Data Center

 View Only
last person joined: yesterday 

Ask questions and share experiences about Data Center Architecture and approaches.
Back to discussions
Expand all | Collapse all

Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

  • 1.  Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

     
    Posted 02-11-2024 09:07
    Edited by cdoyle 02-11-2024 09:58
      |   view attached

    #5minutejunos

    Video: 7. OTT DCI - Apstra 4.2.1 in eve-ng

    Video hashtag: #4.2.1_eve_video-7

    For some of you, this will be the final video in the series. We'll be connecting our two fabrics together using Over-The-Top (OTT) Data Center Interconnect (DCI) and stretching our Layer-2. I'll explain the what and why of this process as I take you through the new DCI workflow. Included in this video is a step-by-step for configuring your external routers. The set commands are in the documentation, so be sure to download the PPTX attached to this thread so you don't have to start and pause your way through vMX configurations!

    If this is your last video, thank you so much for watching. It means so much to me to be able to provide content that helps others. When you reach out to say hello, stop me at a hallway during an event, or even ask for my help through your Juniper account team, I know the time I spend recording and editing has been worth it.

    The next few videos are optional, but I hope find them helpful for understanding how Apstra works a bit better, and for buffing up your own lab with core and internet connectivity.

    Thank you so much for watching.



    ------------------------------
    Colin Doyle
    Lead BizDev Manager - Security Strategy
    Juniper Networks
    https://www.youtube.com/@5minutejunos
    ------------------------------

    Attachment(s)

    pptx
    7-slides.pptx   8.66 MB 1 version


  • 2.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-11-2024 19:20

    How would I define IP address for external connectivity manually without using pools? For example if the ISP gives me an IP address and it's not possible to just get it out from a pool. Or like in case I'm working on we have DC A and DC B border leafs directly connected to each other so I would need to manually set the IPs.


    Original Message


  • 3.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

     
    Posted 02-11-2024 21:09

    Great question!

    I cover this exact question, albeit for a different scenario, in video 8. Follow the same instructions as I lay out in video 7 and manually assign your transit network as I demonstrate in video 8.

    Thanks for watching!



    ------------------------------
    Colin Doyle
    Lead BizDev Manager - Security Strategy
    Juniper Networks
    https://www.youtube.com/@5minutejunos
    ------------------------------

    Original Message


  • 4.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-12-2024 08:48

    Hi @cdoyle,

    Is it possible u have some guide for VXLAN-to-VXLAN stiching like NCE doc for OTT. On the OTT doc in the NCE it's easy to understand. 

    Thanks


    Original Message


  • 5.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

     
    Posted 02-12-2024 16:48

    Possibly... My focus is Security strategy right now and the video content I will put together will primarily align with Security use-cases. That isn't a "no", just an honest admission that I likely won't get to it soon.

    There's tons of content (video and guides) for doing stitching in the CLI.

    For Apstra, start with this guide.

    If you build this out, please come back and let me/us know how it went!



    ------------------------------
    Colin Doyle
    Lead BizDev Manager - Security Strategy
    Juniper Networks
    https://www.youtube.com/@5minutejunos
    ------------------------------

    Original Message


  • 6.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-12-2024 23:38

    I have a book, with Pearson publications, coming out in May 2024 which will cover all of this and much more.  You can keep an eye on it - it will be called Deploying Juniper Data Centers with EVPN VXLAN.



    ------------------------------
    Aninda Chatterjee
    ------------------------------

    Original Message


  • 7.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-22-2024 13:04

    I did some more testing and as I followed your video very closely I too didn't specify L3 MTU for the Connectivity Template's IP link. Not sure if I missed this but did you have "Default IP Links to Generic Systems MTU" configured under Staged --> Fabric Settings? I had it as default and seems that at least with QFX5120 and Apstra 4.2.1 it defaults to MTU of 1514 and when I actually needed to transfer something besides just ICMP packets it failed because of the too low MTU.


    Original Message


  • 8.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

     
    Posted 02-22-2024 17:31

    There is no need to specify MTU in the in the connectivity templates assuming the defaults that Apstra uses are ok in your design. These defaults can be found by navigating to the "Fabric Settings" tab in either "Staged" or "Active" in a blueprint.

    By default, Apstra deploys an MTU of 9170

    Looking at the configurations on my own virtual lab nodes, I can see IFD (interface) MTU's configured for 9192, and IFL (logical interfaces) configured for 9170. This is without any changes or adjustment to any MTU settings throughout the design and build of the lab.

    Of course, I'm working with virtual nodes, but I would still think Apstra would apply the default MTU fabric settings to a QFX5120 and I've certainly never encountered the issue you are seeing when helping deploy physical labs.

    Maybe someone else here has some insights(?)



    ------------------------------
    Colin Doyle
    Lead BizDev Manager - Security Strategy
    Juniper Networks
    https://www.youtube.com/@5minutejunos
    ------------------------------

    Original Message


  • 9.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-22-2024 17:42

    By default Staged --> Fabric settings were:

    Fabric MTU: 9170
    Default IP Links to Generic Systems MTU: "System Default"
    Default SVI L3 MTU: 9000

    Where is this "System Default" set?

    If I leave them as defaults, and do not specify L3 MTU in connectivity template then this is what I get in my DCI link:

    et-0/0/50 {
	description "VRF default to <generic system's name>";
	unit 0 {
		family inet {
			address 10.100.80.0/31;
		}
	}
}

    And when I do show interface et-0/0/50 I can see that L2 MTU is set at 1514 (I don't have it in my notepad but I think in this case L3 MTU was 1500?)

    If I specify either "Default IP Links to Generic System MTU" as 9100 or set the L3 MTU as 9100 in Connectivity Template then this configuration is pushed:

    et-0/0/50 {
	description "VRF default to <generic system's name>";
	mtu 9216;
	unit 0 {
		family inet {
			mtu 9100;
			address 10.100.80.0/31;
		}
	}
}

    I've already deleted my OTT DCI configs from the lab but I can redo the configs and see if the same happens there


    Original Message


  • 10.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

     
    Posted 02-22-2024 18:42
    Edited by cdoyle 02-22-2024 18:43

    I checked the device profile for the 5120-48Y (I assume this is your switch since you're working with et-0/0/50) and I don't see MTU specified in any of the port configs or transformation sets. Since my practical experience is anchored in virtual labs, I'm not going to be able to offer much help.

    I'm comfortable saying that the MTU should be set. Why it's not being set in your situation I cannot say.

    Do you have a Juniper account team you can reach out to so you can put this question to our DC TAC team? I dug through our support documentation and all I could find was someone in our demo pool running old code with a resolution of "run new code". I doubt that's very helpful.

    One side question - were you able to onboard your switch without skipping the validation check when installing the off-box agent? I know skipping pristine config validation can cause all sorts of strange problems.

    Oh yeah - here's the MTU documentation for 4.2.1



    ------------------------------
    Colin Doyle
    Lead BizDev Manager - Security Strategy
    Juniper Networks
    https://www.youtube.com/@5minutejunos
    ------------------------------

    Original Message


  • 11.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 02-23-2024 09:34

    Yep these switches are QFX5120-48Y. We also have DCI links created between QFX5120-32C switches and the same thing happened there. I've talked with guys from Juniper and we ended up configuring the Connectivity Template as this resolves the issues for us now. It's winter holiday week here and not many people are around but I'll ask our local Juniper guys next week about this.

    When we first installed these switches we only had root password, netconf and management instance enabled and nothing besides that. Just added the switches to Apstra, then it did the installation routine and I was able to acknowledge the switches. There were no validation warnings or anything like that.


    Original Message


  • 12.  RE: Apstra 4.2.1 in eve-ng step-by-step series: Video 7. OTT DCI

    Posted 03-17-2024 11:10

    Hi @cdoyle ,

    If we complete step 7 then supposedly we can ping Host from DC-A to host at DC-B right? I'm asking because i'm cannot ping from Host DC-A to host at DC-B. On leaf DC-A i can see route 192.168.103.0/24.

    Appreciate your feedback

    Thanks


    Original Message