Wireless

 View Only

  • 1.  Mist edge purpose

    This message was posted by a user wishing to remain anonymous
    Posted 09-01-2025 15:42
    This message was posted by a user wishing to remain anonymous

    Hi all,

    Can anyone explain me about mist edge.. we can use mist ap to connect mist cloud without mist edge.. but just want to know y mist introduced mist edge.

    Could you please help me with this..



    -------------------------------------------


  • 2.  RE: Mist edge purpose

    Posted 09-02-2025 08:42

    The Mist Edge is a hardware or virtual appliance or a cluster of appliances that centralizes the data plane by providing L2TPv3 and IPSec tunneling services between Wi-Fi Access Points.  A Mist Edge should be considered when the expected number of wireless clients across the network exceeds 2,000.  It is also a desired solution for customers that are migrating from legacy Wi-Fi controller environments. There are several Mist Edge use cases:

    1)      Client Roaming – In large office or campus environments, clients can seamlessly roam between APs by retaining their IP address through the tunneled connection to the Mist Edge(s).

    2)      Data Center Tunneling – Customers can tunnel all or some (e.g., guest traffic and IoT traffic) of their wireless traffic to the data center with the flexibility of terminating local traffic directly.

    3)      Anchor Tunneling - In specific deployments where traffic must be tunneled to a DMZ area deeper in the data centers, you can use anchor tunnels. Anchor tunnels enable you to configure Juniper Mist Edge to carry all traffic to DMZ and to tunnel specific traffic to another Mist Edge.

    4)      Remote Worker - Juniper Mist Edge utilizes IPsec tunnels between APs and Juniper Mist Edge, ensuring secure and dependable networks for remote workers. With Juniper Mist, customers seamlessly extend their corporate WLAN to employees' homes for remote work, providing them with the same security and resource access as on-premises workers. This use case also enhances visibility into users' network experiences.

    5)      RADIUS Proxy / DHCP Relay - With the RADIUS proxy feature, you can use your Juniper Mist Edge appliance as the source of RADIUS Access-Request messages instead of adding APs as individual clients.  It can also be used to provide DHCP Relay to a centralized DHCP server.



    ------------------------------
    Matt Sherman
    ------------------------------

    Original Message


  • 3.  RE: Mist edge purpose

    Posted 09-04-2025 19:20

    Thankyou for the response...

    So only control plane traffic to mist cloud is handled by mistake edge.. remaining data traffic like user seraches for Google then traffic to go via Ap->access switch-core switch- router- data centre router- firewall/ proxy to reach internet am I correct or data traffic also will go through local mist edge to data centre mist edge directly?



    ------------------------------
    Sayyed Hanif
    ------------------------------

    Original Message


  • 4.  RE: Mist edge purpose

    Posted 09-05-2025 01:02

    Hello, 

    I hope this answers your quarries on control and data traffic. 
    In a Juniper Mist Edge deployment, the routing of user data and control traffic is handled distinctly to leverage the benefits of both centralized control and distributed data forwarding.
    User Data Traffic Routing:
    • Centralized Datapath:
      The Mist Edge appliance primarily functions as a centralized datapath for user traffic, similar to how legacy wireless controllers operated. This means user data from access points (APs) is often tunneled to the Mist Edge appliance.
    • L2TPv3 Tunnels:
      Mist APs establish Layer 2 Tunneling Protocol version 3 (L2TPv3) tunnels to one or multiple Mist Edge appliances, extending VLANs from the campus, data center, or DMZ. This allows for centralized traffic management, policy enforcement, and access to corporate resources.
    • Local and Centralized Datapath:
      Mist APs can support both local and centralized datapath forwarding simultaneously, offering flexibility based on specific WLAN configurations and network requirements. For instance, a WLAN can be configured to forward traffic locally at the AP, while another WLAN on the same AP tunnels traffic to the Mist Edge.
    • VLAN Tunneling:
      WLANs configured with tagged VLANs can be tunneled through the Mist Edge appliance, while untagged VLANs on a WLAN typically do not get tunneled and are handled locally by the AP.
    Control and Management Traffic Routing:
    • Mist Cloud Control:
      All control and management functions, including configuration, monitoring, and analytics, remain in the Juniper Mist cloud. This provides a centralized and scalable management plane for the entire wireless network.
    • HTTPS Communication:
      Mist APs and Mist Edge appliances communicate with the Mist cloud platform securely using HTTPS (TCP port 443) for control and management plane interactions.
    • Microservices Architecture:
      The Mist cloud leverages a microservices architecture to deliver scalable and resilient wireless operations, management, troubleshooting, and analytics to the campus environment.
    In summary, user data traffic is primarily routed through the Mist Edge appliance via L2TPv3 tunnels for centralized control and resource access, while control and management traffic is handled by the Mist cloud platform for centralized management and operational efficiency.

    Vijaypal Khyalia

    Staff Technical Service Advisor 

    JNCIE-ENT #952, CCIE#56675, JNCIP(ENT,DC,SP) , JNCIS-MISTAI (Wired & Wireless)

    ---------------------------------------------------------------------

    Juniper Networks

    https://www.linkedin.com/in/vijaypal-khyalia-9a737278/



    ------------------------------
    Vijaypal Khyalia
    Juniper Networks
    ------------------------------

    Original Message