Link Search Menu Expand Document
calendar_month 24-May-23

Aruba Central Two-Tier Data Center

The Aruba ESP Two-Tier Data Center can be configured using Aruba Central or Aruba Fabric Composer (AFC). The following deployment example uses Aruba Central, enabling a single management platform for both campus and data center networks that provides advanced troubleshooting features and performance feedback.

Table of contents


The Aruba CX switching portfolio provides a range of products for data center core and access layers. Aruba Central documentation contains a list of supported AOS-CX switches.

Aruba ESP Layer 2 Two-Tier data centers meet the requirements for small- and medium-size data centers.

Layer 2 Two-Tier Topology

The diagram below summarizes the topology configured in this deployment guide and the relationship between components.

Layer 2 Two-Tier Core Layer

The core layer provides redundant Layer 2 connectivity to downstream access switches. A VSX pair of core switches is configured with a multi-chassis link aggregation (MC-LAG) to each downstream rack. All links from the core layer to the access layer for a single rack are members of the same MC-LAG, whether the rack is populated with a single switch or with a VSX-pair of access switches. MC-LAG provides network resiliency and load-balancing. It also mitigates the need for loop avoidance mechanisms between the core and access layer switches.

Layer 3 services for the data center are provided by the core layer. VLAN switched virtual interfaces (SVIs) are defined on core switches that route packets between data center subnets. The core layer also provides redundant IP connectivity to upstream external networks. Firewalls typically are placed between a data center and external networks for policy enforcement. The redundancy model between the data center core and external networks can vary widely, depending on device feature sets and organizational requirements. In this guide, a traditional active/passive redundant pair of firewalls is connected. One VLAN and associated SVI is used by each core switch to make redundant connections to the upstream firewall pair.

Layer 2 Two-Tier Access Layer

The access layer provides connectivity to downstream data centers hosts.

When a single access switch is positioned at the top-of-rack (ToR) position, the access layer connects to the core layer using a standard LAG. A single ToR switch can provide physical link redundancy using a standard LAG, but host connectivity is lost when performing firmware upgrades or when the ToR switch fails.

When using a VSX pair of ToR switches, the access layer provides physical switch redundancy to directly attached hosts. This model supports uninterrupted host connectivity, even when one of the ToR switches fails or a firmware upgrade is performed. Each access layer switch also is connected to each core switch. All core links across both access switches are members of the same MC-LAG for redundancy and loop avoidance.

Planning the Deployment

This section provides sample values and rationale for naming and numbering schemes. Adjust values and formats as needed to best accommodate specific requirements. Using a consistent approach in the physical and logical configurations improves the management and troubleshooting characteristics of a network.

Naming Conventions

Establish a switch naming convention that indicates the switch type, role, and location to simplify identification and increase operating efficiency.

Example values used in this guide:

Switch NameRoleDescription
RSVDC-CORE1-1CoreRoseville Data Center Core Switch, VSX Pair Member #1 (primary)
RSVDC-CORE1-2CoreRoseville Data Center Core Switch, VSX Pair Member #2 (secondary)
RSVDC-ACCESS1-1AccessTop-of-Rack Access Switch in Rack #1, VSX Pair Member #1 (primary)
RSVDC-ACCESS1-2AccessTop-of-Rack Access Switch in Rack #1, VSX Pair Member #2 (secondary)

Aruba Central Groups

Aruba Central organizes devices into groups with common configuration elements. Two functional roles in the Layer 2 Two-Tier data center architecture share configuration elements: the data center core and access layers. An Aruba Central group should be created for each layer.

Example Aruba Central groups used in this guide are:


Aruba Central Sites

In addition to group membership, a device can be associated with a site that represents a physical location. Sites can be used to aggregate visibility, statistics, and troubleshooting tools across switches that are members of different groups.

In this guide, all data center switches are assigned to a site named RSVDC.

IP Address Planning

Plan a consistent IP numbering scheme with values that can accommodate the current deployment size and leave room for growth. Define a range that can represent loopback addresses, IP addresses used in support protocols, and a range for data center hosts. It is beneficial to assign data center host subnets from a larger range of maskable IP addresses that summarizes all host subnets in the data center.

Example IP address ranges used in this guide:

SubnetFunctional Description and routing interface IP addresses range of all data center host subnets of a specific data center host subnet

MAC Address Planning

A Locally Administered Address (LAA) should be used when defining virtual MAC addresses for VSX and active gateway functions. This is required when configuring an Active Gateway for an SVI on a VSX pair and when configuring the system MAC address of VSX. An LAA is a MAC in one of the four formats shown below:


The x positions can contain any valid hex value. It is helpful to create a hexadecimal representation of the associated IP address or VLAN ID using the hex positions. For more details on the LAA format, see the IEEE tutorial guide.

In this guide, VSX system MAC addresses are set to 02:00:00:00:10:xx, where xx is replaced with the rack number of the VSX pair and the core switches use a value of 00.

Active Gateway MAC address are set to 02:00:xx:xx:xx:xx, where the last four octets are assigned a hexadecimal representation of the Active Gateway IP address. For example, the IP address results in a MAC address of 02:00:0a:01:65:01. This simple method ensures MAC address uniqueness associated with Active Gateway IP addresses for troubleshooting purposes.

Table of contents

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.