Вы находитесь на странице: 1из 87

e d u c a t io n se rv ic e s c o u rse w a re

QFX3000QFX3000-M Technical
Overview
Student Guide

QFX3000-M Technical Overview

NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1

Build the Best

2014 Juniper Networks, Inc. All rights reserved.

Course SSQFAB03A-ML5

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 1

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 2

QFX3000-M
Technical Overview

2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

Welcome to Juniper Networks QFX3000-M Technical Overview eLearning module.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 3

Navigation

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 3

Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause
button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at
anytime to submit suggestions or corrections directly to the Juniper Networks eLearning team.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 4

Course Objectives
 After successfully completing this course, you will
be able to:
Describe the initial setup and configuration of a
QFX3000-M QFabric system
Describe the Layer 2 features, configuration, and
monitoring of a QFX3000-M QFabric system
Describe the Layer 3 features, configuration, and
monitoring of a QFX3000-M QFabric system

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 4

After successfully completing this course, you will be able to:


Describe the initial setup and configuration of a QFX3000-M QFabric system
Describe the Layer 2 features, configuration and monitoring of a QFX3000-M QFabric system, and
Describe the Layer 3 features, configuration and monitoring of a QFX3000-M QFabric system

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 5

Agenda: QFX3000-M Technical


Overview
 QFX3000-M Initial Setup and Configuration
 Layer 2 Features, Configuration, and Monitoring
 Layer 3 Features, Configuration, and Monitoring

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 5

This course consists of three sections. The three main sections are as follows:
QFX3000-M Initial Setup and Configuration
Layer 2 Features, Configuration, and Monitoring, and
Layer 3 Features, Configuration, and Monitoring

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 6

QFabric Configuring and


Monitoring

QFX3000-M Initial Setup and


Configuration

2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

QFX3000-M Initial Setup and Configuration

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 7

Section Objectives
 After successfully completing this section, you will
be able to:
Discuss how to verify system inventory
Describe the physical connectivity of the QFabric system
Describe the initial setup including:
Control Plane Ethernet power up
Director Group power up
Interconnect power up
Node preparation and power up

Describe QFX3000-M system verification


Discuss QFabric system configuration
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 7

After successfully completing this section, you will be able to:


Discuss how to verify system inventory
Describe the physical connectivity of the QFabric system
Describe the initial setup including:
Control Plane Ethernet power up
Director Group power up
Interconnect power up, and
Node preparation and power up
Describe QFX3000-M system verification, and
Discuss QFabric system configuration

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 8

QFabric System Inventory


QFabric Directors (2): DG0 &
DG1

Control Plane Ethernet: CPE-A & CPE-B

2x EX4200-24T
or
2X EX4200-24F

2x QFX3100

QFabric Interconnect (2 or 4): IC0 to IC3

2x or 4x QFX3600-I

QFabric Nodes (maximum is 16 Nodes): N0 to N15

Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.

Up to 16x QFX3600-16Q
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 8

QFabric System Inventory


The QFX3000-M QFabric system is made up of multiple hardware components:
EX4200 switches: Two EX4200 switches are required for a QFX3000-M QFabric system
Up to 24 Gigabit Ethernet ports on each EX4200 switch provide control plane and management network
interconnection
Two small form-factor pluggable (SFP) Gigabit Ethernet uplink ports on each EX4200 switch interconnect
the two EX4200 switches
QFX3100 Director devices: Two QFX3100 Director devices are required for a QFX3000-M QFabric system. Together,
the two Director devices are called a Director Group
QFX3600-I Interconnect devices: Two QFX3600-I Interconnect devices are required for a QFX3000-M QFabric
system; up to four QFX3600-I Interconnect devices can be used in a QFX3000-M QFabric system, and
QFX3500 or QFX3600 Node devices: Up to 16 QFX3500 or QFX3600 Node devices can be connected to the
QFX3000-M QFabric system

Course SSQFAB03A-ML5

Juniper Networks, Inc.

QFX3000-M Technical Overview

Slide 9

Physical Connectivity Overview


 Consoles
Consoles to all the devices

 Management
Management network connectivity for the directors

 Control plane connectivity


1. EX4200s (CPEs) interconnectivity
2. DGs interconnectivity
3. DGs and CPEs connectivity
4. Interconnects and CPEs connectivity
5. QFabric Nodes and CPEs connectivity

 Data plane connectivity


Data plane connectivity is established QSFP ports between Nodes
and Interconnects
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 9

Physical Connectivity Overview


This slide provides an overview of QFabric physical connectivity. Control traffic within a QFabric system is carried
across a redundant, scalable, out-of-band, Ethernet switching network called the control plane Ethernet (CPE)
network. Data traffic within a QFabric system is carried across a redundant, high-performance, and scalable data
plane.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

10

QFX3000-M Technical Overview

Slide 10

Console and Management Ports


QFabric Directors (2): DG0 &
DG1

Control Plane Ethernet: CPE-A & CPE-B

Console
Console

Mgmt

QFabric Interconnect (2 or 4): IC0 to IC3

Console

QFabric Nodes (maximum is 16 Nodes): N0 to N15

QFX3500

QFX3600-16Q

Console
Console

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 10

Console and Management Ports


QFX Series devices have a console port with an RJ-45 connector. Use the console port to connect the device to a
management console or to a console server.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

11

QFX3000-M Technical Overview

Slide 11

Control Plane Connectivity


Director

Control
Network 1
GbE network
connected
To EX4200

Fully redundant
control network;
no single point
of failure.

Control
Network 2
GbE network
connected
To EX4200

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 11

Control Plane Connectivity


A QFX3000-M QFabric system control plane and management network is formed by connecting the QFX Series
devices in your network to two EX4200 switches.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

12

QFX3000-M Technical Overview

Slide 12

Control Plane
EX4200 Port Allocations
ge0/0/16-19
to the
Interconnects

Copper

ge0/0/0-15
to the Nodes

ge0/1/0-1
to the other
EX4200

ge0/0/20-23
to the Directors

Or
ge0/0/16-19
to the
Interconnects

ge0/0/20-23
to the Directors

Fiber

ge0/1/0-1
to the other
EX4200

ge0/0/0-15
to the Nodes

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 12

Control Plane EX4200 Port Allocations


On each EX4200 switch, up to 24 Gigabit Ethernet ports provide control plane and management network
interconnection. Two SFP Gigabit Ethernet uplink ports on each EX4200 switch interconnect the two EX4200
switches.
Specific ports have been reserved on the EX4200 switches to connect to each of the QFX Series device types (as
illustrated on the slide). Such design simplifies installation and facilitates timely deployment of a QFabric system.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

13

QFX3000-M Technical Overview

Slide 13

Control Plane
Connectivity Between EX4200s
The following example assumes the system is using copper for control
plane Ethernet management

CPEs
CPE-A

LAG

CPE-B

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 13

Control Plane Connectivity Between EX4200s


For redundancy and communication, you must connect the two EX4200 switches using the 1-Gigabit Ethernet SFP+
uplink module ports configured as a link aggregation group (LAG).

Course SSQFAB03A-ML5

Juniper Networks, Inc.

14

QFX3000-M Technical Overview

Slide 14

Control PlaneDirector Group


DGs
DG0

DG1

CPEs

CPE-A

2014 Juniper Networks, Inc. All rights reserved.

CPE-B

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 14

Control Plane Director Group


Connecting QFX3100 Director Devices in a Director Group:
QFX3100 Director devices have two 4-port network modules. Use the network module ports to connect the QFX3100
Director Group to the EX4200 switches.
Perform the following steps to connect a QFX3100 Director device to the copper-based CPE network:
Connect both network modules on the first Director device (labeled DG0) to the two EX4200 switches (labeled CPEA and CPE-B). You connect the first two ports (labeled 0 and 1) on the first network module to the first EX4200 switch
(CPE-A). You connect the first two ports on the second network module (also labeled 0 and 1) to the second EX4200
switch (CPE-B).
Connect both network modules on the second Director device (labeled DG1) to the two EX4200 switches (labeled
CPE-A and CPE-B). You connect the first two ports on the first network module to the first EX4200 switch (CPE-A).
You connect the first two ports on the second network module to the second EX4200 switch (CPE-B). The ports used
are the same on each EX4200 switch.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

15

QFX3000-M Technical Overview

Slide 15

Control Plane
Interconnects and Nodes (1 of 2)
CPEs
CPE-A

CPE-B

Nodes

ICs

QFX3500

QFX3600-16Q
ICs: (2 or 4)
QFX3600-I

2014 Juniper Networks, Inc. All rights reserved.

Nodes: (up to 16)


QFX3500 or QFX3600-16Q
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 15

Control Plane Interconnects and Nodes: Part 1


Connecting a QFX3600-I Interconnect Device to a Copper-Based QFX3000-M QFabric System Control Plane
Network:
QFX3600-I Interconnect devices have two 1000BASE-T management ports (labeled C0 and C1) with RJ-45
connectors. For a copper-based control plane network, use the 1000BASE-T management ports to connect the
QFX3600-I Interconnect device to each EX4200 switch (CPE).
Connect the first QFX3600-I Interconnect device as follows:
Connect one end of the first RJ-45 patch cable to the management port labeled C0.
Connect the other end of that cable to port ge-0/0/16 on the first EX4200 switch.
Connect one end of the second RJ-45 patch cable to the management port labeled C1.
Connect the other end of that cable to port ge-0/0/16 on the second EX4200 switch.
For the second, third, and fourth QFX3600-I Interconnect devices, connect respective C0 and C1 management ports
to port ge-0/0/17, ge-0/0/18, and ge-0/0/19 on both EX4200 switches, respectively.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

16

QFX3000-M Technical Overview

Slide 16

Control Plane
Interconnects and Nodes (2 of 2)
CPEs
CPE-A

CPE-B

Nodes

ICs

QFX3500

QFX3600-16Q
ICs: (2 or 4)
QFX3600-I

2014 Juniper Networks, Inc. All rights reserved.

Nodes: (up to 16)


QFX3500 or QFX3600-16Q
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 16

Control Plane Interconnects and Nodes: Part 2


Connecting a Node Device to a Copper-Based QFX3000-M QFabric System Control Plane Network:
Both the QFX3600-16Q and QFX3500 Node devices (with a 1000BASE-T management board installed) have two
1000BASE-T management ports (labeled C0 and C1) with RJ-45 connectors. For a copper-based control plane
network, use the 1000BASE-T management ports to connect the Node device to each EX4200 switch.
Connect a Node device to the copper-based QFX3000-M QFabric system control plane network as follows:
Connect one end of the first RJ-45 patch cable to the first 1000BASE-T management port (labeled C0) on the Node
device front panel.
Connect the other end of that cable to the appropriate port on the first EX4200 switch.
Connect one end of the second RJ-45 patch cable to the second 1000BASE-T management port (labeled C1) on the
Node device front panel.
Connect the other end of that cable to the appropriate port on the second EX4200 switch. This should be the same
port number that you connected to in Step 2. For example, if you connected the first cable to ge-0/0/0 on the first
EX4200 switch, you connect the second cable to ge-0/0/0 on the second EX4200 switch.
Repeat this procedure for each Node device.
Cabling a fiber-based Control Plane for the QFX3000-M QFabric system is not covered in this course.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

17

QFX3000-M Technical Overview

Slide 17

Data PlaneUplink Ports On Node


Nodes

QFX3500
Defaults to uplinks once configured as a Node

QFX3600-16Q

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 17

Data Plane Uplink Ports On Node


To form the data plane in a QFX3000-M QFabric system, you connect the QSFP+ uplink ports on Node devices to the
QSFP+ ports (labeled Q0 through Q15) on the QFX3600-I Interconnect device.
On the QFX3500, QSFP+ uplink ports are labeled Q0 through Q3.
On the QFX3600, QSFP+ ports by default, the four ports (labeled Q0 through Q3) are configured for 40-Gbps
uplink connections. Optionally, you can choose to configure the first eight ports (labeled Q0 through Q7) for the uplink
connections.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

18

QFX3000-M Technical Overview

Slide 18

Data PlaneInterconnects and


Nodes (2 ICs)
Interconnect :IC0 and IC1

QFabric Nodes

QFX3600-16Q

2014 Juniper Networks, Inc. All rights reserved.

QFX3500

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 18

Data Plane Interconnects and Nodes (2 ICs)


For redundancy, each Node device must be connected to each QFX3600-I Interconnect device. For example, if you
have two QFX3600-I Interconnect devices, then at least one uplink port on each Node device must be connected to
each QFX3600-I Interconnect device. If you are connecting all four uplink ports to two QFX3600-I Interconnect
devices, we recommend connecting two uplink ports to each Interconnect device as illustrated on the slide.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

19

QFX3000-M Technical Overview

Slide 19

Data PlaneInterconnects and


Nodes (4 ICs)
Interconnect :IC0 to IC3

QFabric Nodes

QFX3600-16Q
2014 Juniper Networks, Inc. All rights reserved.

QFX3500
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 19

Data Plane Interconnects and Nodes (4 ICs)


If you have four QFX3600-I Interconnect devices, then at least one uplink port on each Node device must be
connected to each QFX3600-I Interconnect device, as illustrated on the slide, totaling four uplink connections per
Node device.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

20

QFX3000-M Technical Overview

Slide 20

Initial SetupPrepare Device as


Node (1 of 2)
 QFX3500 and QFX3600 are pre-configured as QFabric Nodes if they
are ordered with part number QFX-NODE-KIT (zero cost)

Outside of the shipping box


On top of the chassis
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 20

Initial Setup Prepare Device as Node: Part 1


Once you install the hardware for the QFabric system, you can configure the Junos operating system (Junos OS) to
begin using the system. Next, we will discuss which setup activities you need to perform and which activities are
handled automatically by the QFabric system.
First of all, to enable some devices to participate in the QFabric system, you must set the device mode.
If you add the free QFX Series standalone device to the QFabric system Node device conversion kit (Juniper model
number QFX-NODE-KIT) when you order the device from Juniper Networks, the device is shipped to you as a fabricready Node device (indicated by a QFX-NODE label on the shipping carton and the top of the chassis for the device).

Course SSQFAB03A-ML5

Juniper Networks, Inc.

21

QFX3000-M Technical Overview

Slide 21

Initial SetupPrepare Device as


Node (2 of 2)
QFabric Nodes

QFX3600-16Q

QFX3500
Console
root> show chassis device-mode
Current device-mode : Standalone
Future device-mode after reboot : Standalone

root> request chassis device-mode node-device


Device mode set to 'node-device' mode.
Please reboot the system to complete the process.
root> request system reboot
Reboot the system ? [yes,no] (no) yes

These steps are


not necessary if
the devices are
pre-configured as
Nodes

Shutdown NOW!
[pid 5758]
Root>
*** FINAL System shutdown message from root@ ***
System going down IMMEDIATELY
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 21

Initial Setup Prepare Device as Node: Part 2


You can verify the current and future device mode with the show chassis device-mode command.
If it shows the device is in standalone mode, you need to convert your device from standalone mode to Node device
mode with the following steps:
Upgrade the software on your standalone device to a QFabric system Node and Interconnect device software
package that matches the QFabric system complete software package used by your QFabric system.
Issue the request chassis device-mode command and select the desired device mode.
Reboot the device.
Verify that the new device mode has been enabled by issuing the show chassis device-mode command.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

22

QFX3000-M Technical Overview

Slide 22

Initial SetupCPEs
QFabric Directors (2):
DG0 & DG1

Control Plane Ethernet: CPE-A & CPE-B

2x EX4200-24T
or
2x QFX3100

2X EX4200-24F

QFabric Interconnect (2 or 4): IC0 to IC3

2x or 4x QFX3600-I

QFabric Nodes (maximum is 16 Nodes): N0 to N15

Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.

Up to 16x QFX3600-16Q
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 22

Initial Setup CPEs


As mentioned before, specific ports have been reserved on the EX4200 switches to connect to each of the QFabric
system device types. Such design simplifies installation and facilitates timely deployment of a QFabric system. It also
permits the use of a standard EX4200 switch configuration.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

23

QFX3000-M Technical Overview

Slide 23

Initial SetupCPEs (EX4200)


Standard Configuration
CPEs

CPE-A

CPE-B
Console

Check the following link and note the Junos OS version and
configuration:
https://www.juniper.net/support/downloads/?p=qfx3000m#sw
If the version and/or configuration is not the same, load the stated
Junos OS version and configuration.

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 23

Initial Setup CPEs (EX4200) Standard Configuration


The standard configuration applies universally to both EX4200 switches in your QFabric system control plane network.
The following are the two methods of importing the configuration file to the QFX3000-M QFabric system control plane
EX4200 switches:
Download the configuration file onto a USB flash drive from the Juniper Networks software download site before
inserting the USB flash drive into the EX4200 switch USB port.
Copy and paste the configuration from the QFX3000-M QFabric system Deployment Guide.
To import the control plane EX4200 switch configuration file onto a USB flash drive, go to the link shown on the slide,
select QFX3000-M Control Plane Network Configuration, save it to a USB drive, then load the configuration to the
EX4200 by following the standard process.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

24

QFX3000-M Technical Overview

Slide 24

DirectorsPrerequisites (1 of 2)
Use the serial number from the email to generate the MAC address on the
following page:
https://www.juniper.net/generate_license/
Note: a user must have a valid Juniper user ID and password to login to this system

Once that is done, the end user should receive an email with an attachment similar
to the following example:
Serial No:
91151B00053955
Starting Mac Address: [F8.C0.01.F3.20.00]
Number of MAC Address: [4096]
Download the software from the Juniper website if needed
Use the link below for the procedure:
https://www.juniper.net/support/downloads/?p=qfx3000m#sw
Copy the image to USB devices (one for each director)

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 24

Directors Prerequisites: Part 1


To perform the initial setup of the Director Group, you need some key information. Some of this required information is
specific to your environment and provided by your network administrator, while other information is specific to your
QFabric system and obtained through Juniper Networks.
The system-specific information, which includes a system serial number and a valid and unique range of MAC
addresses, is used to ensure the system can be uniquely identified for support and licensing functions and can
interface with other systems without any MAC address conflicts.
After ordering the system, the end user should receive an email with an attachment which contains the serial number
and the instruction to generate the MAC addresses and license activation key(s).

Course SSQFAB03A-ML5

Juniper Networks, Inc.

25

QFX3000-M Technical Overview

Slide 25

DirectorsPrerequisites (2 of 2)
DGs
Hostname (default): qfabric
Virtual IP: 10.94.194.143
Gateway: 10.94.194.254
Starting MAC: F8:C0:01:F3:20:00
Number of MAC: 4096
Serial ID: 91151B00053955
Image Version: 12.1I20120413_0726_dc-builder
Hostname: dg0
IP: 10.94.194.144/24

2014 Juniper Networks, Inc. All rights reserved.

Hostname: dg1
IP: 10.94.194.145/24

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 25

Directors Prerequisites: Part 2


The site-specific information, which includes the Director device addresses, Director Group addresses, management
subnet, gateway address for the management subnet, and the passwords for the Director Group and the system
components, is used to facilitate remote and future console access to the system and its components.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

26

QFX3000-M Technical Overview

Slide 26

Power Up Sequence
QFabric Directors (2): DG0 &
DG1

Control Plane Ethernet: CPE-A & CPE-B

2x EX4200-24T
or

1
2x QFX3100

2X EX4200-24F

QFabric Interconnect (2 or 4): IC0 to IC3

3
2x or 4x QFX3600-I

QFabric Nodes (maximum is 16 Nodes): N0 to N15

4
Up to 16x QFX3500
2014 Juniper Networks, Inc. All rights reserved.

N0 ... N15

Up to 16x QFX3600-16Q

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 26

Power Up Sequence
This slide provides an overview of the sequence in which you will power up the QFabric components. Detailed steps
will be illustrated on the following slides. Note that the EX Series switches with the CPE must be powered up first.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

27

QFX3000-M Technical Overview

Slide 27

Power On DG0
Step 1. Power on DG0
Step 2. Type install at the boot prompt
dg0 console

<SNIP>
SYSLINUX 4.04 2011-04-18 Copyright (C) 1994-2011 H. Peter Anvin et al
Juniper Networks QFX Director Install/Recovery Media
- To boot from local disk you may wait or, press the <ENTER> key.
- To re-install QFabric on this node, type: install <ENTER>.
boot: install
Loading vmlinuz....

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 27

Power On DG0
Before software installation, you insert USBs into each of the two Directors.
Meanwhile, we recommend that you identify which Director device will be DG0 and which Director device will be DG1.
Once you determine the Director device name designations, power on the device designated as DG0. It will detect the
USB during boot up, and then you use the install option.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

28

QFX3000-M Technical Overview

Slide 28

Power On DG1
Step 3. Power on DG1
Step 4. Type install at the boot prompt
dg1 console

<SNIP>
SYSLINUX 4.04 2011-04-18 Copyright (C) 1994-2011 H. Peter Anvin et al
Juniper Networks QFX Director Install/Recovery Media
- To boot from local disk you may wait or, press the <ENTER> key.
- To re-install QFabric on this node, type: install <ENTER>.
boot: install
Loading vmlinuz....

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 28

Power On DG1
No less than two minutes after powering on the first director, power on the second. The second Director encounters
an existing Director device within the group (DG0) and then becomes DG1. The two Director devices are then
mirrored and synchronized, which can take about 25 minutes.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

29

QFX3000-M Technical Overview

Slide 29

DG0 Initial Configuration (1 of 3)


Step 5. About 10 minutes later, initial configuration (1/3)
- enter y since this is the initial setup
dg0 console

dg0 login: root


Juniper QFabric Director 12.1.6425 2012-04-13 00:36:05 UTC
Before you can access the QFabric switch, you must complete the
initial setup of the Director group by using the steps that follow.
If the initial setup procedure does not complete successfully, log
out of the Director device and then log back in to restart this
setup menu.
Continue?[y/n] y
Initial Configuration
You may enter the configuration manually or restore from a backup.
Specify a backup file? [y/n] : n
Existing local configuration:

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 29

DG0 Initial Configuration: Part 1


About 10 minutes later, you are asked to perform the initial configuration. Enter y since this is the initial setup.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

30

QFX3000-M Technical Overview

Slide 30

DG0 Initial Configuration (2 of 3)


Step 5. Initial configuration (2/3)
- enter the text highlighted in bold
dg0 console

Please enter the Director Group 0 IP address and prefix: 10.94.194.144/24


Please enter the Director Group 1 IP address and prefix: 10.94.194.145/24
Please enter the Director Group gateway IP address: 10.94.194.254
Please enter the QFabric default partition IP address: 10.94.194.143
Would you like to input IPv6 addresses for Director Group nodes? (y/n): n
Did not find an existing config to check against the product id USB
Using MAC Start [] Count [] Serial Id [] ProductType []
Use these values? MAC addresses starting at : F8:C0:01:F3:20:00
Please enter starting MAC address: F8:C0:01:F3:20:00
Please enter the number of MAC addresses: 4096
Please enter the QFabric serial ID [maximum 36 characters]: 91151B00053955
Please enter a Director device root password: <YourPWD>
Please re-enter password: <YourPWD>
Please enter a password for QFabric components (Node devices, Interconnect
devices, and infrastructure): <YourPWD>
Please re-enter password: <YourPWD>

[root@dg0 ~]# /root/reset_initial_configuration.sh


2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 30

DG0 Initial Configuration: Part 2


Input the key information prepared in the previous slides, along with other required parameters.
This sample output includes IPv4 management address definitions only.
To invoke the script manually, you can use the command shown at the bottom of the slide.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

31

QFX3000-M Technical Overview

Slide 31

DG0 Initial Configuration (3 of 3)


Step 5. Initial configuration (3/3)
- enter the text highlighted in bold
dg0 console

Supported platform types:


1. QFX3000-G
2. QFX3000-M
Please select product type: 2
Note: please record your passwords for recovery purposes
Does the following configuration appear correct?
Director Group 0 IP/Prefix
[10.94.194.144/24]
Director Group 1 IP/Prefix
[10.94.194.145/24]
Director Group Gateway
[10.94.194.254]
Starting MAC Address
[F8:C0:01:F3:20:00]
Number of MAC Address
[4096]
QFabric Default Partition IP
[10.94.194.143]
QFabric serial ID
[91151B00053955]
Director Device Password
[********]
QFabric component Password:
[********]
Product Type:
[QFX3000-M]
y/n > y
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 31

DG0 Initial Configuration: Part 3


Note that the QFX3000-M platform type (select option 2 as shown on the slide) is required for deployment scenarios
that use the QFX3600-I Interconnect devices.
Once the initial setup of the Director Group has been performed you should be able to access the Director devices
and the fabric admin CLI through the out-of-band management network using SSH.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

32

QFX3000-M Technical Overview

Slide 32

Power On Interconnects and


Node Devices
1. Power on QFabric Interconnect devices
2. Power on the QFabric Node devices

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 32

Power On Interconnects and Node Devices


After the Director Group is running, your focus turns to the Interconnect devices and Node devices participating in the
system.
We recommend you bring up the Interconnect devices first and then the Node devices.
Note that, for QFX3000-M deployments where the QFX3600-I Interconnect devices are used, the Director devices
must be running Junos OS release 12.2 or later. If the Director Group software version is a release prior to 12.2, the
QFX3600-I Interconnect devices will not join the system.
For all deployment scenarios, you must ensure the software version on Node devices is compatible with the QFabric
system. The initial software version and some subsequent images used on the QFX3500 devices are not compatible
with the QFabric system. If the software image running on the Node devices is not compatible with the QFabric
system, you must upgrade the Node devices to a compatible image.
The software version running on the Interconnect and Node devices does not need to be the same version of software
running on the Director Group. As long as the images on the Interconnect devices and Node devices are compatible
with the version running on the Director Group, the Director Group will register those devices and automatically
upgrade them to the version running on the Director Group.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

33

QFX3000-M Technical Overview

Slide 33

System Verification
[root@dg0 /]# cli
RUNNING ON DIRECTOR DEVICE : dg0
root@qfabric>
root@qfabric> show fabric administration inventory
Item
Identifier
Connection
Node group
BBAP0751
Connected
BBAP0751
Connected
BBAP7817
Connected
BBAP7817
Connected
NW-NG-0
Connected
P3710-C
Connected
P3710-C
Connected
P3724-C
Connected
P3724-C
Connected
Interconnect device
IC-BBAK7833
Connected
BBAK7833/RE0
Connected
IC-BBAP0741
Connected
BBAP0741/RE0
Connected
Fabric manager
FM-0
Connected
Fabric control
FC-0
Connected
FC-1
Connected
Diagnostic routing engine
DRE-0
Connected

Configuration
Configured
Configured
Configured
Configured
Configured

Configured
Configured

Configured
Configured
Configured
Configured

root@qfabric>
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 33

System Verification
Once you have performed the required steps previously mentioned, you should see all components registered with the
system. This slide shows a sample output, listing the various Node devices and Interconnect devices along with the
Routing Engines (REs) required to support the system.
The state of each component must be Connected and Configured. Based on the sample output shown in the
example on the slide, we see that the components registered with the system are properly connected and configured.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

34

QFX3000-M Technical Overview

Slide 34

Logging In to a QFabric Component


root@QFabric> request component login ?
Possible completions:
<node-name>
Inventory name for the remote node
DRE-0
Diagnostic routing engine
FC-0
Fabric control
FC-1
Fabric control
FM-0
Fabric manager
NW-NG-0
Node group
P2687-C
Node device
P3463-C
Node device
P4376-C
Node device
P4697-C
Node device
P4850-C/RE0
Interconnect device control board
P4891-C/RE0
Interconnect device control board
RSNG-1
Node group
row1-rack1
Node device
row1-rack2
Node device
row1-rack3
Node device
row1-rack4
Node device
root@QFabric-transit> request component login P2687-C
--- JUNOS 12.2X50-D11.1 built 2012-07-14 01:07:49 UTC
root@P2687-C%
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 34

Logging In to a QFabric Component


To initiate a connection to the remote components within a QFabric system, you use the request component login
component-name command as shown on the slide. This command allows you to connect to Node devices and
Interconnect devices as well as the various REs throughout the system.
To gain access, you must first provide the qfabric-admin or qfabric-operator class privilege to your user.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

35

QFX3000-M Technical Overview

Slide 35

System Time Synchronization


 Network Time Protocol (NTP) enables you to
synchronize the time across the network
 QFabric components get time from the Director
devices (DG0 as primary source and DG1 as
backup)

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 35

System Time Synchronization


Network Time Protocol (NTP) enables you to synchronize the time across the network. This is especially helpful for
correlating log events and replicating databases and file systems. The QFabric system synchronizes time with servers
that are external to the system and operates in client mode only. Within the system, all components are configured
when provisioned to synchronize their time with the Director Group.
To configure NTP, include the server address and authentication-key statements at the [edit system ntp] hierarchy
level.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

36

QFX3000-M Technical Overview

Slide 36

QFabric Node Groups


 Server Node Group (SNG)
Host facing ports, servers, blade chassis, and storage devices
Host facing protocols, ARP, LLDP, LACP IGMP, and DCBx
1 QFabric Node

 Redundant Server Node Group (RSNG)


Host facing ports, servers, blade chassis, and storage devices
Host facing protocols, ARP, LLDP, LACP, IGMP, DCBx, etc.
2 QFabric Nodes

 Network Node Group (NNG)


Network facing ports, firewall, routers, SLB, etc.
On top of host facing protocols, it also supports networking
protocols, i.e. RP, xSTP, PIM, etc.
Up to 8 QFabric Nodes
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 36

QFabric Node Groups


On this slide we summarize the different Node groups. Server Node Group (SNG) and Redundant Server Node Group
(RSNG) only support the host facing protocols. The difference between the two is that there is a single Node in the
SNG and two Nodes in the RSNG.
Network Node Group (NNG) is a superset of the SNG or RSNG and supports all the protocols.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

37

QFX3000-M Technical Overview

Slide 37

Node Groups Configuration


 Aliasing

root@QFabric# set fabric aliases node-device BBAK1238 LC0

 SNG

root@QFabric# set fabric resources node-group sng1 node-device LC0

 RSNG

root@QFabric# set fabric resources node-group rsng1 node-device LC1


root@QFabric# set fabric resources node-group rsng1 node-device LC2

 NNG

root@QFabric# set fabric resources node-group NW-NG-0 network-domain


root@QFabric# set fabric resources node-group NW-NG-0 node-device LC3
root@QFabric# set fabric resources node-group NW-NG-0 node-device LC4

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 37

Node Groups Configuration


When a QFabric Node joins the QFabric system, it is identified by its serial number by default. Managing a large set of
QFabric Nodes by their serial numbers can be a daunting task. Therefore, the Junos OS allows you to create alias
names for each QFabric Node. Once defined, the alias name can be referenced within the configuration and operation
commands.
Because a QFabric Node needs to be part of a Node group; the Node group membership is done under the resource
of the fabric, then the resource. For the SNG and RSNG, the name can be any arbitrary name. The NNG is the
exception to this rule. The name of an NNG is always NW-NG-0. Node group membership is a QFabric Node level,
meaning a Node can only be a member of one Node group. Membership cannot be split into different Node groups.
To define an SNG, you just need to bind one QFabric Node to a Node group. For RSNG, two QFabric Nodes need to
be a member of the same Node group. You can define what QFabric Nodes go into the NNG. In addition, the networkdomain needs to be configured under the NNG. Again, for the NNG, the name is always NW-NG-0 and this is a set
name which you cannot modify.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

38

QFX3000-M Technical Overview

Slide 38

Lab 1 QFX3000-M Initial Setup and


Configuration
 Run the initial setup script

 Configure network interfaces

 Verify that the system inventory is as expected

 Log in to a system component and verify its status

 Perform initial configuration tasks on the system

 Pause this presentation, follow the link shown below to


Junipers Virtual Lab environment, open the Lab Guide, and
complete Lab 1
https://virtuallabs.juniper.net/

Upon completing Lab 1, return to this presentation and


click the Play button ( ) to proceed.
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 38

Lab 1 QFX3000-M Initial Setup and Configuration


This lab demonstrates some initial configuration tasks performed when deploying a QFabric system.
In this lab, you will:
Run the initial setup script,
Verify that the system inventory is as expected,
Perform initial configuration tasks on the system,
Configure network interfaces, and
Log in to a system component and verify its status
At this point, you should pause this presentation, follow the link to Junipers Virtual Lab environment, open the Lab
Guide, and complete the lab portion of this section. When you are finished, return to this presentation and click Play to
continue.
Enter Virtual Lab:
https://virtuallabs.juniper.net/

Course SSQFAB03A-ML5

Juniper Networks, Inc.

39

QFX3000-M Technical Overview

Slide 39

Section Summary
 In this section, we:
Discussed how to verify system inventory
Described the physical connectivity of the QFabric system
Described the initial setup, including:
CPE power up
DG power up
IC power up
QFabric Node preparation and power up

Described QFX3000-M system verification


Discussed QFabric system configuration

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 39

In this section, we:


Discussed how to verify system Inventory
Described the physical connectivity of the QFabric system
Described the initial setup including:
CPE power up
DG power up
IC power up, and
Nodes preparation and power up
Described QFX3000-M system verification, and
Discussed QFabric system configuration

Course SSQFAB03A-ML5

Juniper Networks, Inc.

40

QFX3000-M Technical Overview

Slide 40

Learning Activity 1: Question 1


 How many EX4200 switches are required for the
CPE network on a QFX3000-M QFabric system?
A) 1
B) 2
C) 4
D) 8

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 40

Learning Activity 1: Question 1

Course SSQFAB03A-ML5

Juniper Networks, Inc.

41

QFX3000-M Technical Overview

Slide 40

Learning Activity 1: Question 2


 After ordering a system, the end user should
receive an email with an attachment that will
contain which two of the following pieces of
information? (Select two.)
A) System inventory
B) Instruction to generate the MAC addresses and license activation
key(s)
C) Serial number
D) Sequence for powering on the system devices

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 40

Learning Activity 1: Question 2

Course SSQFAB03A-ML5

Juniper Networks, Inc.

42

QFX3000-M Technical Overview

Slide 41

QFX3000-M
Technical Overview

Layer 2 Features, Configuration,


and Monitoring

2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

Layer 2 Features, Configuration, and Monitoring

Course SSQFAB03A-ML5

Juniper Networks, Inc.

43

QFX3000-M Technical Overview

Slide 42

Section Objectives
 After successfully completing this course, you will
be able to:

Describe the QFabric interface naming convention


Describe Layer 2 interface configuration
Discuss interface ranges
Discuss VLAN configuration
Describe LAG configuration
Describe VLAN and interface verification
Describe QFabric Layer 2 design cases

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 42

After successfully completing this section, you will be able to discuss:


Describe the QFabric interface naming convention
Describe Layer 2 interface configuration
Discuss interface ranges
Discuss VLAN configuration
Describe LAG configuration
Describe VLAN and interface verification, and
Describe QFabric Layer 2 design cases

Course SSQFAB03A-ML5

Juniper Networks, Inc.

44

QFX3000-M Technical Overview

Slide 43

QFabric Interface Naming


Convention

node1:xe-0/0/1
Node

Port number

Interface type
ge gigabit
xe ten gigabit
Flexible PIC Concentrator
(FPC) slot/module

2014 Juniper Networks, Inc. All rights reserved.

Physical Interface Card (PIC)


sub-slot of the slot/module

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 43

QFabric Interface Naming Convention


QFabric follows the same interface naming convention as EX Series switches. Therefore, if you are familiar with EX
Series switch configuration, operating and configuring a QFabric system should only entail a slight learning curve.
The standard Junos OS port naming convention uses a three-level identifier for the port the interface type, Flexible
PIC Concentrator (FPC) number, Physical Interface Card (PIC) number, and then the port number. For QFabric, the
interface naming convention has been enhanced to four levels, where a chassis-level identifier is added. The QFabric
interface naming scheme adds the QFabric Node followed by a colon in front of the standard naming convention of
interface type, FPC number, PIC number, and port number. The QFabric Node can be either the serial number or the
alias name that has been assigned to the Node.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

45

QFX3000-M Technical Overview

Slide 44

QFabric Layer 2 Interface


Configuration
EX Series configuration

QFabric configuration

Access
xe-0/0/0 {
unit 0 {
family ethernetswitching;
}
}

Access
node1:xe-0/0/1 {
unit 0 {
family ethernetswitching;
}
}

Trunk
xe-0/0/1 {
unit 0 {
family ethernetswitching {
port-mode trunk;
}
}
}

Trunk
ED3701:xe-0/0/2 {
unit 0 {
family ethernetswitching {
port-mode trunk
}
}
}

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 44

QFabric Layer 2 Interface Configuration


The slide provides a comparison of the Layer 2 interface configuration used for the EX Series switches and the
QFabric system. Other than the difference in the interface naming format, the Layer 2 interface configuration syntax
for EX Series switches and QFabric systems is the same.
There are two different Layer 2 interface types access and trunk. Either can be configured on any Node group.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

46

QFX3000-M Technical Overview

Slide 45

Show Layer 2 Interfaces


Access Port
[edit interfaces]
netadmin@qfabric# set row1-rack1:xe-0/0/0.0 family ethernet-switching portmode access
netadmin@qfabric> show ethernet-switching interfaces row1-rack1:xe-0/0/0
detail
Interface: row1-rack1:xe-0/0/0.0, Index: 82, State: up, Port mode: Access
Ether type for the interface: 0x8100
VLAN membership:
default, untagged, unblocked
Number of MACs learned on IFL: 0

Trunk Port
[edit interfaces]
netadmin@qfabric# set row1-rack1:xe-0/0/0.0 family ethernet-switching portmode trunk
netadmin@qfabric> show ethernet-switching interfaces row1-rack1:xe-0/0/1
detail
Interface: LC2:xe-0/0/1.0, Index: 89, State: down, Port mode: Trunk
Ether type for the interface: 0x8100
Number of MACs learned on IFL: 0

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 45

Show Layer 2 Interfaces


The standard Junos OS show interfaces command is available. Another helpful interface command for Layer 2 ports
is
show ethernet-switching interfaces <QFabric Node:interface_type-fpc/pic/port> which can be used to limit the
results to a particular Node, interface type, FPC, PIC, or port number.
Examples are shown on the slide for access and trunk interfaces.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

47

QFX3000-M Technical Overview

Slide 46

Interface Range
interfaces {
interface-range dev-cluster {
member-range row1-rack1:xe-0/0/0 to row1-rack1:xe-0/0/47;
member-range row1-rack2:xe-0/0/0 to row1-rack2:xe-0/0/47;

Supported

member-range row1-rack3:xe-0/0/0 to row1-rack3:xe-0/0/15;


unit 0 {
family ethernet-switching;
}
}
interfaces {
interface-range dev-cluster {
member-range row1-rack1:xe-0/0/0 to row1-rack3:xe-0/0/15;
Unsupported

unit 0 {
family ethernet-switching;
}
}

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 46

Interface Range
To simplify configuration, the Junos OS allows grouping a range of identical interfaces that share the same
configuration. This reduces the time and effort required to configure a large set of interfaces. The range can be
defined with a start-interface and an end-interface syntax or with a regular expression. Either method is supported,
but the interface range is limited within one QFabric Node. A range cannot span multiple QFabric Nodes.
The example on the slide shows both supported and unsupported configurations.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

48

QFX3000-M Technical Overview

Slide 47

VLAN Configuration
Define the VLAN

VLAN port membership

[edit vlans]

VLAN centric

netadmin@qfabric# set default vlan-id 1


netadmin@qfabric> show vlans
Name

Tag

Interfaces

[edit vlans]
netadmin@qfabric# set default interface row1rack1:xe-0/0/0.0

default 1
row1-rack1:xe-0/0/0.0*, row1-rack1:xe0/0/0.1*, row1-

Port centric

rack2:xe-0/0/3.0*,

[edit interfaces]

RSNG-1:ae0.0*, NW-NG-0:ae0.0*

netadmin@qfabric# set row1-rack1:xe-0/0/0.0


family ethernet-switching port-mode
trunk vlan members [1-10 21 50-100]
[edit interfaces]
netadmin@qfabric# set row1-rack1:xe-0/0/0.0
family ethernet-switching port-mode
trunk native-vlan-id 1 vlan members [2-25]

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 47

VLAN Configuration
Virtual LANs (VLANs) allow users to control the size of a broadcast domain and, more importantly, group ports in a
Layer 2 switched network into the same broadcast domain as if they are connected on the same switch, regardless of
their physical location. QFabric architecture is no exception.
The VLAN database is configured under the [vlan] stanza. There are two methods for assigning a port to a VLAN
port centric and VLAN centric. Either method is valid, but if interface range or group profile is not being used, then for
ease of VLAN management, we recommend that VLAN membership for the access port be done under the VLAN
method and under the port method for the trunk port.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

49

QFX3000-M Technical Overview

Slide 48

QFabric LAG Configuration


EX Series configuration
chassis {
aggregated-devices {
ethernet {
device-count 8;
}
}
}
}

QFabric configuration
Server Node Group
chassis {
node-group SNG-1 {
aggregated-devices {
ethernet {
device-count 8;
}
}
}
}

Server-Pair Node Group


chassis {
node-group RSNG-1 {
aggregated-devices {
ethernet {
device-count 8;
}
}
}
}

Network Node Group


chassis {
node-group NW-NG-0 {
aggregated-devices {
ethernet {
device-count 8;
}
}
}
}

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 48

LAG configuration
Link aggregation provides link redundancy as well as increased bandwidth. QFabric supports both static and dynamic
LAGs, which can be configured on any QFabric Node.
The slide provides a comparison of the LAG configuration used for EX Series switches and QFabric systems.
With EX Series switches, you configure the number of supported LAGs under the chassis level in the configuration.
With QFabric, this is done at the node group level. If there is LAG support across multiple node groups then you need
to configure the number of supported LAG groups on a per-node group level. The QFabric configuration example on
the right of the slide shows the configuration for SNG, RSNG, and NNG, respectively.
The basic steps of QFabric LAG configuration are as follows:
Define the number of supported LAGs per node group
Assign the interface to a LAG interface
Configure the LAG interface

Course SSQFAB03A-ML5

Juniper Networks, Inc.

50

QFX3000-M Technical Overview

Slide 49

QFabric LAG Configuration


Same Member
EX Series configuration

QFabric configuration

xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}

node2:xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}

xe-0/0/1 {
ether-options {
802.3ad ae0;
}
}

node2:xe-0/0/1 {
ether-options {
802.3ad sng-1:ae0;
}
}

ae0 {

sng-1:ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}

aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}

2014 Juniper Networks, Inc. All rights reserved.

}
}

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 49

QFabric LAG Configuration Same Member


This slide illustrates a comparison of the LAG configuration on an EX Series switch and a QFabric system.
You need to configure or bind the physical interface to the aggregated interface. Note that the physical interface is
done at the QFabric Node level.
All common LAG parameters across child LAG members are centralized to the LAG interface itself. These include
Link Aggregation Control Protocol (LACP), speed, duplex, and so on. While the example shown on the slide is for a
Layer 2 interface, for Layer 3 the family needs to change from ethernet-switching to inet, because Layer 3 is only
supported on NNG.
There are two typical LAG deployments same member and cross member. Note that in the configuration example
on the slide for the QFabric system, the member links participating in the sng-1:ae0 LAG are associated with the
same Node devices. Same member LAGs can be configured on any Node group.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

51

QFX3000-M Technical Overview

Slide 50

QFabric LAG Configuration


Cross Member
EX Series configuration

QFabric configuration

xe-0/0/0 {
ether-options {
802.3ad ae0;
}
}

node3:xe-0/0/0 {
ether-options {
802.3ad rsng-2:ae0;
}
}

xe-1/0/0 {
ether-options {
802.3ad ae0;
}
}

node4:xe-0/0/0 {
ether-options {
802.3ad rsng-2:ae0;
}
}

ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;

rsng-2:ae0 {
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;

}
}

2014 Juniper Networks, Inc. All rights reserved.

}
}

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 50

QFabric LAG Configuration Cross Member


The second LAG deployment, cross member, is shown on this slide.
This cross member device configuration option is available only within RSNGs and NNGs.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

52

QFX3000-M Technical Overview

Slide 51

Spanning Tree Protocol


 STP only processed through NNG
 STP not required on SNG or RSNG
Disable STP
Otherwise the ports will go down due to BPDU protect

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 51

Spanning Tree Protocol


While there is no need to run the Spanning Tree Protocol (STP) within the QFabric system, there might be deployment
scenarios that require its use when connecting the QFabric system with another Layer 2 device. STP bridge protocol
data units (BPDUs) can only be received and processed through interfaces associated with the NNG.
All SNGs are automatically configured to block BPDUs and disable their interfaces should they receive BPDUs.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

53

QFX3000-M Technical Overview

Slide 52

MonitoringInterface and
VLAN Verification
root@qfabric> show interfaces terse |
match node
Node-0:ge-0/0/12 up up

root@qfabric> show vlans


Name

Tag

Interfaces

default

Node-0:xe-0/0/24 up up

Node-2:ge-0/0/12.0*, Node-3:ge-0/0/12.0*

Node-1:ge-0/0/12 up up
Node-1:xe-0/0/24 up up
Node-2:xe-0/0/10 up up
Node-2:ge-0/0/12 up up
Node-2:ge-0/0/12.0 up up eth-switch

root@qfabric> show ethernet-switching interfaces


Interface

State

VLAN members Tag Tagging Blocking

Node-2:ge-0/0/12.0 up default

untagged unblocked

Node-3:ge-0/0/12.0 up default

untagged unblocked

Node-3:ge-0/0/6 up up
Node-3:ge-0/0/8 up up
Node-3:xe-0/0/10 up up
Node-3:ge-0/0/12 up up
Node-3:ge-0/0/12.0 up up eth-switch
Node-3:xe-0/0/20 up up

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 52

Monitoring Interface and VLAN Verification


The slide is illustrating some commands that can be used to verify Layer 2 interfaces and VLAN associations. The
match command is a handy way to make the output easier to read and narrow down the information. Using the show
vlans and show ethernet-switching interfaces commands can help you verify the status of interfaces currently
configured for Layer 2 operations.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

54

QFX3000-M Technical Overview

Slide 53

Layer 2 Deployment
 MX Series or SRX Series is the first-hop router
Advanced services, such as MPLS/VPLS, security
Requires large host table (ARP) and/or MAC table

 QFabric is a pure Layer 2 switch


L3

MX
Series

MPLS/VPN

Internet

L2
SRX
Series

Servers

2014 Juniper Networks, Inc. All rights reserved.

Storage

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 53

Layer 2 Deployment
Next, we will take a look at QFabric Layer 2 design in the data center.
In this particular deployment scenario shown on the slide, the first hop router is either the MX Series or SRX Series
devices and the QFabric is strictly a Layer 2 connection. This deployment is good for scenarios where the customer
needs advanced services, such as MPLS, virtual private LAN Service (VPLS), or security on the SRX Series devices.
Another type of requirement might be because of a large scale table, such as host tables and/or media access control
(MAC).

Course SSQFAB03A-ML5

Juniper Networks, Inc.

55

QFX3000-M Technical Overview

Slide 54

Common Layer 2 Design Use Cases

Rack Servers

Blade Chassis

Network Node Group

LAG

Rack
Servers

2014 Juniper Networks, Inc. All rights reserved.

Blade Switches and


Blade Chassis

CONFIDENTIAL

MX Series

SRX Series

SSQFAB03A-ML5

www.juniper.net | 54

Common Layer 2 Design Use Cases


The slide introduces the common Layer 2 connection types found in data center environments. The rack servers and
blade chassis connections can associate with any Node group type, but are often made with SNGs and RSNGs. As
the name implies, the network node group connections are associated with the NNG only.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

56

QFX3000-M Technical Overview

Slide 55

Rack Server Use Case


 Rack server connection

Single Attached

SNG

2014 Juniper Networks, Inc. All rights reserved.

Dual Attached

Dual Homed

(L) Active/Passive
(R) Active/Active

(L) Active/Passive
(R) Active/Active

SNG

RSNG

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 55

Rack Server Use Case


Rack servers are usually 1 to 2 rack units in height. From a cabling perspective, because there are usually multiple
network interface cards (NICs) within each server, a top of rack (ToR) deployment will usually provide the best
solution in terms of total cost of ownership (TCO). The reason ToR deployment is favorable is that the cabling from the
server to the switch is within the rack and does not need to be run to another rack. Another reason a ToR deployment
is favorable is because it provides flexibility and modularity. One of the drawbacks with ToR deployments is that it
adds another device to manage. However, this drawback does not apply to the QFabric system, because QFabric is a
single device.
The three connection methods used by rack servers are as follows:
Single attached: With the single attached method, there is only one connection between the server and network
device. In this type of model or this type of connection, the high availability (HA) is built into the application. If the
server goes down, there is another server that will take over.
Dual Attached: There are two different types of the dual attached connection active/passive or active/active. In
active/passive, it is basically two separate links one is the primary and one is the backup in case the primary fails.
With active/active, there are two types. In the first, the NICs are in two different VLANs and have different IP
addresses. In the second, the NIC teams are bonded, in the sense that they are sharing the same IP address or MAC
address.
Dual Homed: With the dual homed connection method, the server is connected to two different devices, or line cards,
and you not only have link redundancies but you also have device redundancy in the sense that one device will not
bring down the connections to the server. There are two dual homed configuration method types active/passive and
active/active. The type of QFabric Node connections to these servers will be dependent on how the NICs are
configured in terms of an active/passive or active/active configuration scenario.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

57

QFX3000-M Technical Overview

Slide 56

Single Attached Example


QFabric system
interfaces {
LC0:xe-0/0/0 {
description "Bldg 1, RackA-Row1";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 11-15;
}
}
}
}
}

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 56

Single Attached Example


Next, we will look at some configuration examples.
On this slide we will look at a single attached connection. The only difference between the QFabric system and the EX
Series switch configuration entry is, as mentioned previously, the interface naming convention. In the example on the
slide, the connection is a single port link with a trunk port connection to the server, where its members are VLANs 11
through 15.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

58

QFX3000-M Technical Overview

Slide 57

Dual-Attached Example
(Active/Passive or Active/Active)

QFabric system

2014 Juniper Networks, Inc. All rights reserved.

chassis {
node-group sng1-B1-A-1 {
aggregated-devices {
ethernet {
device-count 24;
}
}
}
}
interfaces {
interface-range sng1-ae0 {
member-range LC0:xe-0/0/0 to LC0:xe-0/0/1;
description active-active;
ether-options {
802.3ad ae0;
}
}
sng1-B1-A-1:ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 11-15;
}
}
}
}
}

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 57

Dual-Attached Example (Active/Passive or Active/Active)


For dual-attached connections, in the active-passive configuration, there can be two separate access ports. The
configuration for two separate access ports is the same as the previous slide.
If you are doing an active/active connection, that means its going to be a LAG configuration. You just need to follow
the 3-step procedure discussed previously to complete the LAG configuration.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

59

QFX3000-M Technical Overview

Slide 58

Dual Homed RSNG or NNG

QFabric system

RSNG

2014 Juniper Networks, Inc. All rights reserved.

chassis {
node-group rsng1-B1-A-1 {
aggregated-devices {
ethernet {
device-count 24;
}
}
}
}
interfaces {
interface-range rsng1-ae0 {
member LC0:xe-0/0/0;
member LC1:xe-0/0/0;
ether-options {
802.3ad ae0;
}
}
rsng1-B1-A-1:ae0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 11-15;
}
}
}
}
}
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 58

Dual Homed RSNG or NNG


Dual homed connections, which again means that the device is being connected to two different nodes, will depend on
the configuration type of the NICS. If the configuration is active/passive, the dual homed connection can be between
two different node groups.
If the configuration is active/active, the dual homed configuration should be configured as an RSNG. If there is a plan
to migrate into an active/active configuration, then it is recommended to connect the server to an RSNG. Again, from a
configuration standpoint, you need to find the number of supported LAGs in the RSNG. After that, you define the LAG
interface and the LAG configuration by following the steps discussed previously.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

60

QFX3000-M Technical Overview

Slide 59

Lab 2 QFX3000-M Layer 2


Configuration
 Load a known good starting configuration on your QFabric system
 Convert Node 4 to a standalone switch and load a predefined configuration
 Configure interfaces for Layer 2 operations as either access ports or trunk ports
 Monitor Layer 2 operations through the fabric admin and system components

https://virtuallabs.juniper.net/

Upon completing the lab, return to this presentation


and click the Play button ( ) to proceed.
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 59

Lab 2 QFX3000-M Layer 2 Configuration


This lab demonstrates some configuration and monitoring tasks associated with Layer 2 features on a QFabric
system.
In this lab, you will:
Load a known good starting configuration on your QFabric system,
Convert Node-4 to a standalone switch and load a predefined configuration,
Configure interfaces for Layer 2 operations as either access ports or trunk ports, and
Monitor Layer 2 operations through the fabric admin and system components
At this point, you should return to the Virtual Lab session you opened previously and complete the lab portion of this
section. When you are finished, return to this presentation and continue.
Enter Virtual Lab:
https://virtuallabs.juniper.net/

Course SSQFAB03A-ML5

Juniper Networks, Inc.

61

QFX3000-M Technical Overview

Slide 60

Section Summary
 In this section, we:

Described the QFabric interface naming convention


Described Layer 2 interface configuration
Discussed interface ranges
Discussed VLAN configuration
Described LAG configuration
Described VLAN and interface verification
Described QFabric Layer 2 design cases

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 60

In this section, we discussed:


Described the QFabric interface naming convention
Described Layer 2 interface configuration
Discussed interface ranges
Discussed VLAN configuration
Described LAG configuration
Described VLAN and interface verification, and
Described QFabric Layer 2 design cases

Course SSQFAB03A-ML5

Juniper Networks, Inc.

62

QFX3000-M Technical Overview

Slide 61

Learning Activity 2: Question 1


 The Layer 2 interface configuration syntax for EX
Series switches and the QFabric system is the
same except for which of the following?
A) LAG creation
B) Trunk mode use
C) VLAN configuration
D) Interface naming convention

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 61

Learning Activity 2: Question 1

Course SSQFAB03A-ML5

Juniper Networks, Inc.

63

QFX3000-M Technical Overview

Slide 61

Learning Activity 2: Question 2


 Which group is automatically configured to block
BPDUs and disables its interfaces should they
receive BPDUs?
A) NNG
B) RSNG
C) SNG
D) NWNG

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 61

Learning Activity 2: Question 2

Course SSQFAB03A-ML5

Juniper Networks, Inc.

64

QFX3000-M Technical Overview

Slide 62

QFX3000-M
Technical Overview

Layer 3 Features, Configuration,


and Monitoring

2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

Layer 3 Features, Configuration, and Monitoring

Course SSQFAB03A-ML5

Juniper Networks, Inc.

65

QFX3000-M Technical Overview

Slide 63

Section Objectives
 After successfully completing this section, you will
be able to:
Discuss Layer 3 implementation
Discuss routed VLAN interface configuration and
verification
Discuss static routes on QFabric systems
Describe QFabric OSPF support
Describe QFabric VRF-Lite support

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 63

After successfully completing this section, you will be able to:


Discuss Layer 3 implementation
Discuss routed VLAN interface configuration and verification
Discuss static routes on QFabric systems
Describe QFabric OSPF support, and
Describe QFabric VRF-Lite support

Course SSQFAB03A-ML5

Juniper Networks, Inc.

66

QFX3000-M Technical Overview

Slide 64

Layer 3 Deployment
 MX Series connection to the outside world
 SRX Series L2 or L3, depending on requirement
 QFabric is the firsthop router
MX
Internet
MPLS/VPN
Series
L3

L2

SRX
Series

Servers
2014 Juniper Networks, Inc. All rights reserved.

Storage
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 64

Layer 3 Deployment
One of the primary decisions that must be made to provide Layer 3 gateway and routing services relates to placement
of the first hop router. This decision is ultimately determined by your design and traffic flow requirements. You have a
number of options when it comes to the implementation of the first hop router SRX Series, MX Series, QFabric, or
some combination of the three.
QFabric can do Layer 2 and Layer 3 forwarding on the QFabric Node. This essentially means that QFabric can be the
first hop router. In such a case, the Layer 3 boundary will move from the SRX Series or MX Series to the QFabric. The
MX Series will still provide access to the outside world and the SRX Series will still provide the security services.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

67

QFX3000-M Technical Overview

Slide 65

QFabric Layer 3 Implementation


 Traditional Network
VRRP provides gateway redundancy for host device
Increases gateway availability by eliminating a single
point of failure

 QFabric
Is a single device
Every Node Group is capable of performing Layer 3
RVI resides on NNG, but is present on every Node Group
that is a member of a VLAN with VLAN routing enabled
VRRP is no longer needed in QFabric deployment

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 65

QFabric Layer 3 Implementation


With QFabric being the first hop router, one of the most commonly asked questions regards Virtual Router
Redundancy Protocol (VRRP). Where is VRRP configured within QFabric? In the traditional network, VRRP is usually
required when there are two separate systems that are providing gateway functionality to the host. QFabric differs
simply because it is a single system. The routed VLAN interface (RVI), which is going to be the gateway to the host,
resides on the NNG (or SNG or RSNG) but is shared and present on all the QFabric Nodes. As long as the nodegroup is part of a VLAN that has VLAN routing enabled (in this case RVI configured), then VRRP is not required.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

68

QFX3000-M Technical Overview

Slide 66

Layer 3
 IP interface
Layer 3 interfaces can only be configured on NNG interfaces
Both at the physical or logical (LAG interface) level

Unicast and multicast routing protocol can only be configured on RVI


and NNG interfaces

 Host device requires Layer 3 adjacency?


If host needs to peer to QFabric, then host must be connected to NNG
If host needs to peer to another device (such as an external router) then
no restriction on connection
QFabric will pass routing protocol packets; it will just not allow a routing
protocol to NNG from any xSNG

 NNG
Members are not restricted to location
All NNG members do not have to be next to each other; members can be
in different parts of the data center
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 66

Layer 3
A Layer 3 interface can be configured on the NNG, both at the physical and logical (LAG interface) levels. Unicast and
multicast routing protocols can only be enabled on RVI and NNG interfaces. If a host has a routing protocol enabled
and needs to establish an adjacency to the RVI, then this device needs to be connected to the NNG. If the host needs
to establish an adjacency to an external device, such as an MX Series or SRX Series device, then the host can be
connected to any node-group device, such as an SNG or RSNG. The routing protocol packets will be forwarded
through QFabric, but not up to the QFabric interface. NNGs are not bound to a physical location, they can be in
different areas. Therefore, they can be dispersed throughout the data center where multiple servers that require SNG
connections can be aggregated.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

69

QFX3000-M Technical Overview

Slide 67

Routed VLAN Interface


 RVIs are logical Layer 3 interfaces that perform
gateway services for hosts within VLANs
MX
Series

MPLS/
VPN

Internet

L3
RVI

L2

NO SRX Service

RVI

SRX
Series

Engineering

Marketing

Servers
2014 Juniper Networks, Inc. All rights reserved.

Storage
CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 67

Routed VLAN Interface


As mentioned earlier, routed interfaces can either be RVI or Layer 3 ports on the NNG.
An RVI is a logical Layer 3 VLAN interface used to route traffic between VLANs. RVIs often serve as the gateway IP
address for host devices on the subnet associated with the corresponding VLAN. RVIs, along with all other Layer 3
interfaces on a QFabric system, are associated with the NNG.
As illustrated in the example on the slide, the engineering and marketing VLANs do not need firewall service from the
SRX Series devices, and therefore the gateway or the RVI for those two VLANs is on the QFabric.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

70

QFX3000-M Technical Overview

Slide 68

QFabric Layer 3 Configuration


EX Series configuration
Physical interface

QFabric configuration
Physical interface
node32:xe-0/0/47 {
unit 0 {
family inet {
address 10.1.1.254/24;
}
}
}

xe-0/0/47 {
unit 0 {
family inet {
address 10.1.1.254/24;
}
}
}

RVI

RVI
vlan {
unit 1 {
family inet {
address 10.1.1.1/24;
}
}
}
default {
vlan-id 1;
l3-interface vlan.1;

vlan {
unit 1 {
family inet {
address 10.1.1.1/24;
}
}
}
default {
vlan-id 1;
l3-interface vlan.1;

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 68

QFabric Layer 3 Configuration


The slide provides configuration examples for both Layer 3 physical interfaces and RVIs. Note that, except for the
additional level of the interface naming convention used on QFabric, the syntax is identical to that used for EX Series
switches.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

71

QFX3000-M Technical Overview

Slide 69

Layer 3 LAG Configuration


interfaces {
interface-range nng-ae0 {
member "LC0:xe-0/0/[0-1]";
member "LC1:xe-0/0/[0-1]";
member "LC2:xe-0/0/[0-1]";
ether-options {
802.3ad NW-NG-0:ae0;
}
}
NW-NG-0:ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 192.168.0.2/30;
}
}
}
vlan {
unit 1100 {
family inet {
address 10.84.100.1/24;
}
}
unit 1101 {
family inet {
address 10.85.100.1/24;
}
}
}
}
{
v1100 {
vlan-id 1100;
l3-interface vlan.1100;
}
v1101 {
vlan-id 1101;
l3-interface vlan.1101;
}

1
5

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 69

Layer 3 LAG Configuration


In the previous section, we introduced and illustrated the configuration of LAGs. This slide provides a configuration
example for a Layer 3 LAG. While much of this configuration example matches that shown in the previous section, you
should note that this LAG configuration example uses the protocol family inet.
As with RVIs and any other Layer 3 interface, Layer 3 LAGs must be associated with the NNG. As noted on the slide,
Layer 3 LAGs can use only a single unit and that unit number must be zero.
Similar to Layer 2 LAGs, there are two typical LAG deployments for Layer 3 same member and cross member.
With same member LAGs, all of the LAG child members are terminated on the same QFabric Node. With cross
member LAGs, child member LAGs are split between node group members. The example on the slide illustrates
across member LAG configuration.
Use the following steps to configure a Layer 3 LAG:
Define the Layer 2 configuration including VLAN
Assign interfaces to the LAG interface
Configure the LAG interface and assign it an IP address
Configure RVI for the VLAN, and
Bind the RVI interface to the VLAN
Note that, in this example, we showed the RVI configuration for two VLANs 1100 and 1101.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

72

QFX3000-M Technical Overview

Slide 70

RVI Interface Verification (1 of 2)


root@qfabric> show interfaces row21-rack1:xe-0/0/0
Physical interface: row1-rack4:xe-0/0/0, Enabled, Physical link is Up
Interface index: 131, SNMP ifIndex: 1311224
Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, Duplex: Full-Duplex,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Disabled
Interface flags: Internal: 0x4000
CoS queues
: 12 supported, 12 maximum usable queues
Current address: 84:18:88:d5:e7:0c, Hardware address: 84:18:88:d5:e7:0c
Last flapped
: 2011-09-07 12:53:59 UTC (00:21:30 ago)
Input rate
: 0 bps (0 pps)
Output rate
: 0 bps (0 pps)
Logical interface row21-rack1:xe-0/0/0.0 (Index 86) (SNMP ifIndex 1311280)
Flags: 0x4000 Encapsulation: ENET2
Input packets : 0
Output packets: 1
Protocol inet, MTU: 1500
Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 70

RVI Interface Verification: Part 1


The sample output for a show interfaces command illustrated on this slide includes an RVI.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

73

QFX3000-M Technical Overview

Slide 71

RVI Interface Verification (1 of 2)


root@qfabric> show interfaces terse vlan
Interface
Admin
Link
Proto
vlan
up
up
vlan.50
up
up
inet
vlan.51
up
up
inet

Local

Remote

172.25.50.1/24
172.25.51.1/24

root@qfabric# run show ethernet-switching interfaces


Interface
State
VLAN members
Tag Tagging
NW-NG-0:ae0.0 up
v50
50 tagged
v51
51 tagged
Node-0:ge-0/0/12.0 up
v50
50 untagged
Node-1:ge-0/0/12.0 up
v51
51 untagged

Blocking
unblocked
unblocked
unblocked
unblocked

Note that RVIs become active only when an operational Layer 2 interface
is associated with the VLAN to which the RVI is applied.
root@qfabric> show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.25.25.25/32
*[Direct/0] 00:33:35
via NW-NG-0:lo0.0
172.25.50.1/32
*[Local/0] 00:33:35
Local via NW-NG-0:vlan.50
172.25.51.1/32
*[Direct/0] 00:33:34
via NW-NG-0:vlan.51
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 71

RVI Interface Verification: Part 2


The slide illustrates sample output from the commands used to verify the state of RVIs. The show interfaces terse
vlan command is used to verify the state or the defined RVIs. Use the show ethernet-switching interfaces
command to verify the status of the interfaces. Note that RVIs become active only when an operational Layer 2
interface is associated with the VLAN to which the RVI is applied.
Also on the slide, we show the route table using the show route command. Just like other Junos OS devices, once
interfaces are configured on the system, the corresponding routes (Direct and Local routes as shown in the sample
output on the slide) are added to the route table.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

74

QFX3000-M Technical Overview

Slide 72

Static Route
The QFabric system supports the manual
creation of static routes as well as some
dynamic routing protocols.

routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.0.1;
}
}

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 72

Static Route
To allow routing to remote networks for the QFabric system and its attached devices, the route table will need route
entries for those remote destination networks or a default route. The QFabric system supports the manual creation of
static routes as well as some dynamic routing protocols.
This slide shows a sample default route configuration that directs all outbound traffic to remote destination networks.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

75

QFX3000-M Technical Overview

Slide 73

OSPF
protocols {
ospf {
area 0.0.0.0 {
interface vlan.1100;
interface vlan.1101;
interface NW-NG-0:ae0.0;
}
}
}

 For stub network, configure VLANs into different


areas and define the area as a stub
root@qfabric# set protocols ospf area 0.0.0.1 stub no-summaries

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 73

OSPF
Depending on your deployment and design requirements, it might be best to use a dynamic routing protocol instead of
static routes. The QFabric system supports OSPF and BGP for these situations. The syntax used to configure these
protocols on a QFabric system is the same syntax used on other Junos OS devices, such as the MX Series and SRX
Series devices. OSPF is used for the dynamic routing protocol example shown on this slide.
For OSPF or any routing protocol, the configuration is done under the [protocols] stanza. In the configuration
example on this slide, all of the subnets are in the same area. A better design practice is to configure stub area for the
VLANs. Stub configuration follows the standard Junos OS configuration.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

76

QFX3000-M Technical Overview

Slide 74

VRF-Lite
To WAN Edge

SRX5800_A

SRX5800_B
VLAN 500, 1001, 1003, 1005
VLAN 600. 1000, 1002, 1004
VLAN 1000
VLAN 1001

2014 Juniper Networks, Inc. All rights reserved.

routing-instances {
VR-BLUE {
instance-type virtual-router;
interface vlan.1001;
interface vlan.1003;
interface vlan.1005;
protocols {
ospf {
area 0.0.0.0 {
interface all;
}
}
}
}
VR-RED {
instance-type virtual-router;
interface vlan.1000;
interface vlan.1002;
interface vlan.1004;
protocols {
ospf {
area 0.0.0.0 {
interface all;
}
}
}
}
}

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 74

VRF-Lite
QFabric supports a version of VPN routing and forwarding (VRF) called VRF-Lite. In the example on this slide, there
are two red and blue. Blue has the odd VLANs and red the even VLANs. The VLAN tables are separate and thus
allow overlapping IP addresses. If route-leaking is required, then an external loopback cable is required.
The example on this slide shows the connection of two SRX Series devices in a one-arm configuration. Packets are
either routed or switched to the SRX Series devices for security services. Currently the VRF-Lite implementation does
not support route-leaking.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

77

QFX3000-M Technical Overview

Slide 75

Lab 3 QFX3000-M Layer 3


Configuration
 Load a known good starting configuration on your QFabric system
 Configure and monitor Layer 3 interfaces
 Configure and monitor Layer 3 routing

https://virtuallabs.juniper.net/

Upon completing the lab, return to this presentation


and click the Play button ( ) to proceed.
2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 75

Lab 3 QFX3000-M Layer 3 Configuration


This lab demonstrates some configuration and monitoring tasks associated with Layer 3 features on a QFabric
system.
In this lab, you will:
Load a known good starting configuration on your QFabric system,
Configure and monitor Layer 3 interfaces, and
Configure and monitor Layer 3 routing
At this point, you should return to the Virtual Lab session you opened previously and complete the lab portion of this
section. When you are finished, return to this presentation and continue.
Enter Virtual Lab:
https://virtuallabs.juniper.net/

Course SSQFAB03A-ML5

Juniper Networks, Inc.

78

QFX3000-M Technical Overview

Slide 76

Section Summary
 In this section, we:

Discussed Layer 3 implementation


Discussed RVI configuration and verification
Discussed static route support on QFabric systems
Described QFabric OSPF support
Described QFabric VRF-Lite support

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 76

In this section, we:


Discussed Layer 3 implementation
Discussed RVI configuration and verification
Discussed static route support on QFabric systems
Described QFabric OSPF support, and
Described QFabric VRF-Lite support

Course SSQFAB03A-ML5

Juniper Networks, Inc.

79

QFX3000-M Technical Overview

Slide 77

Learning Activity 3: Question 1


 True or false: RVIs become active only when an
operational Layer 2 interface is associated with the
VLAN to which the RVI is applied.
A) True
B) False

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 77

Learning Activity 3: Question 1

Course SSQFAB03A-ML5

Juniper Networks, Inc.

80

QFX3000-M Technical Overview

Slide 77

Learning Activity 3: Question 2


 Which three of the following must be associated
with the NNG? (Select three.)
A) RVIs
B) VRRPs
C) Layer 3 interfaces
D) Layer 3 LAGS

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 77

Learning Activity 3: Question 2

Course SSQFAB03A-ML5

Juniper Networks, Inc.

81

QFX3000-M Technical Overview

Slide 78

Course Summary
 In this course, we:
Described the initial setup and configuration of a
QFX3000-M QFabric system
Described the Layer 2 features, configuration, and
monitoring of a QFX3000-M QFabric system
Described the Layer 3 features, configuration, and
monitoring of a QFX3000-M QFabric system

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 78

In this course, we:


Described the initial setup and configuration of a QFX3000-M QFabric system
Described the Layer 2 features, configuration and monitoring of a QFX3000-M QFabric system, and
Described the Layer 3 features, configuration and monitoring of a QFX3000-M QFabric system

Course SSQFAB03A-ML5

Juniper Networks, Inc.

82

QFX3000-M Technical Overview

Slide 79

Additional Resources
 Education Services training classes:
http://www.juniper.net/training/technical_education/

 Juniper Networks Certification Program Web site:


www.juniper.net/certification

 Juniper Networks documentation and white papers:


www.juniper.net/techpubs

 To submit errata or for general questions:


elearning@juniper.net

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 79

For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

83

QFX3000-M Technical Overview

Slide 80

Evaluation and Survey


 You have reached the end of this Juniper Networks
eLearning module
 You should now return to your Juniper Learning
Center to take the assessment and the student
survey
After successfully completing the assessment, you will
earn credits that will be recognized through certificates
and non-monetary rewards
The survey will allow you to give feedback on
the quality and usefulness of the course

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 80

You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper
Learning Center to take the assessment and the student survey. After successfully completing the assessment, you
will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to
give feedback on the quality and usefulness of the course.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

84

QFX3000-M Technical Overview

Slide 81

2014 Juniper Networks, Inc.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and


ScreenOS are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. The Juniper Networks
Logo, the Junos logo, and JunosE are trademarks of Juniper
Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their
respective owners. Juniper Networks reserves the right to change,
modify, transfer, or otherwise revise this publication without notice.

2014 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SSQFAB03A-ML5

www.juniper.net | 81

Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen and
ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JunosE is a
trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks or registered service
marks are the property of their respective owners. Juniper Networks reserves the right to change, modify, transfer or
otherwise revise this publication without notice.

Course SSQFAB03A-ML5

Juniper Networks, Inc.

85

QFX3000-M Technical Overview

Slide 82

CONFIDENTIAL

Course SSQFAB03A-ML5

Juniper Networks, Inc.

86

e d u c a t io n se r v ic e s c o u rse w a re

Co rp o rat e and Sales Head q uart ers

APAC Head q uart ers

EM EA Head q ua rt ers

Junip er Net w orks, Inc.


119 4 Nort h Mat hild a Avenue
Sunnyvale, CA 9 4 0 8 9 USA
Phone: 8 8 8 .JUNIPER
( 8 8 8 .5 8 6 .4737)
or 4 0 8 .74 5 .20 0 0
Fax: 4 0 8 .74 5.210 0
w w w.junip er.net

Junip er Net w orks ( Ho ng Kong)


26 / F, Cit yp laza One
1111 Kings Ro ad
Taikoo Shing, Ho ng Kong
Phone: 8 5 2.2332.36 36
Fax: 8 5 2.2574 .78 0 3

Junip er Net w orks Ireland


Airsid e Business Park
Sw ord s, Co unt y Dub l in, Ireland
Phone: 35 .31.8 9 0 3.6 0 0
EMEA Sales: 0 0 8 0 0 .4 58 6 .4737
Fax: 35 .31.8 9 0 3.6 0 1

Copyright 20 10 Junip er Net w orks, Inc.


All right s reserved. Junip er Net w o rks,
t he Junip er Net w orks lo go, Juno s,
Net Screen, and ScreenOS are regist ered
t rad em arks of Junip er Net w o rks, Inc. in
t he Unit ed St at es and ot her count ries.
All o t her t rad em arks, service m arks,
regist ered m arks, or regist ered service
m arks are t he p ro p ert y of t heir
resp ect ive ow ners. Junip er Net w orks
assum es no resp o nsib ilit y f or any
inaccuracies in t his d o cum ent . Junip er
Net w orks reserves t he right t o change,
m o d if y, t ransf er, o r ot herw ise revise t his
p ub l icat ion w it hout not ice.