Lab Guide 1 - Juniper

Day 2 Operations: Network Segmentation

Scenario: Creating Network Isolation for the Big Data Analytics Service

Now that we’ve expanded our physical capacity by adding a new rack, the next step is to create logical network isolation for our Big Data Analytics service. This isolation ensures that the analytics platform has its own routing domain, separate from other services running in the data centre.

In Apstra, this isolation is achieved using Routing Zones (also known as VRFs in traditional networking terms).

Task: Create a New Routing Zone

Reflection Point: In traditional networking, creating a new VRF would involve:

  • Planning the VRF configuration details (name, route distinguisher, route targets)

  • Configuring the VRF on each switch that needs it

  • Setting up import/export policies for route exchange

  • Ensuring consistency across all devices

This process is both time-consuming and error-prone, especially as the network scales.

Let’s see how simple this is with Apstra!

Step 1: Navigate to Routing Zones

  1. From the SE Demo blueprint, navigate to Staged  Staged  Virtual  Routing Zones

  2. Click Create Routing Zone

    Create Routing Zone

Step 2: Create the Routing Zone

  1. Enter a name for the routing zone: Analytics

    This is the only required field! Everything else is optional.

  2. Leave all other fields at their default values

    Routing Zone Details

  3. Click Save

Step 3: Resource Assignment

After creating the routing zone, Apstra will identify any resources that need to be assigned:

  1. If prompted, assign the EVPN L3 VNIs pool for the routing zone

    Apstra automatically manages the assignment of VNIs (Virtual Network Identifiers) from the pool already selected Routing Zone Details

  2. Click Save

  3. Your new routing zone will now be listed in the Routing Zones table

Step 4: Understanding What Just Happened

Before you commit on your blueprint, let’s examine how Apstra has automated the complete configuration of your devices:

  1. Navigate to Staged > Physical > Devices

  2. Select one of your leaf switches by clicking on it Incrimental Configuration Tab

  3. Click on the Incrimental Configuration tab Incrimental Configuration Tab Incrimental Configuration Tab

    While this process seemed incredibly simple from your perspective (just enter a name!), Apstra has actually handled numerous complex configurations behind the scenes:

    • Created a unique VRF (Virtual Routing and Forwarding instance) for the Analytics service

    • Assigned a route distinguisher for EVPN route differentiation

    • Applied default routing policies from the ones that ship with the product

    • Selected appropriate route targets for import/export

    • Prepared configurations for all devices that will need this VRF

Apstra’s intent-based approach means you only need to express what you want (a new routing zone called "Analytics"), and the system takes care of how to implement it properly across your network.

But the incremental config is empty?

An important concept to understand is that Apstra deploys resources only where they’re needed:

Key Insight: A VRF (routing zone) is only deployed to a switch when a virtual network in that VRF is configured on that switch. Otherwise, the VRF isn’t configured on that device.

This means:

  • You can create many routing zones without consuming resources on every device

  • Adding a virtual network to a new rack automatically brings the associated routing zone to that rack

  • Resources are efficiently used across your network

Step 5: Review and Commit Your Changes

  1. Click the Uncommitted tab to see your staged changes

    Take a moment to review what Apstra is preparing to configure

  2. After reviewing, enter a commit message like "Added Analytics routing zone" and click Commit

What You’ve Accomplished

In less than a minute, you’ve:

  1. Created a new routing zone (VRF) for your Analytics service

  2. Automatically applied industry best practices for VRF configuration

  3. Prepared the foundation for creating virtual networks within this isolated routing domain

In a traditional networking environment, this same task would require significant planning and configuration effort across multiple devices. With Apstra, you simply express your intent, and the system handles all the implementation details.

Next, we’ll create the virtual networks within this routing zone to support the different tiers of our Big Data Analytics platform.