless networks. However, the user expects the same level of network services (security, QoS, accessibility, and HA) as with a wired connection. Wireless access must be robust and reliable to deliver these demands.
The Juniper Networks Midsize Campus solution is built upon a standard solution architectural approach. The baseline architecture is based on a series of building blocks, built by Juniper Networks, that are meant to address the entire network.
For the Midsize Campus Solution Reference Architecture using Mist Wired Assurance, the following modules are detailed:
• Access • Aggregation • Edge
Midsize Branch Solution
Open Standards Design With AI
IP Clos Fabric Design For A Campus Network
The midsize branch office solution from Juniper Networks offers a low-cost, low-maintenance, and secure solution using an SRX Series device to provide security, EX4300 family of switches to provide versatility, and Mist access points to provide a stellar wireless experience.
Enterprise networks respond to IT innovations and show their business agility by quickly adopting the software-defined WAN (SD-WAN) technology.
The financial benefits of SD-WAN include automated provisioning to improve operational efficiency, lower WAN operational expenditures (OpEx), and lower capital expenditures (CapEx).
You can use SD-WAN to optimize application experiences and network performance by prioritizing business-critical applications on the network links that guarantee Quality-of-service (QoS).
IP Clos Fabric Design For A Campus Network
IP Clos Fabric Design For A Campus Network
IP Clos Fabric Design For A Campus Network
An IP Clos fabric is also known as an "end-to-end" architecture because in this design EVPN-VXLAN functionality is extended to the access layer switches. IP Clos fabrics are optimal for large scale deployments and the support of IOT and device mobility.
The use case shows how you can deploy a single campus fabric that uses EVPN in the control plane and VXLAN tunnels in the overlay network with Juniper Mist Access Points integration.
Market Trends In Campus Networks
IP Clos Fabric Design For A Campus Network
Market Trends In Campus Networks
AI-Driven Operations: AI-Driven Operations: When experiences are the new uptime, the role the campus network plays becomes much more critical. The network shift towards a self-driving network leverages data for AI and automation to quickly and effectively surface anomalies and identify root causes.
Power over Ethernet (PoE): As with any decades-old technology, there are several versions of PoE. The various standards allow delivery of power, from 15W to 100W allowed by the new PoE++.
Multigigabit Ethernet: The shift from traditional 802.11n Wi-Fi networks to new Wi-Fi 6 standards requires more throughput than 1GbE access speeds to the Wi-Fi access point
MACsec: Many federal government agencies mandate the use of MACsec encryption between access switches and various compute devices in the campus environment.
Compact and Fanless Access Devices: Advancements in integrated circuits now allow organizations to deploy silent, fanless switches throughout their campus environment.
EVPN-VXLAN Campus Fabrics
Introduction
EVPN-VXLAN For Campus Networks
EVPN-VXLAN For Campus Networks
With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices to update the architecture.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
EVPN-VXLAN For Campus Networks
EVPN-VXLAN For Campus Networks
EVPN-VXLAN For Campus Networks
With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices to update the architecture.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
Extending Juniper AI-Driven Enterprise To The Home
Enterprise At Home Solution In Action
With the explosive growth in employees working from home (i.e. telecommuting), it has never been more critical to transition to the AI-Driven Enterprise from Juniper Mist.
Our connected solutions enable you to:
- Get AI-driven insight into user experiences at home and remote offices.
- Proactively troubleshoot and resolve issues from anywhere using Marvis Virtual Network Assistant and Dynamic Packet Capture.
- Secure your distributed enterprise.
- Scale with the agility of a microservices cloud.
Mist Wi-Fi For Remote Workers
If your remote worker already has a client-based VPN solution in place, you can easily extend AI-driven Wi-Fi to their homes by simply plugging a Mist Access Point into their broadband router.
With Zero Touch Provisioning (ZTP), the APs can be configured in minutes with desired networking and security policies. Once up, you get unprecedented insight and automation into the user experience to save time and money while increasing network reliability well beyond what is available in traditional consumer grade Wi-Fi solutions.
Extending The Enterprise With Mist Edge
To eliminate overlay VPN technologies and extend your enterprise network to employees’ homes, you can deploy the Mist Edge in conjunction with Mist Wi-Fi Access Points.
This solution enables you to securely extend your corporate SSID and AAA services to remote offices, while maximizing traffic security with an IPSec tunnel. In addition, this use case is also perfect for managing auxiliary devices in the home, such as a VoIP phone (which can be powered from the auxiliary Ethernet port on the Mist Access Point).
Juniper Connected Security With Mist
For the telecommuter who has many devices and/or advanced security requirements, the ideal solution is Juniper Connected Security for remote workers. This solution is composed of a Mist Wi-Fi Access Point, Mist Edge, and Juniper SRX security device with Firewall and Advanced Threat Protection (ATP).
This innovative solution delivers automated enforcement, increased visibility, and cloud protection to effectively safeguard your organization while streamlining operations with Mist’s AI-Driven platform. By leveraging PoE on the SRX, telecommuters can easily connect and power multiple Mist Wi-Fi Access Points, VoIP desk phones, videoconferencing equipment, and more.
Corporate traffic, both wired and wireless, is secured through an IPSec VPN tunnel. With both the Mist APs and Juniper SRXs supporting Zero Touch Provisioning (ZTP), rapid deployment is supported with ease.
Enterprise At Home For Financial Services
By combining Mist Wi-Fi and Mist Edge with Juniper Connected Security, financial organizations can extend the AI-driven Enterprise into employee homes to provide the necessary level of protection.
With the Juniper Networks® Enterprise at Home solution, financial organizations can deploy Juniper security hardware and Mist Wi-Fi access points using zero-touch provisioning (ZTP) to roll out managed networking equipment without requiring a visit from a technician. Juniper’s cloud based management solution provides the scalability to meet the needs of even the largest deployments .