Escolar Documentos
Profissional Documentos
Cultura Documentos
QFX3000QFX3000-M Technical
Overview
Student Guide
NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1
Course SSQFAB03A-ML5
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 1
Slide 2
QFX3000-M
Technical Overview
2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Course SSQFAB03A-ML5
Slide 3
Navigation
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 3
Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause
button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at
anytime to submit suggestions or corrections directly to the Juniper Networks eLearning team.
Course SSQFAB03A-ML5
Slide 4
Course Objectives
After successfully completing this course, you will
be able to:
Describe the initial setup and configuration of a
QFX3000-M QFabric system
Describe the Layer 2 features, configuration, and
monitoring of a QFX3000-M QFabric system
Describe the Layer 3 features, configuration, and
monitoring of a QFX3000-M QFabric system
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 4
Course SSQFAB03A-ML5
Slide 5
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 5
This course consists of three sections. The three main sections are as follows:
QFX3000-M Initial Setup and Configuration
Layer 2 Features, Configuration, and Monitoring, and
Layer 3 Features, Configuration, and Monitoring
Course SSQFAB03A-ML5
Slide 6
2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Course SSQFAB03A-ML5
Slide 7
Section Objectives
After successfully completing this section, you will
be able to:
Discuss how to verify system inventory
Describe the physical connectivity of the QFabric system
Describe the initial setup including:
Control Plane Ethernet power up
Director Group power up
Interconnect power up
Node preparation and power up
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 7
Course SSQFAB03A-ML5
Slide 8
2x EX4200-24T
or
2X EX4200-24F
2x QFX3100
2x or 4x QFX3600-I
Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.
Up to 16x QFX3600-16Q
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 8
Course SSQFAB03A-ML5
Slide 9
Management
Management network connectivity for the directors
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 9
Course SSQFAB03A-ML5
10
Slide 10
Console
Console
Mgmt
Console
QFX3500
QFX3600-16Q
Console
Console
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 10
Course SSQFAB03A-ML5
11
Slide 11
Control
Network 1
GbE network
connected
To EX4200
Fully redundant
control network;
no single point
of failure.
Control
Network 2
GbE network
connected
To EX4200
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 11
Course SSQFAB03A-ML5
12
Slide 12
Control Plane
EX4200 Port Allocations
ge0/0/16-19
to the
Interconnects
Copper
ge0/0/0-15
to the Nodes
ge0/1/0-1
to the other
EX4200
ge0/0/20-23
to the Directors
Or
ge0/0/16-19
to the
Interconnects
ge0/0/20-23
to the Directors
Fiber
ge0/1/0-1
to the other
EX4200
ge0/0/0-15
to the Nodes
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 12
Course SSQFAB03A-ML5
13
Slide 13
Control Plane
Connectivity Between EX4200s
The following example assumes the system is using copper for control
plane Ethernet management
CPEs
CPE-A
LAG
CPE-B
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 13
Course SSQFAB03A-ML5
14
Slide 14
DG1
CPEs
CPE-A
CPE-B
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 14
Course SSQFAB03A-ML5
15
Slide 15
Control Plane
Interconnects and Nodes (1 of 2)
CPEs
CPE-A
CPE-B
Nodes
ICs
QFX3500
QFX3600-16Q
ICs: (2 or 4)
QFX3600-I
SSQFAB03A-ML5
www.juniper.net | 15
Course SSQFAB03A-ML5
16
Slide 16
Control Plane
Interconnects and Nodes (2 of 2)
CPEs
CPE-A
CPE-B
Nodes
ICs
QFX3500
QFX3600-16Q
ICs: (2 or 4)
QFX3600-I
SSQFAB03A-ML5
www.juniper.net | 16
Course SSQFAB03A-ML5
17
Slide 17
QFX3500
Defaults to uplinks once configured as a Node
QFX3600-16Q
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 17
Course SSQFAB03A-ML5
18
Slide 18
QFabric Nodes
QFX3600-16Q
QFX3500
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 18
Course SSQFAB03A-ML5
19
Slide 19
QFabric Nodes
QFX3600-16Q
2014 Juniper Networks, Inc. All rights reserved.
QFX3500
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 19
Course SSQFAB03A-ML5
20
Slide 20
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 20
Course SSQFAB03A-ML5
21
Slide 21
QFX3600-16Q
QFX3500
Console
root> show chassis device-mode
Current device-mode : Standalone
Future device-mode after reboot : Standalone
Shutdown NOW!
[pid 5758]
Root>
*** FINAL System shutdown message from root@ ***
System going down IMMEDIATELY
2014 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 21
Course SSQFAB03A-ML5
22
Slide 22
Initial SetupCPEs
QFabric Directors (2):
DG0 & DG1
2x EX4200-24T
or
2x QFX3100
2X EX4200-24F
2x or 4x QFX3600-I
Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.
Up to 16x QFX3600-16Q
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 22
Course SSQFAB03A-ML5
23
Slide 23
CPE-A
CPE-B
Console
Check the following link and note the Junos OS version and
configuration:
https://www.juniper.net/support/downloads/?p=qfx3000m#sw
If the version and/or configuration is not the same, load the stated
Junos OS version and configuration.
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 23
Course SSQFAB03A-ML5
24
Slide 24
DirectorsPrerequisites (1 of 2)
Use the serial number from the email to generate the MAC address on the
following page:
https://www.juniper.net/generate_license/
Note: a user must have a valid Juniper user ID and password to login to this system
Once that is done, the end user should receive an email with an attachment similar
to the following example:
Serial No:
91151B00053955
Starting Mac Address: [F8.C0.01.F3.20.00]
Number of MAC Address: [4096]
Download the software from the Juniper website if needed
Use the link below for the procedure:
https://www.juniper.net/support/downloads/?p=qfx3000m#sw
Copy the image to USB devices (one for each director)
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 24
Course SSQFAB03A-ML5
25
Slide 25
DirectorsPrerequisites (2 of 2)
DGs
Hostname (default): qfabric
Virtual IP: 10.94.194.143
Gateway: 10.94.194.254
Starting MAC: F8:C0:01:F3:20:00
Number of MAC: 4096
Serial ID: 91151B00053955
Image Version: 12.1I20120413_0726_dc-builder
Hostname: dg0
IP: 10.94.194.144/24
Hostname: dg1
IP: 10.94.194.145/24
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 25
Course SSQFAB03A-ML5
26
Slide 26
Power Up Sequence
QFabric Directors (2): DG0 &
DG1
2x EX4200-24T
or
1
2x QFX3100
2X EX4200-24F
3
2x or 4x QFX3600-I
4
Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.
N0 ... N15
Up to 16x QFX3600-16Q
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 26
Power Up Sequence
This slide provides an overview of the sequence in which you will power up the QFabric components. Detailed steps
will be illustrated on the following slides. Note that the EX Series switches with the CPE must be powered up first.
Course SSQFAB03A-ML5
27
Slide 27
Power On DG0
Step 1. Power on DG0
Step 2. Type install at the boot prompt
dg0 console
<SNIP>
SYSLINUX 4.04 2011-04-18 Copyright (C) 1994-2011 H. Peter Anvin et al
Juniper Networks QFX Director Install/Recovery Media
- To boot from local disk you may wait or, press the <ENTER> key.
- To re-install QFabric on this node, type: install <ENTER>.
boot: install
Loading vmlinuz....
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 27
Power On DG0
Before software installation, you insert USBs into each of the two Directors.
Meanwhile, we recommend that you identify which Director device will be DG0 and which Director device will be DG1.
Once you determine the Director device name designations, power on the device designated as DG0. It will detect the
USB during boot up, and then you use the install option.
Course SSQFAB03A-ML5
28
Slide 28
Power On DG1
Step 3. Power on DG1
Step 4. Type install at the boot prompt
dg1 console
<SNIP>
SYSLINUX 4.04 2011-04-18 Copyright (C) 1994-2011 H. Peter Anvin et al
Juniper Networks QFX Director Install/Recovery Media
- To boot from local disk you may wait or, press the <ENTER> key.
- To re-install QFabric on this node, type: install <ENTER>.
boot: install
Loading vmlinuz....
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 28
Power On DG1
No less than two minutes after powering on the first director, power on the second. The second Director encounters
an existing Director device within the group (DG0) and then becomes DG1. The two Director devices are then
mirrored and synchronized, which can take about 25 minutes.
Course SSQFAB03A-ML5
29
Slide 29
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 29
Course SSQFAB03A-ML5
30
Slide 30
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 30
Course SSQFAB03A-ML5
31
Slide 31
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 31
Course SSQFAB03A-ML5
32
Slide 32
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 32
Course SSQFAB03A-ML5
33
Slide 33
System Verification
[root@dg0 /]# cli
RUNNING ON DIRECTOR DEVICE : dg0
root@qfabric>
root@qfabric> show fabric administration inventory
Item
Identifier
Connection
Node group
BBAP0751
Connected
BBAP0751
Connected
BBAP7817
Connected
BBAP7817
Connected
NW-NG-0
Connected
P3710-C
Connected
P3710-C
Connected
P3724-C
Connected
P3724-C
Connected
Interconnect device
IC-BBAK7833
Connected
BBAK7833/RE0
Connected
IC-BBAP0741
Connected
BBAP0741/RE0
Connected
Fabric manager
FM-0
Connected
Fabric control
FC-0
Connected
FC-1
Connected
Diagnostic routing engine
DRE-0
Connected
Configuration
Configured
Configured
Configured
Configured
Configured
Configured
Configured
Configured
Configured
Configured
Configured
root@qfabric>
2014 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 33
System Verification
Once you have performed the required steps previously mentioned, you should see all components registered with the
system. This slide shows a sample output, listing the various Node devices and Interconnect devices along with the
Routing Engines (REs) required to support the system.
The state of each component must be Connected and Configured. Based on the sample output shown in the
example on the slide, we see that the components registered with the system are properly connected and configured.
Course SSQFAB03A-ML5
34
Slide 34
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 34
Course SSQFAB03A-ML5
35
Slide 35
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 35
Course SSQFAB03A-ML5
36
Slide 36
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 36
Course SSQFAB03A-ML5
37
Slide 37
SNG
RSNG
NNG
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 37
Course SSQFAB03A-ML5
38
Slide 38
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 38
Course SSQFAB03A-ML5
39
Slide 39
Section Summary
In this section, we:
Discussed how to verify system inventory
Described the physical connectivity of the QFabric system
Described the initial setup, including:
CPE power up
DG power up
IC power up
QFabric Node preparation and power up
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 39
Course SSQFAB03A-ML5
40
Slide 40
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 40
Course SSQFAB03A-ML5
41
Slide 40
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 40
Course SSQFAB03A-ML5
42
Slide 41
QFX3000-M
Technical Overview
2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Course SSQFAB03A-ML5
43
Slide 42
Section Objectives
After successfully completing this course, you will
be able to:
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 42
Course SSQFAB03A-ML5
44
Slide 43
node1:xe-0/0/1
Node
Port number
Interface type
ge gigabit
xe ten gigabit
Flexible PIC Concentrator
(FPC) slot/module
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 43
Course SSQFAB03A-ML5
45
Slide 44
QFabric configuration
Access
xe-0/0/0 {
unit 0 {
family ethernetswitching;
}
}
Access
node1:xe-0/0/1 {
unit 0 {
family ethernetswitching;
}
}
Trunk
xe-0/0/1 {
unit 0 {
family ethernetswitching {
port-mode trunk;
}
}
}
Trunk
ED3701:xe-0/0/2 {
unit 0 {
family ethernetswitching {
port-mode trunk
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 44
Course SSQFAB03A-ML5
46
Slide 45
Trunk Port
[edit interfaces]
netadmin@qfabric# set row1-rack1:xe-0/0/0.0 family ethernet-switching portmode trunk
netadmin@qfabric> show ethernet-switching interfaces row1-rack1:xe-0/0/1
detail
Interface: LC2:xe-0/0/1.0, Index: 89, State: down, Port mode: Trunk
Ether type for the interface: 0x8100
Number of MACs learned on IFL: 0
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 45
Course SSQFAB03A-ML5
47
Slide 46
Interface Range
interfaces {
interface-range dev-cluster {
member-range row1-rack1:xe-0/0/0 to row1-rack1:xe-0/0/47;
member-range row1-rack2:xe-0/0/0 to row1-rack2:xe-0/0/47;
Supported
unit 0 {
family ethernet-switching;
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 46
Interface Range
To simplify configuration, the Junos OS allows grouping a range of identical interfaces that share the same
configuration. This reduces the time and effort required to configure a large set of interfaces. The range can be
defined with a start-interface and an end-interface syntax or with a regular expression. Either method is supported,
but the interface range is limited within one QFabric Node. A range cannot span multiple QFabric Nodes.
The example on the slide shows both supported and unsupported configurations.
Course SSQFAB03A-ML5
48
Slide 47
VLAN Configuration
Define the VLAN
[edit vlans]
VLAN centric
Tag
Interfaces
[edit vlans]
netadmin@qfabric# set default interface row1rack1:xe-0/0/0.0
default 1
row1-rack1:xe-0/0/0.0*, row1-rack1:xe0/0/0.1*, row1-
Port centric
rack2:xe-0/0/3.0*,
[edit interfaces]
RSNG-1:ae0.0*, NW-NG-0:ae0.0*
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 47
VLAN Configuration
Virtual LANs (VLANs) allow users to control the size of a broadcast domain and, more importantly, group ports in a
Layer 2 switched network into the same broadcast domain as if they are connected on the same switch, regardless of
their physical location. QFabric architecture is no exception.
The VLAN database is configured under the [vlan] stanza. There are two methods for assigning a port to a VLAN
port centric and VLAN centric. Either method is valid, but if interface range or group profile is not being used, then for
ease of VLAN management, we recommend that VLAN membership for the access port be done under the VLAN
method and under the port method for the trunk port.
Course SSQFAB03A-ML5
49
Slide 48
QFabric configuration
Server Node Group
chassis {
node-group SNG-1 {
aggregated-devices {
ethernet {
device-count 8;
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 48
LAG configuration
Link aggregation provides link redundancy as well as increased bandwidth. QFabric supports both static and dynamic
LAGs, which can be configured on any QFabric Node.
The slide provides a comparison of the LAG configuration used for EX Series switches and QFabric systems.
With EX Series switches, you configure the number of supported LAGs under the chassis level in the configuration.
With QFabric, this is done at the node group level. If there is LAG support across multiple node groups then you need
to configure the number of supported LAG groups on a per-node group level. The QFabric configuration example on
the right of the slide shows the configuration for SNG, RSNG, and NNG, respectively.
The basic steps of QFabric LAG configuration are as follows:
Define the number of supported LAGs per node group
Assign the interface to a LAG interface
Configure the LAG interface
Course SSQFAB03A-ML5
50
Slide 49
QFabric configuration
xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}
node2:xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}
xe-0/0/1 {
ether-options {
802.3ad ae0;
}
}
node2:xe-0/0/1 {
ether-options {
802.3ad sng-1:ae0;
}
}
ae0 {
sng-1:ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 49
Course SSQFAB03A-ML5
51
Slide 50
QFabric configuration
xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}
node3:xe-0/0/0 {
ether-options {
802.3ad rsng-2:ae0;
}
}
xe-1/0/0 {
ether-options {
802.3ad ae0;
}
}
node4:xe-0/0/0 {
ether-options {
802.3ad rsng-2:ae0;
}
}
ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
rsng-2:ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 50
Course SSQFAB03A-ML5
52
Slide 51
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 51
Course SSQFAB03A-ML5
53
Slide 52
MonitoringInterface and
VLAN Verification
root@qfabric> show interfaces terse |
match node
Node-0:ge-0/0/12 up up
Tag
Interfaces
default
Node-0:xe-0/0/24 up up
Node-2:ge-0/0/12.0*, Node-3:ge-0/0/12.0*
Node-1:ge-0/0/12 up up
Node-1:xe-0/0/24 up up
Node-2:xe-0/0/10 up up
Node-2:ge-0/0/12 up up
Node-2:ge-0/0/12.0 up up eth-switch
State
Node-2:ge-0/0/12.0 up default
untagged unblocked
Node-3:ge-0/0/12.0 up default
untagged unblocked
Node-3:ge-0/0/6 up up
Node-3:ge-0/0/8 up up
Node-3:xe-0/0/10 up up
Node-3:ge-0/0/12 up up
Node-3:ge-0/0/12.0 up up eth-switch
Node-3:xe-0/0/20 up up
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 52
Course SSQFAB03A-ML5
54
Slide 53
Layer 2 Deployment
MX Series or SRX Series is the first-hop router
Advanced services, such as MPLS/VPLS, security
Requires large host table (ARP) and/or MAC table
MX
Series
MPLS/VPN
Internet
L2
SRX
Series
Servers
Storage
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 53
Layer 2 Deployment
Next, we will take a look at QFabric Layer 2 design in the data center.
In this particular deployment scenario shown on the slide, the first hop router is either the MX Series or SRX Series
devices and the QFabric is strictly a Layer 2 connection. This deployment is good for scenarios where the customer
needs advanced services, such as MPLS, virtual private LAN Service (VPLS), or security on the SRX Series devices.
Another type of requirement might be because of a large scale table, such as host tables and/or media access control
(MAC).
Course SSQFAB03A-ML5
55
Slide 54
Rack Servers
Blade Chassis
LAG
Rack
Servers
CONFIDENTIAL
MX Series
SRX Series
SSQFAB03A-ML5
www.juniper.net | 54
Course SSQFAB03A-ML5
56
Slide 55
Single Attached
SNG
Dual Attached
Dual Homed
(L) Active/Passive
(R) Active/Active
(L) Active/Passive
(R) Active/Active
SNG
RSNG
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 55
Course SSQFAB03A-ML5
57
Slide 56
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 56
Course SSQFAB03A-ML5
58
Slide 57
Dual-Attached Example
(Active/Passive or Active/Active)
QFabric system
chassis {
node-group sng1-B1-A-1 {
aggregated-devices {
ethernet {
device-count 24;
}
}
}
}
interfaces {
interface-range sng1-ae0 {
member-range LC0:xe-0/0/0 to LC0:xe-0/0/1;
description active-active;
ether-options {
802.3ad ae0;
}
}
sng1-B1-A-1:ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 11-15;
}
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 57
Course SSQFAB03A-ML5
59
Slide 58
QFabric system
RSNG
chassis {
node-group rsng1-B1-A-1 {
aggregated-devices {
ethernet {
device-count 24;
}
}
}
}
interfaces {
interface-range rsng1-ae0 {
member LC0:xe-0/0/0;
member LC1:xe-0/0/0;
ether-options {
802.3ad ae0;
}
}
rsng1-B1-A-1:ae0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 11-15;
}
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 58
Course SSQFAB03A-ML5
60
Slide 59
https://virtuallabs.juniper.net/
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 59
Course SSQFAB03A-ML5
61
Slide 60
Section Summary
In this section, we:
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 60
Course SSQFAB03A-ML5
62
Slide 61
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 61
Course SSQFAB03A-ML5
63
Slide 61
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 61
Course SSQFAB03A-ML5
64
Slide 62
QFX3000-M
Technical Overview
2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Course SSQFAB03A-ML5
65
Slide 63
Section Objectives
After successfully completing this section, you will
be able to:
Discuss Layer 3 implementation
Discuss routed VLAN interface configuration and
verification
Discuss static routes on QFabric systems
Describe QFabric OSPF support
Describe QFabric VRF-Lite support
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 63
Course SSQFAB03A-ML5
66
Slide 64
Layer 3 Deployment
MX Series connection to the outside world
SRX Series L2 or L3, depending on requirement
QFabric is the firsthop router
MX
Internet
MPLS/VPN
Series
L3
L2
SRX
Series
Servers
2014 Juniper Networks, Inc. All rights reserved.
Storage
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 64
Layer 3 Deployment
One of the primary decisions that must be made to provide Layer 3 gateway and routing services relates to placement
of the first hop router. This decision is ultimately determined by your design and traffic flow requirements. You have a
number of options when it comes to the implementation of the first hop router SRX Series, MX Series, QFabric, or
some combination of the three.
QFabric can do Layer 2 and Layer 3 forwarding on the QFabric Node. This essentially means that QFabric can be the
first hop router. In such a case, the Layer 3 boundary will move from the SRX Series or MX Series to the QFabric. The
MX Series will still provide access to the outside world and the SRX Series will still provide the security services.
Course SSQFAB03A-ML5
67
Slide 65
QFabric
Is a single device
Every Node Group is capable of performing Layer 3
RVI resides on NNG, but is present on every Node Group
that is a member of a VLAN with VLAN routing enabled
VRRP is no longer needed in QFabric deployment
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 65
Course SSQFAB03A-ML5
68
Slide 66
Layer 3
IP interface
Layer 3 interfaces can only be configured on NNG interfaces
Both at the physical or logical (LAG interface) level
NNG
Members are not restricted to location
All NNG members do not have to be next to each other; members can be
in different parts of the data center
2014 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 66
Layer 3
A Layer 3 interface can be configured on the NNG, both at the physical and logical (LAG interface) levels. Unicast and
multicast routing protocols can only be enabled on RVI and NNG interfaces. If a host has a routing protocol enabled
and needs to establish an adjacency to the RVI, then this device needs to be connected to the NNG. If the host needs
to establish an adjacency to an external device, such as an MX Series or SRX Series device, then the host can be
connected to any node-group device, such as an SNG or RSNG. The routing protocol packets will be forwarded
through QFabric, but not up to the QFabric interface. NNGs are not bound to a physical location, they can be in
different areas. Therefore, they can be dispersed throughout the data center where multiple servers that require SNG
connections can be aggregated.
Course SSQFAB03A-ML5
69
Slide 67
MPLS/
VPN
Internet
L3
RVI
L2
NO SRX Service
RVI
SRX
Series
Engineering
Marketing
Servers
2014 Juniper Networks, Inc. All rights reserved.
Storage
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 67
Course SSQFAB03A-ML5
70
Slide 68
QFabric configuration
Physical interface
node32:xe-0/0/47 {
unit 0 {
family inet {
address 10.1.1.254/24;
}
}
}
xe-0/0/47 {
unit 0 {
family inet {
address 10.1.1.254/24;
}
}
}
RVI
RVI
vlan {
unit 1 {
family inet {
address 10.1.1.1/24;
}
}
}
default {
vlan-id 1;
l3-interface vlan.1;
vlan {
unit 1 {
family inet {
address 10.1.1.1/24;
}
}
}
default {
vlan-id 1;
l3-interface vlan.1;
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 68
Course SSQFAB03A-ML5
71
Slide 69
1
5
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 69
Course SSQFAB03A-ML5
72
Slide 70
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 70
Course SSQFAB03A-ML5
73
Slide 71
Local
Remote
172.25.50.1/24
172.25.51.1/24
Blocking
unblocked
unblocked
unblocked
unblocked
Note that RVIs become active only when an operational Layer 2 interface
is associated with the VLAN to which the RVI is applied.
root@qfabric> show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.25.25.25/32
*[Direct/0] 00:33:35
via NW-NG-0:lo0.0
172.25.50.1/32
*[Local/0] 00:33:35
Local via NW-NG-0:vlan.50
172.25.51.1/32
*[Direct/0] 00:33:34
via NW-NG-0:vlan.51
2014 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 71
Course SSQFAB03A-ML5
74
Slide 72
Static Route
The QFabric system supports the manual
creation of static routes as well as some
dynamic routing protocols.
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.0.1;
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 72
Static Route
To allow routing to remote networks for the QFabric system and its attached devices, the route table will need route
entries for those remote destination networks or a default route. The QFabric system supports the manual creation of
static routes as well as some dynamic routing protocols.
This slide shows a sample default route configuration that directs all outbound traffic to remote destination networks.
Course SSQFAB03A-ML5
75
Slide 73
OSPF
protocols {
ospf {
area 0.0.0.0 {
interface vlan.1100;
interface vlan.1101;
interface NW-NG-0:ae0.0;
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 73
OSPF
Depending on your deployment and design requirements, it might be best to use a dynamic routing protocol instead of
static routes. The QFabric system supports OSPF and BGP for these situations. The syntax used to configure these
protocols on a QFabric system is the same syntax used on other Junos OS devices, such as the MX Series and SRX
Series devices. OSPF is used for the dynamic routing protocol example shown on this slide.
For OSPF or any routing protocol, the configuration is done under the [protocols] stanza. In the configuration
example on this slide, all of the subnets are in the same area. A better design practice is to configure stub area for the
VLANs. Stub configuration follows the standard Junos OS configuration.
Course SSQFAB03A-ML5
76
Slide 74
VRF-Lite
To WAN Edge
SRX5800_A
SRX5800_B
VLAN 500, 1001, 1003, 1005
VLAN 600. 1000, 1002, 1004
VLAN 1000
VLAN 1001
routing-instances {
VR-BLUE {
instance-type virtual-router;
interface vlan.1001;
interface vlan.1003;
interface vlan.1005;
protocols {
ospf {
area 0.0.0.0 {
interface all;
}
}
}
}
VR-RED {
instance-type virtual-router;
interface vlan.1000;
interface vlan.1002;
interface vlan.1004;
protocols {
ospf {
area 0.0.0.0 {
interface all;
}
}
}
}
}
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 74
VRF-Lite
QFabric supports a version of VPN routing and forwarding (VRF) called VRF-Lite. In the example on this slide, there
are two red and blue. Blue has the odd VLANs and red the even VLANs. The VLAN tables are separate and thus
allow overlapping IP addresses. If route-leaking is required, then an external loopback cable is required.
The example on this slide shows the connection of two SRX Series devices in a one-arm configuration. Packets are
either routed or switched to the SRX Series devices for security services. Currently the VRF-Lite implementation does
not support route-leaking.
Course SSQFAB03A-ML5
77
Slide 75
https://virtuallabs.juniper.net/
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 75
Course SSQFAB03A-ML5
78
Slide 76
Section Summary
In this section, we:
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 76
Course SSQFAB03A-ML5
79
Slide 77
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 77
Course SSQFAB03A-ML5
80
Slide 77
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 77
Course SSQFAB03A-ML5
81
Slide 78
Course Summary
In this course, we:
Described the initial setup and configuration of a
QFX3000-M QFabric system
Described the Layer 2 features, configuration, and
monitoring of a QFX3000-M QFabric system
Described the Layer 3 features, configuration, and
monitoring of a QFX3000-M QFabric system
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 78
Course SSQFAB03A-ML5
82
Slide 79
Additional Resources
Education Services training classes:
http://www.juniper.net/training/technical_education/
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 79
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.
Course SSQFAB03A-ML5
83
Slide 80
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 80
You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper
Learning Center to take the assessment and the student survey. After successfully completing the assessment, you
will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to
give feedback on the quality and usefulness of the course.
Course SSQFAB03A-ML5
84
Slide 81
CONFIDENTIAL
SSQFAB03A-ML5
www.juniper.net | 81
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen and
ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JunosE is a
trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks or registered service
marks are the property of their respective owners. Juniper Networks reserves the right to change, modify, transfer or
otherwise revise this publication without notice.
Course SSQFAB03A-ML5
85
Slide 82
CONFIDENTIAL
Course SSQFAB03A-ML5
86
e d u c a t io n se r v ic e s c o u rse w a re
EM EA Head q ua rt ers