If you deploy new network equipment outside of the CNaaS service but still want to maintain compatability with the CNaaS design for possible future integrations you can use these guidelines to get  you as close as possible to a compatible design.

Requirements core/dist:

  1. VXLAN/EVPN fabric between core/dist (leaf/spine) devices, IPv4 routed/L3 point-to-point links between core/dist
  2. Each dist/core device has two loopbacks, one in global/main VRF used for EVPN peering ("infra loopback") and one loopback in a dedicated management VRF ("management loopback")
  3. Core devices are only used for connecting distribution switches. External connectivity, firewalls etc are all connected to dist switches (possibly dedicated border dist)
  4. Deploy dist switches in pairs, with access switches connected redundantly to two dist switches
  5. Mature API for management and monitoring (Netconf, SNMP etc)

Optional core/dist:

  1. Each core/dist device in a separate private 4-byte AS, eBGP IPv4 peering to all neighbors. EVPN peering from all dist infra loopback to core infra loopback, core acts as route-reflector (possibly OSPF or IS-IS for underlay)
  2. EVPN ESI LAG from dist pair towards access switch for redundancy (possibly multi-chassis/vPC for redundancy)

Requirements access:

  1. VLAN tagging
  2. 802.1X and MAB
  3. Mature API for management and monitoring (Netconf, SNMP etc)

You can have a look at specific configuration examples in our Jinja2 CLI templates: https://github.com/SUNET/cnaas-nms-templates

Known compatible hardware configurations for core/dist layers:

Special considerations for non-standard design:

If using JunOS with only two dist switches (no core layer) you should disable isolation to get working redundancy: https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/evpn-vxlan-core-isolation-disabling.html