Call a Specialist Today! 888-785-4380


Juniper Apstra
Reliable, Automated Operations

Juniper Products
Juniper Apstra
Juniper Apstra Standard
#Apstra-Standard
Get a Quote!
Juniper Apstra Advanced
#Apstra-Advanced
Get a Quote!
Juniper Apstra Premium
#Apstra-Premium
Get a Quote!

Overview

In this era of unprecedented change, people have changed how they work, live, and play. Digital transformation is underway everywhere, and data center traffic has increased at a rapid pace. To ensure business success, you need to adapt quickly to the changes coming all around you. To achieve that, Juniper® Apstra software transforms your data center network operations by providing simplicity, reliability, and multivendor support.

Juniper Apstra is a software-only, multi-vendor, intent-based networking solution that provides closed-loop automation and assurance to provide a complete fabric management solution.

Apstra translates business intent and technical objectives to essential policy and device-specific configuration, and it continuously self-validates and resolves issues to assure compliance. You specify the “what” (network topology, VLANs, desired capacity, redundancy requirements, access rules, and more), and Apstra delivers the “how.”

The Apstra software is installed as one or a set of virtual machines (VMs) to connect and manage devices via agents installed on or off the devices.

You can design your rack types and fabric network using Apstra templates. Details such as single/dual-homing of servers, collapsed/3-stage/5-stage style of fabric, Ethernet VPN (EVPN)/IP fabric, and IPv4/IPv6 underlay can be specified as part of the template type and options. Once the fabric template is completed, it can be instantiated into blueprints, each representing an actual physical network. The allocation of the managed devices and network resources (“build phase”) is done within the blueprints. As the blueprint is built, Apstra automatically produces the necessary configuration for devices, providing an abstraction layer across vendors. Apstra provides continuous validation against intent and policy assurance, and it identifies configuration drift in real time, confirming that security policies are enforced as intended. Once the user commits the changes, the incremental configuration is pushed to the Juniper, Cisco, Arista, or Dell-EMC devices.

Apstra manages the entire network life cycle, giving you the ability to easily expand and scale your network, as well as extract meaningful device telemetry. Apstra keeps your intent in check with the actual status of the network, providing you with actionable insights into your network to ensure that your goals are met.


Key Features

  • Intent-based network design and operations
  • Support for multivendor environments
  • Automated zero-touch deployment
  • Continuous validation
  • Intent Time Voyager for network rollback
  • Lifecycle network management
  • Advanced telemetry through intent-based analytics and root-cause identification
  • Cohesive security policy definition and enforcement
  • Support for modern network platforms in data centers of any scale, including edge data centers

Product Description

Juniper Apstra, a turnkey, multivendor automation solution, allows customers to design, build, deploy, and operate data center networks from a single pane of glass, simplifying and automating data center operations. Apstra provides a singular view into the relationships and interdependencies between millions of data center elements. With continuous real-time validation, Apstra enables you to instantly pinpoint and quickly resolve issues across all infrastructure silos, regardless of vendor or hardware.

Benefits


Reliable, Automated Operations

Automate network deployment and operations through validated and repeatable designs, along with predictive analysis and proactive alerts of deviations.

Simplicity and Flexibility

Manage workflows easily, even with minimal networking expertise, by automating manual tasks and eliminating vendor-specific configurations.

Enhanced Network Security

Track the origin of network changes and ensure granular enforcement where needed. You can use intent-based policy assurance, connectivity restrictions for multitenant environments, and enhanced role-based access control (RBAC) to create blueprint-specific roles.

Resource Efficiencies

Utilize IT resources efficiently with validated designs and automated and assured operations that use a single source of truth for knowledge retention and verify changes against intent.

Speed and Agility

Implement network changes faster with change control and validation, along with compliance auditing, for a scalable and versatile network. You’ll also significantly improve service delivery times, reduce mean time to resolution (MTTR), and shorten maintenance windows.

Features

Intent-Based Network Design and Operations

Intent-based data center automation increases application availability and reliability, simplifies deployment and operations, and dramatically reduces costs for enterprises, cloud service providers, and telco data centers. As the only intent-based networking technology to be hardware- and device OS-vendor agnostic, Apstra delivers on the vision of complete end-to-end data center automation, integrating capabilities such as group-based policies, enterprise scale, and significant intent-based analytics enhancements.

Life-Cycle Management for Data Center Networks

Typically, architects design the network and operators manage it, resulting in a breakdown in information sharing and the absence of a single source of truth (SSOT). Architects are not aware of changes made to the network, and operators are not fully informed of the capabilities and known limits of the system. Apstra eliminates these issues by creating an SSOT in the intent datastore and tracking all network moves, additions, and changes. Not only does Apstra track changes made to the network by other systems, but it also provides simple workflows for implementing changes across the entire network.

Advanced Telemetry—Intent-Based Analytics

Operators frequently find themselves drowning in telemetry data collected by their managed systems. Apstra’s intent-based analytics let you define expert-level rules and embed them into the network management system, ensuring that system checks are continuously running and updated immediately with any network changes.

Scalability in Small and Large Data Centers

Apstra was designed to handle the largest data centers in the world, supporting hundreds of thousands of connected servers. This is achieved through support for 3-stage or 5-stage Clos IP fabrics with EVPN-Virtual Extensible LAN (VXLAN) deployed as the overlay. Apstra also supports smaller fabric designs. In edge data centers, for example, only a couple of switches are deployed, but the number of deployments is large and highly distributed. Apstra can easily consolidate all operations across the edge data centers into a single management interface.

Intent Time Voyager

A key operational feature for any network operator is rapidly recovering from human error. This is typically a complex, vendor-specific process that requires a complete understanding of the full state of all boxes and their relationships to each other at certain points in time. The Intent Time Voyager feature speeds time to resolution by enabling the operator to move the entire state of the network (intent, configuration, and continuous validations) backward or forward with a few simple clicks, returning it to a specific point in time. This unique ability is enabled by its foundational intent-based approach, including its SSOT and assurance validations.

Data Center Interconnect

As networks expand and applications require greater geographic diversity, a number of vendor-specific proprietary features have been introduced to address stretched Layer 2 domains and active/active topologies. Apstra supports an industry-standard EVPN-VXLAN overlay that extends Layer 2 application segments outside of the Apstra-managed topology. This allows architects to integrate multiple disparate computing centers for effective load balancing, legacy migration, disaster recovery, or resource sharing.

Access List Policies Assurance

Apstra security policy provides a simple user interface and API that allows users to define policies to control the flow of traffic between virtual networks, IP endpoints, and routing zones. The policy is automatically applied as an L3 ACL on the relevant enforcement points, radically simplifying the management and reducing the size of access control lists. Furthermore, Apstra can detect conflicts when multiple policies are applied within a blueprint overlap and automatically resolve the conflicts based on user settings such as “more specific first“ or “more generic first“.

Support for All Modern Network Platforms

Apstra offers the industry’s first and only vendor-agnostic intent-based networking platform, allowing enterprises to design a network without consideration for the hardware platforms that will eventually be deployed. The tools used to design and manage the network are the same, regardless of which vendor hardware or network operating system is ultimately selected. This translates to a massive reduction in OpEx by eliminating the need to maintain staff expertise in multiple platforms and vendor nuances. There is also an opportunity to reduce CapEx by allowing all modern vendors to be considered for inclusion in an Apstra-managed environment.

VMware Integrations

Apstra tightly integrates with VMware NSX-T and VMware vCenter to provide network operators visibility into virtual workloads and networks. The built-in validation speeds up the troubleshooting of virtual networking, port-group/fabric VLAN/Link Aggregation Control Protocol (LACP) mismatch, and VM traffic issues. Remediation workflows help users resolve misconfiguration of VLANs faster by automatically suggesting the correct network fabric changes.

Flexible Connectivity

Apstra software offers flexible connectivity configuration options for servers, firewalls, and external routers. These connectivity options can be quickly attached to any port in the fabric, with deterministic configuration to ensure that all protocols are properly functioning. They leverage the Apstra graph model, providing integrated operational statistics and workflows tailored to the selected design.

At a Glance

Rethink Data Center Operations with Intent-Based Networking

Designing, deploying, and operating a data center network is no small task. Higher volumes of data traffic, more distributed applications and end users, and fewer resources are among the trends that leave networking teams scrambling to keep up with day-to-day demands. Creating and operating a modern data center network requires a new focus on business outcomes and the experience delivered to both network operators and, ultimately, end users. That’s where Juniper® Apstra software comes in.

Juniper Apstra employs an intent-based networking approach that lets you begin your design by specifying your desired business outcomes—that is, your intent. Based on that information, Apstra software’s advanced automation sets up the network, ensures that it runs as intended, alerts you when brownouts or deviations occur, and manages changes and maintenance—all with the click of a button. You simply specify the “what” and Apstra delivers the “how.”

Use a Single Management Platform from Day 0 Through Day 2

Apstra software provides a single management platform from which you can design, deploy, and operate your data center network. Your entire network is continuously validated against your intended outcome based on a single source of truth, giving you consistent data without the risk of siloed teams working with different information.

Make Sure Operations Run Smoothly and Consistently

Apstra software not only automates Day 2 operations but also provides pre-change analysis and continuous validation, ensuring that changes are done correctly the first time and are repeatable. Blueprints are used to collect all the information needed to operate your network based on your intent, and templates make it easy to create multiple blueprint designs with identical specifications. This allows you to set up new services quickly and reliably while making sure your network is consistent, secure, and resilient.

In addition, Apstra gives you visibility into the entire network, cutting through “data fog” with analytical probes and root cause identification. Apstra software also provides incident management, change management, and compliance and audit tracking, as well as maintenance-mode capabilities to shorten maintenance windows. An Intent Time Voyager feature stores configuration history, making it easy to revert to a previous network state all at once (even in a multivendor environment) if a change causes unexpected issues.

Avoid Vendor Lock-In with Apstra’s Multivendor Support

The Juniper Apstra intent-based networking solution supports the industry’s widest range of hardware and software vendors, including open standards-based offerings. That means when it’s time to deploy new services or modify your network, you’ll have the flexibility to choose the hardware and software that best meets your needs. Networking teams managing multivendor environments won’t need to waste time learning various automation tools; instead, they can focus on innovating to deliver even greater business success.

Start Your Automation Journey Today

As the demands of a data-driven world continue to soar, your operations must take center stage. Apstra intent-based networking software delivers the reliability, security, and simplicity you need to deliver a better networking experience.

Tier Comparison

Feature Standard Advanced Premium Connector for VMware
Network Design
3-stage and 5-stage Clos design
Collapsed fabric design (Edge data centers)
3-stage Clos with L2 access switches
High Availability switches at the access layer
Freeform design (any network design)
IPv4 fabric (non-EVPN)
IPv6 fabric RFC-5549 (non-EVPN)
EVPN fabric
Virtual routing and forwarding tables (VRFs)
L2/L3 virtual networks (IPv4/IPv6)
Intra-rack (VLAN), or inter-rack (VXLAN) virtual networks
Single or dual homing of external systems (MLAG/vPC/CLAG/ ESI)
L3 sub-interfaces
Dynamic Host Configuration Protocol (DHCP) relay
External BGP peering
Dynamic BGP neighbors
Granular import/export routing policies
Static routes
Remote EVPN gateways for L2/L3 Data Center Interconnect (DCI)
Mixed vendor fabrics (i.e. Fabrics with non-Juniper devices)
Device OS
Junos® operating system
Junos OS Evolved
Junos OS on Juniper vQFX virtual devices
Cisco NX-OS and NX-OSv
Arista EOS and vEOS
Enterprise SONiC
Telemetry Services
Address Resolution Protocol (ARP) table
Media access control (MAC) table
BGP session
Hostname
Interface and interface counters
Transceiver information
Link aggregation group/multichassis link aggregation group (LAG/MLAG) information
Link Layer Discovery Protocol (LLDP) information
IP Route table
Active configuration
EVPN flooding table
EVPN routing table
Intent-Based Analytics (IBA)
Custom dashboards and widgets
Tags and property sets for custom probes
Device system health
Device traffic and headroom
LAG imbalance
MLAG imbalance*
ESI imbalance*
Equal-cost multipath (ECMP) imbalancefor fabric interfaces
Telemetry streaming via protocol buffers*
IBA predefined probes*
Bandwidth utilization
Critical services: utilization, trending, alerting*
Leafs Hosting Critical Services: utilization, trending, alerting*
Drain traffic anamoly
Equal-cost multipath (ECMP) imbalancefor spine to super spine interfaces*
Equal-cost multipath (ECMP) imbalancefor external interfaces
Spine fault tolerance*
EVPN-VXLAN type-3 route validation*
EVPN-VXLAN type-5 route validation*
VXLAN flood list validation*
EVPN host flaps detection*
BGP flapping detection
Hot/cold fabric ports
Hot/cold spine to super spine*
Hot/cold specific interfaces
Packet discard
Interface flapping
Total east-west traffic*
Optical transceivers
Display external routes*
Connectivity fault model*
Cabling fault model*
Extensible telemetry collection*
Multi-agent detector (Arista only)*
Hypervisor and fabric VLAN configuration mismatch*
VMs without fabric configured VLANs*
Hypervisor and fabric LAG configuration mismatch*
Hypervisor missing LLDP configuration*
Hypervisor maximum transmission unit (MTU) mismatch*
Hypervisor MTU check*
Hypervisor redundancy check*
Platform
Apstra server backup/restore
Apstra server health reporting
Apstra sever upgrades
RESTful APIs
Graph model and GraphQL/QE API
Apstra CLI
Apstra Developer SDK (Python)
Extensible on-box or off-box device agents
Multiuser administration
Role-based access control
Self-integrity check
Security
Multiuser administration
Role-based access control
LDAP authentication
TACACS+ authentication
RADIUS authentication
Active Directory authentication
HTTPS UI
Apstra server security hardening
API driven operation
Blueprint Customization
Template types and options
Connectivity templates
Configlets
Config templates (Freeform only)
Property sets
Tags management
Resource pool management
Day-2 rack modifications
Day-2 fabric extension
Day-2 Operations
Staged/commit workflows
Rollback network state (Intent Time Voyager)
Add/remove generic systems
Add/update/remove racks
Add/remove pods
Network OS upgrade/downgrade
Change/add interface
Break/form lags
Device maintenance
Device decommissioning
Device replacement
Resource utilization
Virtual network management
Policy Assurance
Configuration drift detection
Routing Zone constraint policies
Access list policies—conflict detection and resolution
802.1x Network Admission Control
Traffic control with ACLs
Policies management
Cabling map: anti-affinity policies
Security policy (firewall filters/access control lists)
Device Management
Zero-touch provisioning (ZTP)
Device agent installer
Life-cycle management
Device quarantine
Device maintenance
Virtual Infrastructure Integration
VMware vCenter
VMware NSX-T

Specifications

Network Design:

  • 3-stage and 5-stage Clos design
  • Collapsed fabric design (Edge data centers)
  • 3-stage Clos with L2 access switches
  • High availability switches at the access layer
  • IPv4 fabric (non-EVPN)
  • IPv6 fabric RFC-5549 (non-EVPN)
  • EVPN fabric
  • Virtual routing and forwarding tables (VRFs)
  • L2/L3 virtual networks (IPv4/IPv6)
  • Intra-rack (VLAN), or inter-rack (VXLAN) virtual networks
  • Single or dual homing of external systems (MLAG/vPC/CLAG/ESI)
  • L3 sub-interfaces
  • Dynamic Host Configuration Protocol (DHCP) relay
  • External BGP peering
  • Dynamic BGP neighbors
  • Granular import/export routing policies
  • Static routes
  • Security policy (firewall filters/access control lists)
  • Remote EVPN gateways for L2/L3 Data Center Interconnect (DCI)
  • Cabling map: anti-affinity policies

Device OS

  • Junos® operating system
  • Junos OS Evolved
  • Junos OS on Juniper vQFX virtual devices
  • Cisco NX-OS and NX-OSv
  • Arista EOS and vEOS
  • Enterprise SONiC

Telemetry Services

  • Address Resolution Protocol (ARP) table
  • Media access control (MAC) table
  • BGP session
  • Hostname
  • Interface and interface counters
  • Transceiver information
  • Link aggregation group/multichassis link aggregation group (LAG/MLAG) information
  • Link Layer Discovery Protocol (LLDP) information
  • MAC table
  • Resource utilization
  • Route table
  • EVPN flooding table
  • Active configuration

Intent-Based Analytics (IBA)

  • Anomaly detection
  • Real-time and historical
  • Telemetry streaming via protocol buffers
  • Extensible telemetry collection
  • Custom dashboards and widgets
  • Programmable
  • Tags and property sets for custom probes
  • IBA predefined probes
  • Bandwidth utilization
  • Critical services: utilization, trending, alerting
  • Leafs Hosting Critical Services: utilization, trending, alerting
  • Device system health
  • Device traffic and headroom
  • LAG imbalance
  • ESI imbalance
  • Equal-cost multipath (ECMP) imbalance
  • EVPN-VXLAN type-3 route validation
  • EVPN-VXLAN type-5 route validation
  • VXLAN flood list validation
  • EVPN host flaps detection
  • BGP flapping detection
  • Hot/cold fabric ports
  • Interface flapping
  • Multi-agent detector (Arista only)
  • Total east-west traffic
  • OS version
  • Interface errors (overloaded interface bandwidth)
  • Sustained interface discards
  • Small form-factor pluggable transceiver (SFP)
  • Display external routes
  • Power supply anomalies probe
  • Hypervisor and fabric VLAN configuration mismatch
  • VMs without fabric configured VLANs
  • Hypervisor and fabric LAG configuration mismatch
  • Hypervisor missing LLDP configuration
  • Hypervisor maximum transmission unit (MTU) mismatch
  • Hypervisor MTU check
  • Hypervisor redundancy check

Root Cause Identification

  • Connectivity fault model
  • Cabling fault model
  • Anomaly summarization

Platform

  • Apstra server backup/restore
  • Apstra server health reporting
  • RESTful APIs
  • Graph model and GraphQL/QE API
  • Apstra CLI
  • Apstra Developer SDK (Python)
  • Extensible on-box or off-box device agents
  • Multiuser administration
  • Role-based access control
  • Self-integrity check

Security

  • Multiuser administration
  • Role-based access control
  • LDAP authentication
  • TACACS+ authentication
  • RADIUS authentication
  • Active Directory authentication
  • 802.1x Network Admission Control
  • Traffic control with ACLs
  • HTTPS UI
  • Apstra server security hardening
  • Headless operation

Blueprint Customization

  • Template types and options
  • Connectivity templates
  • Configlets
  • Property sets
  • Tags management
  • Resource pool management
  • Day-2 rack modifications
  • Day-2 fabric extension

Virtual Infrastructure Integration

  • VMware vCenter
  • VMware NSX-T

Day-2 Operations

  • Staged/commit workflows
  • Rollback network state (Intent Time Voyager)
  • Add/remove generic systems
  • Add/update/remove racks
  • Add/remove pods
  • Network OS upgrade/downgrade
  • Change/add interface
  • Break/form lags
  • Device maintenance
  • Device decommissioning
  • Device replacement
  • Virtual network management
  • Policies management

Policy Assurance

  • Configuration drift detection
  • Access list policies—conflict detection and resolution
  • Routing zone constraint policies

Device Management

  • Zero-touch provisioning (ZTP)
  • Device agent installer
  • Life-cycle management
  • Device quarantine
  • Device maintenance

An open-source catalog of IBA probe configurations is available to enable an ecosystem with customers, partners, and other third parties.

Installation Requirements Hypervisors

  • VMware ESXi
  • QEMU/KVM for Ubuntu
  • Microsoft Hyper-V

Documentation

Download the Juniper Apstra Data Sheet (PDF).

Download the Juniper Apstra At a Glance (PDF).


Juniper Products
Juniper Apstra
Juniper Apstra Standard
#Apstra-Standard
Get a Quote!
Juniper Apstra Advanced
#Apstra-Advanced
Get a Quote!
Juniper Apstra Premium
#Apstra-Premium
Get a Quote!