📘 Case Study

Multi-Tenant EVPN/VXLAN Fabric with Hybrid Cloud & SD-WAN Integration

👤 Client Profile

A large enterprise with three privately owned data centers across multiple regions. Required strict tenant segmentation, hybrid cloud integration (Azure & AWS), full BGP internet routing, and SD-WAN connectivity for remote sites and partners.

⚠️ Challenges

• Needed modern, scalable multi-tenant infrastructure across private data centers

• Required hybrid connectivity to Azure & AWS with secure routing and inspection

• WAN design had to support SD-WAN overlays, dynamic path control, and partner access

• Mandated full BGP internet peering with upstream providers at each DC

• Sought automation for repeatable deployments and reduced operational overhead

✅ Solutions Delivered

• Deployed Juniper EVPN/VXLAN fabric with QFX leaf-spine architecture across 3 DCs

• Built DCI over 100G private links for seamless East/Central/West interconnectivity

• Integrated Juniper MX480 edge routers for full internet tables and public prefix advertisement

• Connected to Azure and AWS via ExpressRoute, IPsec VPN, and selective routing

• Implemented VMware VeloCloud SD-WAN with application-aware overlays

• Deployed Palo Alto 5400 Series firewalls with multi-vSYS for per-tenant segmentation

• Automated provisioning with Terraform, Ansible, and Jinja2 templating

🚀 Results & Impact

• 🔐 True tenant isolation across data center fabric, WAN, and cloud

• 🌐 Full BGP peering & traffic engineering at the edge for granular control

• ☁️ Secure, flexible hybrid cloud access across Azure and AWS environments

• ⚙️ Reduced provisioning time with infrastructure-as-code & automation

• 🌍 Integrated SD-WAN overlays with dual MPLS and DIA for global connectivity

• 🛡️ Per-tenant firewall policies enforced across the fabric and WAN

🛠️ Technologies Used

• Juniper QFX5100/5200 (Leaf), QFX10000 (Spine)

• Juniper MX480 (Edge) – Full BGP Peering

• VMware VeloCloud SD-WAN

• Palo Alto 5400 Series NGFW (Multi-vSYS)

• Azure & AWS – ExpressRoute, VPN, VPC, TGW

• Terraform, Ansible, Jinja2

• 100G DCI + Dual MPLS Providers