[j-nsp] STP in spine leaf architecture

[Thomas Bellman]

On 2017-10-26 18:11 (CEST), Hugo Slabbert wrote:

> [...] in a general a spine & leaf setup should be L3 for interswitch
> links, so any STP should be local to a given switch.  [...]
> Here I'm just talking about a vanilla spine & leaf setup, not anything
> Juniper-specific e.g. QFabric or VCF or whatnot.

You can also build a spine & leaf setup using TRILL och Shortest Path
Bridging (SPB), in which case you have a single large layer 2-domain.
Not using Juniper equipment, though, since Juniper supports neither
TRILL nor SPB...

> I'd be curious about more specific details from folks running QFX in
> prod in this type of setup.

You are generally correct though.  Configure your swithc-to-switch
links as L3 ports (i.e. 'interface ... unit ... family inet/inet6',
not 'family ethernet-switching'), and some routing protocol like
OSPF, IS-IS or BGP.  BGP is fairly popular in datacenter settings,
but OSPF works fine as well, as should IS-IS.

Layer 2 domains should be kept to a single leaf switch, and thus you
don't need to run Spanning Tree at all.  And definitely not on your
links between spines and leafs, since that would block all but one of
the uplinks, and give you all the pains of Spanning Tree without any
of the benefits.  (You *might* want to run STP on your client ports and
configure them as edge ports with bpdu-block-on-edge, to protect against
someone misadvertently connecting two L2 client ports togethere.)

(I don't run a pure spine-and-leaf network myself.  I am trying to
migrate towards one, but we still have several "impurities", and
have STP running in several places.)


-- 
Thomas Bellman <bellman at nsc.liu.se>
National Supercomputer Centre, Linköping University, Sweden

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20171027/dba94732/attachment.sig>