How did Overlay Tunnels built in new Technologies (VXLAN/Fabric Path/ACI/SD-Access) overcome STP/ FHRP ? (Simple Explanation)

Before we dive deep and understand how did that happen, we need to understand what is the problem in legacy network.

1) The problem as shown in figure above is that the links between Access and distribution layer switches are layer 2 links and hence STP must come into picture and intervene by blocking one of its links. This will prevent loops but cost is higher as we will not use one of our uplinks. Whether using Three-Tier design or Collapsed Core, same problem exist.

As we know, Datacenters today evolved and requires more BW, there is no possibility to pay for 40G or 100G links and then block one of them because of STP.

2) Solving this problem is easy by converting layer 2 links to layer 3 routed links. 

3) But this leads to another problem which is stretching VLAN Subnets.

4) In figure below if links were layer 3 links, STP problem will be solved but another problem appears which is inability to (stretch VLAN or Subnets). For example, we have two different users connected to different switches but we can not make user 1 and user 2 in same subnet. For example, if user 1 has IP address 192.168.1.1/24, user 2 cannot be in same subnet range 192.168.1.0/24.

5) To make user 1 and user 2 in same subnet range (192.168.1.0/24) in two different switches, we need to convert layer 3 links to be layer 2 links and configure ports as trunks links to extend the respective VLAN as like in first figure but again, this will lead to problem of blocked ports.

6) So, the ideal situation is to have something that is layer 2 to allow (VLAN/Subnet stretching) but at same time being built on layer 3 links (to overcome STP problem). The Overlay tunnel is the magic around this. Overlay tunnels will be layer 2 tunnels being built based on underlay IGP running on Layer 3 links.

7) The stronger the underlay, the stronger / better the overlay tunnel.

8) New Technologies (VXLAN, FabricPath,ACI, SD-Access) are all around building these overlay tunnels.

9) VXLAN builds its layer 2 overlay tunnels based on any IGP routing protocol (OSPF mostly used) running between spines and leafs.

FabricPath builds overlay tunnel once you configure feature FabricPath command on spine and leaf switches. This layer 2 overlay tunnel will be based on IS-IS as routing protocol.

ACI is the SDN technology for Datacenter will use VXLAN to build their overlay tunnels but this tunnel is built based on IS-IS by default (Do not worry , you will not configure anything as this runs behind the scene once you tell fabric who is spine/leaf and set BGP-AS Number)

SD-Access is intent based technology for enterprises, it will use VXLAN as Data plane to help building layer 2 overlay tunnel again but this time it will use LISP as a control plane for it.

10) Overlay tunnels built will make no need for HSRP/VRRP. Because they use something called Anycast gateway. This means that gateway is configured on all leafs. Once the host is attached, it will find its gateway ready and configured.