Question 8 - JN0-480 discussion

To keep virtual networks isolated from each other within the Juniper Apstra system, you can use one or more of the following methods:

Enable Security Policy for virtual networks in the same Routing Zone.This allows you to define rules that control the traffic flow between different virtual networks within the same routing zone. You can specify the source and destination virtual networks, the protocol, the port, and the action (allow or deny) for each rule.The security policy is applied on the ingress interface of the leaf devices1.

Use Connectivity Templates to block access within the same Routing Zone.This allows you to customize the connectivity between different racks within the same routing zone. You can create templates that define the link type, the routing protocol, and the access control list (ACL) for each rack pair.The ACL can be used to filter the traffic based on the source and destination IP addresses, the protocol, and the port2.

Put each network in different Routing Zones.This allows you to create logical boundaries between different virtual networks based on the route target (RT) values. A routing zone is a collection of virtual networks that share the same RT for importing and exporting routes.Virtual networks in different routing zones do not exchange routes with each other, unless you configure remote EVPN gateways to connect them3.Reference:

Security Policy

Connectivity Templates

Routing Zones