How do you deploy Border Leaf, Spine and Service Leaf independently?

Fancy Wang 0404 2022

Standard architecture, independent deployment of Border Leaf, Spine and Service Leaf

The architecture in which all roles are deployed independently (multiple roles are not deployed on the same physical device) is the standard architecture of Fabric, as shown in the figure

The deployment points of this architecture are as follows

The Border Leaf is deployed as the north-south gateway, the Server Leaf is deployed to access various types of servers, the Service Leaf is deployed to access VAS devices such as FW and LB, and the VXLAN gateway is deployed on the Server Leaf.

Usually 2 Border Leafs are deployed, but they can also be expanded to 4 Border Leafs according to bandwidth requirements or reliability requirements. Border Leafs are connected upward to the switching core of the data center and downward to the spine. No wiring is required between them. Each Border Leaf is configured with an independent VTEP, which is not shared with other devices. A dynamic routing protocol (OSPF protocol or EBGP) is configured between the border leaf and the core switch or PE equipment. The four links of each spine are respectively connected to four border leaves, and 10Ge or 40GE interfaces can be selected as required.

Usually 2 spines are deployed, which can be expanded to 4 spines according to the scale of the fabric. The spines and all leaf devices are fully cross-connected to form the classic spine-leaf architecture of the data center. Spine is the underlay node of VXLAN. It only forwards VXLAN outer IP addresses and does not perceive user packets. However, during operation and maintenance diagnosis, you need to see the information inside the VXLAN.

The Service Leaf is connected to VAS devices such as the FW and LB. The FW and LB are usually deployed in a dual-machine cluster. M-LAG is deployed on the Service Leaf to implement dual-homing and highly reliable access to the VAS devices. If necessary, multiple pairs of Service Leafs can be deployed to meet the access requirements of a larger number of FWs and LBs.

Server Leaf access servers, usually deploy M-LAG, to meet the server dual-homing and high-reliability access requirements. The convergence ratio of the server leaf is 3:1, and the uplink interface is 40GE or 100GE.

The core features of the reformed architecture are that each device performs its own function, has strong scalability, and has the strongest business overlay function. Border Leaf does not assume other roles, and its scalability is not limited by M-LAG, and can support expansion to 4 or more. Spine does not assume other roles, and can expand to support multiple groups of server leaves for accessing more FW and LB devices. Each device performs its own duties, and only deploys the service configuration required by the device role and the corresponding forwarding plane resources, with the strongest functional scalability.

This architecture is suitable for medium and large fabrics and can support about 3000 physical servers. This architecture can be used if users have strong requirements for the expansion of spine, and also need to expand the north-south exit, need to support four-active Border Leaf application scenarios, or have a lot of expansion requirements for VAS devices (such as industry cloud users).

We are a 100G switch with Nos, 100G module/network card factory in Shenzhen, China. We can provide you with one-stop service on products, transportation, customs clearance, and tariffs.