The Juniper EX-Series Switches’ VLAN Re-Write and Translate Feature Saved me a Lot of Hassle Today!

I avoided a lot of hassle today thanks to the VLAN Re-Write and Translate feature of the Juniper EX-Series Switches, and in this article am going to tell you how? Although I am using a Juniper ex4650-48y-8c for this article, I am rather certain that this capability is supported by the entire EX-Series.

Let me give you some background information on the project I was working on and how this feature ended up becoming my hero of the day so you can clearly comprehend how fantastic this feature is.

The Project

Am working on a Wi-Fi Hotspot Solution and am using Ubiquiti’s UniFi Access Points (a mixture of indoor and outdoor APs). For this solution I have setup a centralized “Ubiquiti UniFi Network Controller” on a VM (Virtual Machine) running Linux OS and this will allow me to configure, monitor and manage all the Access Points (APs) located in two separate geographical locations from a single Web portal. The UniFi controller also offers cool features like customizable guest portal or captive portal and having a single SSID for your Wi-Fi network. I wanted to keep the topology and the entire solution simple, easy, and quick to deploy. Below will be our reference topology:

When a UniFi Access Point (AP) is plugged in the PoE (Power over Ethernet) switch, it boots up and sends a broadcast message trying to discover the UniFi Network Controller.  Broadcast messages are only localized to the same Local Area Network (LAN), that is Layer 2 in the OSI (Open Systems Interconnection) model. For example, in the design above, the AP can only discover the UniFi Network Controller if it is broadcasting in VLAN 100.

UniFi APs can also be configured to communicate with the UniFi Controller at Layer 3 (via a routed network), but the procedure involves running the discovery tool from a laptop/PC connected to the AP’s LAN. The discovery tool will find the AP and allow you to configure the AP with an IP address, a default gateway and the IP address of the UniFi Controller, and you have to make sure your routing is correct, and that the AP network can reach the network where the controller is connected. But like I mentioned, the goal was to keep the deployment easy (plug-n-play). I wanted to be able to plug-in the AP, discover and adopt it to the controller without having to first configure it locally, this makes the work easier especially if you have 100s of APs to connect to your network. For this to function properly, it means that I had to maintain one VLAN for; DHCP service, Network Controller and APs. But as you will see in a moment, this presented a problem!

The Challenge!

Since the network was going to cross the ISP Transmission (TX)/Metro network, having only one VLAN (one broadcast domain) presented a challenge. TX networks are usually large in nature with numerous network nodes and are usually arranged in ring topologies in order to offer protection against network failures. Having a single VLAN crossing such a network for all the APs in the two locations was therefore going to be impractical. There was a big risk of creating broadcast storms or L2 loops and so the best idea was to segregate the network in separate VLANs across the TX network. And that means a separate VLANs for each location.

The Solution

The VLAN Re-Write and Translate feature in the Juniper EX-Series Switches allows you to change the VLAN ID of an incoming packet to a different VLAN ID that you have configured on an interface. This can be useful when you want to connect different VLANs across different switches without changing their configurations. For example, if you have a switch A with VLAN 20 and a switch B with VLAN 220, you can use the EX-Series Switch to translate VLAN 20 to VLAN 220 and vice versa, so that the devices on both VLANs can communicate with each other. The EX-Series Switch does the translation in both directions, so that the packets are sent and received with the correct VLAN IDs.

With reference to our deployment topology above, we will maintain VLAN 100 for location 01, but assign a different VLAN 200 within the TX network for location 02. And then translate VLAN 200 to 100 at the ingress trunk port with is between the TX network and the Juniper EX-Series switch. The configuration on the EX-Series switch will be as follows:

Conclusion

We were able to divide traffic into two broadcast domains within the ISP TX network using the VLAN Re-write and translate technique while maintaining a single VLAN at the Gateway hence simplifying our topology and deployment.

Please take note that this kind of deployment is only limited to TWO locations. You would need to think about utilizing the discovery tool to pre-configure the APs with the controller IP address if your deployment is for more than two locations.