Link Search Menu Expand Document
calendar_month 22-Aug-24

Single Fabric Designs

Aruba NetConductor has two validated reference designs for single fabric campus networks, referred to as Routed-Access and Scaled-Access designs. Both features a fully routed underlay connecting the Access, Service Aggregation, Core, and Distribution layers using OSPF across any deployment size.

In the Routed-Access design, all the network devices fully participate in the BGP EVPN fabric. Anycast gateways are hosted across the access switches. In the Scaled-Access design, distribution switches typically deployed in VSX pairs and extended edge switches in the access layer are connected using MC-LAG, orchestrated Static VXLAN. Anycast gateways are hosted at the distribution switches, and BGP EPVN fabric starting from this layer allows deployment to scale for very large site.

The Routed-Access design is preferred in most cases for up to 250 VTEPs. It is also necessary to limit the number of BGP peers for route reflectors which could result in a lower limit for the allowed number of VTEPs. The design choices flowchart below provides additional guidance.

Routed-Access Design

The Routed-Access design is built with routed links that connect all switches within the fabric, resulting in an optimized traffic flow within the fabric using ECMP routing. It is preferred for networks with current and anticipated future scale within the limits of this architecture.

Routed Access fabric

Routed-Access Design Highlights

  • Layer 3 Routed Access network
  • Small to Medium deployment sizes
  • Authentication and Group-based Policy at the Access layer

Scaled-Access Design

The Scaled-Access design is similar to the Routed-Access design with two major differences. First, the Access-Aggregation or Distribution layer switches are configured in VSX pairs to provide redundancy. This allows MC-LAG connections from these switches downstream to the Access or Extended-Edge switches over which Static VXLAN tunnels. This greatly increases the possible scale of the network while preserving most of the benefits of the Routed-Access design, including the ability to provide authentication and application of Group-Based policies at the network edge.

Scaled Access Fabric

  • Layer 3 to the Access-Aggregation layer

  • L2 Multi-Chassis LAG between Access-Aggregation and Access layers with routed SVI for reachability

  • Orchestrated Static VXLAN between Access-Aggregation and Access layers

  • BGP/EVPN boundary is at the Aggregation/Stub layer

  • Scales to high number of VRFs

  • Scales up to 1000 extended edge switches within a single fabric

  • Authentication and Group-based Policy at the Access layer

  • All BGP/EVPN switches are in OSPF Area 0, Stub/Access Aggregation and Extended Edge Switches are in OSPF Area 1.

  • Stub/Access Aggregation switches also can be used as Edge Switches.

Layer 2 Multi-Chassis LAG between the access-aggregation and access devices provides increased bandwidth, faster network resilience, and better load sharing. While routing with ECMP from access-aggregation to rest of the network provides load-balancing and increased bandwidth.

The Scaled-Access design and the extended edge switch persona is currently allow-listed features. Contact your Aruba representative to enable the feature and for more information.

Choosing the Appropriate Reference Design

The flow chart below shows Aruba is the suggested best practice for choosing between the Routed-Access and Scaled-Access designs.

Design Choice FLowchart

See Aruba Intelligent Forwarding (FIB Optimization) and VLAN Client Presence Detect in the Terminology section at the end of this document for details on Fabric Optimization.

Platform Support

The following table summarizes the supported platforms for the fabric personas and locations in the network, applicable to all NetConductor design options. Detailed explanations of the role of each persona are provided in the terminology section at the end of this document. Bold model numbers are the preferred options for each persona.

Fabric PersonaPlace in the NetworkSupported Platforms
Route Reflector (RR)Campus Core6300* ,6400, 8100^, 8325, 8360, 8400, 9300, 10000
EdgeCampus Access6300*, 6400, 8100
Extended EdgeExtending Campus Access6200, 6300*, 6400
Border (Single Fabric)WAN Aggregation6400, 8100, 8325, 8360, 8400 , 9300, 10000
Border Leader (Multi-Fabric)Fabric Interconnection6400, 8325, 8360, 9300, 10000
StubWireless Aggregation6300*, 6400, 8100,8360
StubAccess Aggregation Distribution8100, 8360
WLAN GatewayWLAN Gateway7XXX, 9XXX

*6300L is not supported for any fabric persona. 6300 is only recommended for use as Route Reflector in lab usage.

^ 8100 should only be used as Route Reflector for lab or small deployments (<64 VTEPs)

For small to medium sites, it is more cost effective to collocate multiple fabric personas on the same switch. The following options are supported in NetConductor:

Collocated Fabric PersonasPlace in the NetworkSupported Platforms**
Border + Route Reflector (RR)Campus Core6400, 8325, 8360, 8400, 9300
Border + Route Reflector (RR) + WLAN-StubCampus Core6400, 8360
Border + WLAN-StubWAN-Aggregation6400, 8360
Border + Route Reflector (RR) + WLAN-Stub + Edge ñ Lab purposes only, minimum recommended version is 10.12 and above for switchCampus Core8100, 6300*

*6300L is not supported for any fabric roles.

Connections to Switches Not Supporting VXLAN

There are several situations where a switch or other device that does not support VXLAN may require connection to the fabric. Examples and conditions include:

  • Small switches in conference rooms

  • Outdoor or other ruggedized switches such as the CX4100 or similar

  • Switches that are not managed or orchestrated by Aruba Central

  • User-Roles, Role-to-Role policy enforcement is not supported.

In these cases, a fabric stub persona switch should be provisioned connecting to a Layer 2 access switch. Required VLANs can be carried on a single Layer 2 connection or Layer 2 LAG/MLAG with required VLANs passing normally. The Stub persona can be a standalone or VSF stack or VSX pair switches.

The stub switch(es) also can be provisioned with edge switches and connected to Extended Edge switches through Layer2 LAG/MLAG with required VLANs passing normally. The Stub/Edge devices are configured with SVI, distributed anycast-gateway extending VLANs across the fabric.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.