Juniper 5.0 Apstra Intent Based Networking User Guide

Juniper 5.0 Apstra Intent Based Networking

Specifications

Product Usage Instructions

Install Apstra Server

1. Download the latest OVA Apstra VM image from Juniper Support Downloads as a registered support user.
2. Log in to vCenter, right-click your target deployment environment, then click Deploy OVF Template.
3. Specify the URL or local file location for the downloaded OVA file and proceed with the deployment steps.
4. Map the Apstra Management network to enable it to reach the virtual networks that the Apstra server will manage.

Configure Apstra Server

1. Log in to the Apstra server with the default credentials (user: admin, password: admin) either from the web console or via SSH.
2. Change the default password to a secure one that meets complexity requirements.

FAQ

• Q: What are the resource requirements for the Apstra server VM?
  A: The Apstra server VM requires at least 64 GB RAM, 8 vCPU, 80 GB disk space, and a network adapter configured with DHCP. It should be running VMware ESXi version 5.5 or later.

• Q: How can I back up the Apstra server?
  A: It is recommended to back up the Apstra server on a regular basis. For backup details, refer to the Apstra Server Management section of the Juniper Apstra User Guide.

Quick Start

Juniper Apstra 5.0 Quick Start

Step 1: Begin

In this guide, we provide a simple, three-step path, to quickly get you up and running with Juniper Apstra. We’ll show you how to install and configure Apstra software release 5.0 onto a VMware ESXi hypervisor. From the Apstra GUI, we’ll walk through the elements used to create a new user with administrator privileges. Depending on the complexity of your design, other tasks may be required in addition to the ones included in this workflow.

Meet Juniper Apstra
Juniper Apstra automates and validates the design, deployment, and operations of your data center network. Once you specify the outcomes you want Apstra will set up the network, assure that it’s secure and runs as intended, alert you to anomalies, and manage changes and maintenance. Juniper Apstra intent- based software automates and validates your data center network design, deployment, and operations across a wide range of vendors. With support for nearly any network topology and domain, Apstra delivers built-in design templates for creating repeatable, continuously validated blueprints. It leverages advanced intent-based analytics to continually validate the network, thereby eliminating complexity, vulnerabilities, and outages resulting in a secure and resilient network.

Get Ready
Apstra software comes pre-installed on a single virtual machine (VM).
For information about supported hypervisiors, see Supported Hypervisors and Versions.
You’ll need a server that meets the following specifications:

For more information about Apstra server VM resource requirements, see Required Server Resources.

Install Apstra Server

These instructions are for installing Apstra software on an ESXi hypervisor. For information about installing Apstra software on other hypervisors, see Install Apstra on KVM, Install Apstra on Hyper-V, or Install Apstra on VirtualBox.
You will first download the Apstra VM image file and then deply it on the VM.

1. As a registered support user, download the latest OVA Apstra VM image from Juniper Support Downloads.
2. Log in to vCenter, right-click your target deployment environment, then click Deploy OVF Template.
3. Specify the URL or local file location for the downloaded OVA file, then click Next.
4. Specify a unique name and target location for the VM, then click Next.
5. Select your destination compute resource, then click Next.
6. Review template details, then click Next.
7. Select storage for the files, then click Next. We recommend thick provisioning for the Apstra server.
8. Map the Apstra Management network to enable it to reach the virtual networks that the Apstra server will manage, then click Next.
9. Review your specifications, then click Finish.

Configure Apstra Server
These instructions are for configuring Apstra version 5.0. For information about configuring prior versions of the Apstra software, see Configure Apstra Server and search for the desired Apstra version.

1. Log in to the Apstra server with the default credentials (user: admin, password: admin) either from the web console or via SSH (ssh admin@ where is the IP address of the Apstra server.) You must change the default password before you can proceed.
2. Enter a password that meets the following complexity requirements, then enter it again:
   • Must contain at least 14 characters
   • Must contain an uppercase letter
   • Must contain a lowercase letter
   • Must contain a digit
   • Must contain a special character
   • Must NOT be the same as the username
   • Must NOT contain a repeat of the same character
   • Must NOT contain consecutive sequential characters
   • Must NOT use adjacent keys on the keyboard
3. When you’ve successfully changed the Apstra server password a dialog opens prompting you to set the Apstra GUI password. You won’t be able to access the Apstra GUI until you set this password. Select Yes and enter a password that meets the following complexity requirements, then enter it again:
   • Must contain at least 9 characters
   • Must contain an uppercase letter
   • Must contain a lowercase letter
   • Must contain a digit
   • Must contain a special character
   • Must NOT be the same as the username
   • Must NOT contain a repeat of the same character
   • Must NOT contain consecutive sequential characters
   • Must NOT use adjacent keys on the keyboard
4. A dialog appears stating “Success! Apstra UI password is changed.” Select OK.
5. The configuration tool menu appears.
   • (Static Management) IP address in CIDR format with netmask (for example, 192.168.0.10/24)
   • Gateway IP address
   • Primary DNS
   • Secondary DNS (optional)
   • Domain
6. Apstra service is stopped by default. To start and stop Apstra service, select AOS service and select Start or Stop, as appropriate. Starting service from this configuration tool invokes /etc/init.d/aos, which is the equivalent of running the command service aos start.
7. To exit the configuration tool and return to the CLI, select Cancel from the main menu. (To open this tool again in the future, run the command aos_config.)

You’re ready to Replace the SSL Certificate on Apstra server with a signed one.

CAUTION: We recommend that you back up the Apstra server on a regular basis (since HA is not available). For backup details, see the Apstra Server Management section of the Juniper Apstra User Guide.

Step 2: Up and Running

Access the Apstra GUI

1. From the latest web browser version of Google Chrome or Mozilla FireFox, enter the URL https:// where is the IP address of the Apstra server (or a DNS name that resolves to the IP address of the Apstra server).
2. If a security warning appears, click Advanced and Proceed to the site. The warning occurs because the SSL certificate that was generated during installation is self-signed. We recommend that you replace the SSL certificate with a signed one.
3. From the log in page, enter the username and password. The username is admin and the password is the secure password that you created when configuring the Apstra server. The main Apstra GUI screen appears.

Design Your Network
The Apstra design process is highly intuitive because you base your design on physical building blocks such as ports, devices, and racks. When you create these building blocks and specify what ports are used, Apstra has all the information it needs to come up with a reference design for your fabric. Once your design elements, devices and resources are ready, you can start staging your network in a blueprint.

Apstra Design Elements

At first, you design your fabric using generic building blocks that don’t have site-specific details or site-specific hardware. The output becomes a template that you later use in the build stage to create blueprints for all your data center locations. You’ll use different design elements to build your network in a blueprint. Keep reading to learn about these elements.

Logical Devices
Logical devices are abstractions of physical devices. Logical devices allow you to create a mapping of the ports you want to use, their speed, and their roles. Vendor-specific information is not included; this lets you plan your network based on device capabilities alone before selecting hardware vendors and models. Logical devices are used in interface maps, rack types and rack- based templates.
Apstra ships with many predefined logical devices. You can view them through the logical devices design (global) catalog. From the left navigation menu, navigate to Design > Logical Devices. Go through the table to find ones that meet your specifications.

Interface Maps
Interface maps link logical devices to device profiles. Device profiles specify hardware model characteristics. By the time you check the design (global) catalog for interface maps, you’ll need to know which models you’ll be using. You assign interface maps when you build your network in the blueprint.
Apstra ships with many predefined interface maps. You can view them through the interface maps design (global) catalog. From the left navigation menu, navigate to Design > Interface Maps. Go through the table to find ones that match your devices.

Rack Types
Rack types are logical representations of physical racks. They define the type and number of leafs, access switches and/or generic systems (unmanaged systems) in racks. Rack types don’t specify vendors, so you can design your racks before selecting hardware.
Apstra ships with many predefined rack types. You can view them in the rack type design (global) catalog: From the left navigation menu, navigate to Design > Rack Types. Go through the table to find ones that match your design.

Templates
Templates specify a network’s policy and structure. Policies can include ASN allocation schemes for spines, overlay control protocol, spine-to-leaf link underlay type and other details. The structure includes rack types, spine details and more.
Apstra ships with many predefined templates. You can view them in the template design (global) catalog. From the left navigation menu, navigate to Design > Templates. Go through the table to find ones that match your design.

Install Device System Agents
Device system agents manage devices in the Apstra environment. They manage configuration, device-to-server communication, and telemetry collection. We’ll use Juniper Junos devices with off-box agents for our example.

1. Before creating the agent, install the following minimum required configuration on the Juniper Junos devices:

   • system {

   • login {

   • user aosadmin {

   • uid 2000;

   • class super-user;

   • authentication {

   • encrypted-password “xxxxx”;

   • }

   • }

   • }

   • services {

   • ssh;

   • netconf {

   • ssh;

   • }

   • }

   • management-instance;

   • }

   • interfaces {

   • em0 {

   • unit 0 {

   • family inet {

   • address

     /;

   • }

   • }

   • }
     }

   • 12

   • routing-instances {

   • mgmt_junos {

   • routing-options {

   • static {

   • route 0.0.0.0/0 next-hop ;

   • }

   • }

   • }

   • }

2. From the left navigation menu in the Apstra GUI, navigate to Devices > Managed Devices and click Create Offbox Agent(s).

3. Enter device management IP addresses.

4. Select FULL CONTROL, then select Junos from the platform drop-down list.

5. Enter a username and password.

6. Click Create to create the agent and return to the managed devices summary view.

7. Select the check boxes for the devices, then click the Acknowledge selected systems button (first one on the left).

8. Click Confirm. The fields in the Acknowledged column change to green check marks indicating that those devices are now under Apstra management. You’ll assign them to your blueprint later.

Create Resource Pools
You can create resource pools, then when you’re staging your blueprint and you’re ready to assign resources, you can specify which pool to use. Apstra will pull resources from the selected pool. You can create resource pools for ASNs, IPv4, IPv6 and VNIs. We’ll show you the steps for creating IP pools. The steps for the other resource types are similar.

1. From the left navigation menu, navigate to Resources > IP Pools and click Create IP Pool.
2. Enter a name and valid subnet. To add another subnet, click Add a Subnet and enter the subnet.
3. Click Create to create the resource pool and return to the summary view.

Build Your Network
When you’ve got your design elements, devices and resources ready, you can start staging your network in a blueprint. Let’s create one now.

Create a Blueprint

1. From the left navigation menu, click Blueprints, then click Create Blueprint.
2. Type a name for the blueprint.
3. Select Datacenter reference design.
4. Select a template type (all, rack-based, pod-based, collapsed).
5. Select a template from the Template drop-down list. A preview shows template parameters, a topology preview, network structure, external connectivity, and policies.
6. Click Create to create the blueprint and return to the blueprint summary view. The summary view shows the overall status and health of your network. When you meet all the requirements for building the network, the build errors are resolved and you can deploy the network. We’ll start by assigning resources.

Assign Resources

1. From the blueprint summary view, click the blueprint name to go to the blueprint dashboard. After you deploy your blueprint, this dashboard will show details about the status and health of your networks.
2. From the top navigation menu of the blueprint, click Staged. This is where you’ll build your network. The Physical view appears by default, and the Resources tab in the Build panel is selected. Red status indicators mean that you need to assign resources.
3. Click one of the red status indicators, then click the Update assignments button.
4. Select a resource pool (that you created earlier), then click the Save button. The required number of resources are automatically assigned to the resource group from the selected pool. When the red status indicator turns green, the resources are assigned. Changes to the staged blueprint aren’t pushed to the fabric until you commit your changes. We’ll do that when we’re done building the network.
5. Continue assigning resources until all status indicators are green.

Assign Interface Maps
Now it’s time to specify the characteristics for each of your nodes in the topology. You’ll assign the actual devices in the next section.

1. In the Build panel, click the Device Profiles tab.
2. Click a red status indicator, then click the Change interface maps assignments button (looks like an edit button).
3. Select the appropriate interface map for each node from the drop-down list, then click Update Assignments. When the red status indicator turns green, the interface maps have been assigned.
4. Continue assigning interface maps until all the required status indicators are green.

Assign Devices

1. In the Build panel, click the Devices tab.
2. Click the status indicator for Assigned System IDs (if the nodes list is not already displayed). Unassigned devices are indicated in yellow.
3. Click the Change System IDs assignments button (below Assigned System IDs) and, for each node, select system IDs (serial numbers) from the drop-down list.
4. Click Update Assignments. When the red status indicator turns green, system IDs have been assigned.

Cable Up Devices

1. Click Links (towards the left of the screen) to go to the cabling map.
2. Review the calculated cabling map and cable up the physical devices according to the map. If you have a set of pre- cabled switches, ensure that you have configured interface maps according to the actual cabling so that calculated cabling matches the actual cabling.

Deploy the Network

When you’ve assigned everything that needs to be assigned and the blueprint is error-free, all status indicators are green. Let’s deploy the blueprint to push the configuration to the assigned devices.

1. From the top navigation menu, click Uncommitted to review staged changes. To see details of changes, click one of the names in the table.
2. Click Commit to go to the dialog where you can add a description and commit changes.
3. Add a description. When you need to roll back a blueprint to a previous revision, this description is the only information available regarding what has changed.
4. Click Commit to push the staged changes to the active blueprint and create a revision.

Congratulations! Your physical network is up and running.

Step 3: Keep Going

Congratulations! You’ve designed, built, and deployed your physical network with Apstra software. Here are some things you can do next:

What’s Next?

with Apstra – Quick](https://www.juniper.net/documentation/us/en/quick- start/software/apstra4.2/apstra-datacenter-switches/topics/topic- map/step-1-begin.html) Start
Replace the SSL certificate with a secure one| See the Juniper Apstra Installation and Upgrade Guide
Configure user access with user profiles and roles| See the User/Role Management Introduction section in the Juniper Apstra User Guide
Build your virtual environment with virtual networks and routing zones| See the Create Virtual Networks section in the Juniper Apstra User Guide
Learn about Apstra telemetry services and how you can extend them| See the Services section under Telemetry in the Juniper Apstra User Guide
Learn how to leverage Intent-Based Analytics (IBA) with apstra- cli| See Intent-Based Analytics with apstra-cli Utility in the Juniper Apstra User Guide

General Information

](https://www.juniper.net/documentation/product/us/en/apstra/)documentation
Stay up-to-date about new and changed features and known and resolved issues in Apstra 5.0| See release notes.

Learn With Videos
Our video library continues to grow! We’ve created many videos that demonstrate how to do everything from install your hardware to configure advanced network features. Here are some great video and training resources that will help you expand your knowledge of Apstra and other Juniper products.

Watch short demos to learn how to use Juniper Apstra to automate and validate the design, deployment, and operation of data center networks, from Day 0 through Day 2+.| See Juniper Apstra Demos and Juniper Apstra Data Center videos on Juniper Networks Product Innovation YouTube page
Get short and concise tips and instructions that provide quick answers, clarity, and insight into specific features and functions of Juniper technologies| See Learning with Juniper on Juniper Networks main YouTube page
View a list of the many free technical trainings we offer at Juniper| Visit the Getting Started page on the Juniper Learning Portal

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Copyright © 2024 Juniper Networks, Inc. All rights reserved. Rev. 1.0, July 2021.

References

• Downloads
• CEC Juniper Community
• Juniper Apstra Documentation | Juniper Networks
• Apstra 4.2 | Quick Start | Step 1: Begin | Juniper Networks
• Configure Apstra Server | Apstra 4.2 | Juniper Networks
• Replace SSL Certificate on Apstra Server with Signed One | Apstra 5.0 | Juniper Networks
• Supported Hypervisors and Versions | Apstra 5.0 | Juniper Networks
• Required Server Resources | Apstra 5.0 | Juniper Networks
• Install Apstra on Hyper-V | Apstra 5.0 | Juniper Networks
• Install Apstra on VirtualBox | Apstra 5.0 | Juniper Networks
• Services | Apstra 5.0 | Juniper Networks
• User / Role Management Introduction | Apstra 5.0 | Juniper Networks
• Intent-Based Analytics with apstra-cli Utility | Apstra 5.0 | Juniper Networks
• Create Virtual Network | Apstra 5.0 | Juniper Networks

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>