manual
Table Of Contents
- Introduction
- Scope
- Design Considerations—Connectivity at the Branch Office
- Branch-Office Connectivity over IPsec VPN
- Design Recommendations
- Routing Information Protocol
- Traffic Load Balancing for Type B and Type C Branch Deployments
- Using Border Gateway Protocol for Large Networks
- Using OSPF for Small Number of Branch Offices
- Using Auto Connect VPN to Create Branch-to-Branch IPsec Tunnels
- High Availability for the Branch Office
- High Availability Requirement Levels (Link, Device, Device, and Link Levels)
- High Availability Functionalities
- High Availability for Branch Office Type A
- VPN Security Zone Configuration for Type A
- High Availability for Branch Office Type B
- Using Secure Services Gateway for Type B
- High Availabilty for Branch Office Type C
- Connectivity at the Data Center
- Implementing a High Availability Enterprise Network at the Data Center
- Quality of Service Design Requirements
- WX Design Requirements
- Summary
- Appendix A Related Documents
- Appendix B Naming Conventions
- Appendix C Products
- About Juniper Networks
- Figure 1: Connecting branch offices, campus locations, and data centers over a single converged network
- Figure 2: Branch office reference architecture
- Figure 3: Multi-tiered/layered network architecture
- Figure 4: Two-tier network design for data centers
- Figure 5: Branch with dual internet connections (load balancing using ECMP)
- Figure 6: BGP routing design
- Figure 7: Star topology – connecting branches to central hub
- Figure 8: AC VPN provisioned tunnels between branches in the same region
- Figure 9: Multi-tier topology
- Figure 10: HA configuration for Type A
- Figure 11: VPN security zone configuration for Type A
- Figure 12: Type B optimized – HA configuration
- Figure 13: Type B – security zones
- Figure 14: Type C – HA configuration
- Figure 15: Intra-branch using OSPF
- Figure 16: Branch Type C – security zones
- Figure 17: Enterprise network for the data center
- Figure 18: M Series Multiservice Edge Routers
- Figure 19: Internet firewalls
- Figure 20: VPN firewalls
- Figure 21: VPN firewall IPS policy
- Figure 2: Branch office reference architecture
Copyright © 2010, Juniper Networks, Inc. 1
APPLICATION NOTE - Branch Office Connectivity Guide
Introduction
Designing and scaling an enterprise network for assured network connectivity between branch offices and data
centers is a challenge that faces every high-performance organization. This guide can assist organizations to design
and implement a secure and reliable enterprise network infrastructure.
Because most enterprises typically employ more users in branch offices than at headquarters, they need a network
infrastructure that performs as well as the networks in headquarters and one that delivers secure and assured
connectivity. Branch offices usually connect directly to headquarters using either a private WAN link or a VPN over
the Internet, or they deploy VPN over the private WAN link. As more branch offices connect directly to the Internet—
rather than backhauling Internet traffic to headquarters—this trend introduces a new set of security, performance,
connectivity, and reliability challenges.
Scope
This guide provides design guidance for deploying a converged network solution that connects branch office
locations to the data center, as shown in Figure 1. It offers the connectivity practices and guidelines for network
routing, implementing high availability (HA) options for assured branch office performance and a related HA data
center design. All of these topics support a common design goal of connecting multiple branch offices at a maximum
of 1,000 locations using an IPsec VPN overlay.
Figure 1: Connecting branch offices, campus locations, and data centers over a single converged network
For each topic discussed in this guide, a corresponding application note is offered that contains additional “how-to”
information and device configuration steps for implementing that aspect of the design.
In addition to this guide, three additional guides address enterprise network security, operations, and performance—
all leveraging the same connectivity design model. Appendix A provides a list of these guides in addition to
application notes, white papers, design documents, and other related information.
Target Audience
• IT managers
• Systems engineers
• Network analysts and engineers
• Network administrators
• Security managers
CONVERGED
IP NETWORK
BRANCH OFFICE EXTENDED ENTERPRISE
DATA
CENTER
Private WAN
or Internet
CAMPUS