[j-nsp] STP in spine leaf architecture
Hugo Slabbert
hugo at slabnet.com
Fri Oct 27 12:23:09 EDT 2017
On Fri 2017-Oct-27 18:04:36 +0200, Thomas Bellman <bellman at nsc.liu.se> wrote:
>On 2017-10-26 18:11 (CEST), Hugo Slabbert wrote:
>
>> [...] in a general a spine & leaf setup should be L3 for interswitch
>> links, so any STP should be local to a given switch. [...]
>> Here I'm just talking about a vanilla spine & leaf setup, not anything
>> Juniper-specific e.g. QFabric or VCF or whatnot.
>
>You can also build a spine & leaf setup using TRILL och Shortest Path
>Bridging (SPB), in which case you have a single large layer 2-domain.
>Not using Juniper equipment, though, since Juniper supports neither
>TRILL nor SPB...
A fair point; TRILL was only somewhat in the mix when we were evaluating
options, but vendor support was hit and miss. VXLAN ended up being a more
common and "vetted" solution for L2 across a spine & leaf setup.
>> I'd be curious about more specific details from folks running QFX in
>> prod in this type of setup.
>
>You are generally correct though. Configure your swithc-to-switch
>links as L3 ports (i.e. 'interface ... unit ... family inet/inet6',
>not 'family ethernet-switching'), and some routing protocol like
>OSPF, IS-IS or BGP. BGP is fairly popular in datacenter settings,
>but OSPF works fine as well, as should IS-IS.
>
>Layer 2 domains should be kept to a single leaf switch, and thus you
>don't need to run Spanning Tree at all. And definitely not on your
>links between spines and leafs, since that would block all but one of
>the uplinks, and give you all the pains of Spanning Tree without any
>of the benefits. (You *might* want to run STP on your client ports and
>configure them as edge ports with bpdu-block-on-edge, to protect against
>someone misadvertently connecting two L2 client ports togethere.)
Yep; that's our CYA config.
>(I don't run a pure spine-and-leaf network myself. I am trying to
>migrate towards one, but we still have several "impurities", and
>have STP running in several places.)
We all still have lots of "dirty corners" in our networks ;)
--
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20171027/3df5d03d/attachment.sig>
More information about the juniper-nsp
mailing list