Link Search Menu Expand Document
calendar_month 07-Mar-24

Aruba Central Two-Tier Data Center

The Aruba ESP Two-Tier Data Center can be configured using Aruba Central or Aruba Fabric Composer (AFC). The Two-Tier architecture uses Layer 2 multi-chassis links between a VSX pair of core switches and a set of server access switches. The following deployment example uses Aruba Central, enabling a single management platform for both campus and data center networks that provides advanced troubleshooting features and performance feedback.

Table of contents


The Aruba CX switching portfolio includes a range of products for data center core and access layers. Aruba Central documentation contains a list of supported AOS-CX switches.

Aruba ESP Two-Tier data centers meet the requirements for small- and medium-size data centers. It provides network resiliency by using multi-chassis link aggregations (MC-LAGs) at both switch tiers.

Two-Tier Data Center Topology

The diagram below summarizes the physical topology configured in this deployment guide and the relationship between components.

Two-Tier Core Layer

The core layer provides redundant Layer 2 connectivity to downstream access switches. A VSX pair of core switches is configured with an MC-LAG to each downstream rack. All links from the core layer to the access layer for a single rack are members of the same MC-LAG, whether the rack is populated with a single switch or with a VSX-pair of access switches. MC-LAG provides network resiliency and load-balancing. It also mitigates the need for loop avoidance mechanisms between the core and access layer switches.

Layer 3 services for the data center are provided by the core layer. VLAN switched virtual interfaces (SVIs) are defined on core switches that route packets between data center subnets and provide redundant IP gateways to data center hosts. The core layer also provides redundant IP connectivity to upstream external networks. Typically, firewalls are placed between a data center and external networks for policy enforcement. The redundancy models between the data center core and external networks can vary, depending on device feature sets and organizational requirements. In this guide, a traditional active/passive redundant pair of firewalls is connected to the core switch pair using MC-LAGs.

Two-Tier Access Layer

The access layer provides Layer 2 connectivity to downstream data center hosts.

When a single access switch is at the top-of-rack (ToR) position, the access layer connects to the core layer using a standard LAG. A single ToR switch can provide physical link redundancy using a standard LAG, but host connectivity is lost when performing firmware upgrades or when the ToR switch fails.

When using a VSX pair of ToR switches, the access layer provides physical switch redundancy to directly attached hosts. This model supports uninterrupted host connectivity, even when one of the ToR switches fails or a firmware upgrade is performed. Each access layer switch also is connected to each core switch. All core links across redundant access switches are members of the same MC-LAG for redundancy and loop avoidance.

Planning the Deployment

This section provides sample values and rationale for naming and numbering schemes. Adjust values and formats as needed to accommodate specific requirements. Using a consistent approach in the physical and logical configurations improves the management and troubleshooting characteristics of a network.

Naming Conventions

Establish a switch naming convention that indicates the switch type, role, and location to simplify identification and increase operating efficiency.

Example values used in this guide:

Switch NameRoleDescription
RSVDC-CORE1-1CoreRoseville Data Center Core Switch, VSX Pair Member 1 (primary)
RSVDC-CORE1-2CoreRoseville Data Center Core Switch, VSX Pair Member 2 (secondary)
RSVDC-ACCESS1-1AccessTop-of-Rack Access Switch in Rack 1, VSX Pair Member #1 (primary)
RSVDC-ACCESS1-2AccessTop-of-Rack Access Switch in Rack #1, VSX Pair Member 2 (secondary)

Aruba Central Groups

Aruba Central organizes devices in groups with common configuration elements. Two functional roles in the two-tier data center architecture share configuration elements: the data center core and access layers. An Aruba Central group should be created for each layer.

Example Aruba Central groups used in this guide are:


Aruba Central Sites

In addition to group membership, a device can be associated with a site that represents a physical location. Sites can be used to aggregate visibility, statistics, and troubleshooting tools across switches that are members of different groups.

In this guide, all data center switches are assigned to a site named RSVDC.

IP Address Planning

Plan a consistent IP numbering scheme with values that can accommodate the current deployment size and leave room for growth. Define a range that can represent loopback addresses, IP addresses used in support protocols, and a range for data center hosts. It is beneficial to assign data center host subnets from a larger range of maskable IP addresses that summarizes all host subnets in the data center.

Example IP address ranges used in this guide:

SubnetFunctional Description interface IP addresses IP addresses range of all data center host subnets of a specific data center host subnet

MAC Address Planning

A Locally Administered Address (LAA) should be used when defining virtual MAC addresses for VSX and active gateway functions. This is required when configuring an Active Gateway for an SVI on a VSX pair and when configuring the system MAC address of VSX. An LAA is a MAC in one of the four formats shown below:


The x positions can contain any valid hex value. It is helpful to create a hexadecimal representation of the associated IP address or VLAN ID using the hex positions. For more details on the LAA format, see the IEEE tutorial guide.

In this guide, VSX system MAC addresses are set to 02:00:00:00:10:xx, where xx is replaced with the rack number of the VSX pair and the core switches use a value of 00.

Active Gateway MAC address are set to 02:00:xx:xx:xx:xx, where the last four octets are assigned a hexadecimal representation of the Active Gateway IP address. For example, the IP address results in a MAC address of 02:00:0a:01:65:01. This simple method ensures MAC address uniqueness associated with Active Gateway IP addresses for troubleshooting purposes.

Table of contents

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.