Single Fabric Designs
Aruba NetConductor has two validated reference designs for single fabric campus networks, referred to as Routed-Access and Scaled-Access designs. Both features a fully routed underlay connecting the Access, Service Aggregation, Core, and Distribution layers using OSPF across any deployment size.
In the Routed-Access design, all the network devices fully participate in the BGP EVPN fabric. Anycast gateways are hosted across the access switches. In the Scaled-Access design, distribution switches typically deployed in VSX pairs and extended edge switches in the access layer are connected using MC-LAG, orchestrated Static VXLAN. Anycast gateways are hosted at the distribution switches, and BGP EPVN fabric starting from this layer allows deployment to scale for very large site.
The Routed-Access design is preferred in most cases for up to 250 VTEPs. It is also necessary to limit the number of BGP peers for route reflectors which could result in a lower limit for the allowed number of VTEPs. The design choices flowchart below provides additional guidance.
Routed-Access Design
The Routed-Access design is built with routed links that connect all switches within the fabric, resulting in an optimized traffic flow within the fabric using ECMP routing. It is preferred for networks with current and anticipated future scale within the limits of this architecture.
Routed-Access Design Highlights
- Layer 3 Routed Access network
- Small to Medium deployment sizes
- Authentication and Group-based Policy at the Access layer
Scaled-Access Design
The Scaled-Access design is similar to the Routed-Access design with two major differences. First, the Access-Aggregation or Distribution layer switches are configured in VSX pairs to provide redundancy. This allows MC-LAG connections from these switches downstream to the Access or Extended-Edge switches over which Static VXLAN tunnels. This greatly increases the possible scale of the network while preserving most of the benefits of the Routed-Access design, including the ability to provide authentication and application of Group-Based policies at the network edge.
Layer 3 to the Access-Aggregation layer
L2 Multi-Chassis LAG between Access-Aggregation and Access layers with routed SVI for reachability
Orchestrated Static VXLAN between Access-Aggregation and Access layers
BGP/EVPN boundary is at the Aggregation/Stub layer
Scales to high number of VRFs
Scales up to 1000 extended edge switches within a single fabric
Authentication and Group-based Policy at the Access layer
All BGP/EVPN switches are in OSPF Area 0, Stub/Access Aggregation and Extended Edge Switches are in OSPF Area 1.
Stub/Access Aggregation switches also can be used as Edge Switches.
Layer 2 Multi-Chassis LAG between the access-aggregation and access devices provides increased bandwidth, faster network resilience, and better load sharing. While routing with ECMP from access-aggregation to rest of the network provides load-balancing and increased bandwidth.
The Scaled-Access design and the extended edge switch persona is currently allow-listed features. Contact your Aruba representative to enable the feature and for more information.
Choosing the Appropriate Reference Design
The flow chart below shows Aruba is the suggested best practice for choosing between the Routed-Access and Scaled-Access designs.
See Aruba Intelligent Forwarding (FIB Optimization) and VLAN Client Presence Detect in the Terminology section at the end of this document for details on Fabric Optimization.
Platform Support
The following table summarizes the supported platforms for the fabric personas and locations in the network, applicable to all NetConductor design options. Detailed explanations of the role of each persona are provided in the terminology section at the end of this document. Bold model numbers are the preferred options for each persona.
Fabric Persona | Place in the Network | Supported Platforms |
---|---|---|
Route Reflector (RR) | Campus Core | 6300* ,6400, 8100^, 8325, 8360, 8400, 9300, 10000 |
Edge | Campus Access | 6300*, 6400, 8100 |
Extended Edge | Extending Campus Access | 6200, 6300*, 6400 |
Border (Single Fabric) | WAN Aggregation | 6400, 8100, 8325, 8360, 8400 , 9300, 10000 |
Border Leader (Multi-Fabric) | Fabric Interconnection | 6400, 8325, 8360, 9300, 10000 |
Stub | Wireless Aggregation | 6300*, 6400, 8100,8360 |
Stub | Access Aggregation Distribution | 8100, 8360 |
WLAN Gateway | WLAN Gateway | 7XXX, 9XXX |
*6300L is not supported for any fabric persona. 6300 is only recommended for use as Route Reflector in lab usage.
^ 8100 should only be used as Route Reflector for lab or small deployments (<64 VTEPs)
For small to medium sites, it is more cost effective to collocate multiple fabric personas on the same switch. The following options are supported in NetConductor:
Collocated Fabric Personas | Place in the Network | Supported Platforms** |
---|---|---|
Border + Route Reflector (RR) | Campus Core | 6400, 8325, 8360, 8400, 9300 |
Border + Route Reflector (RR) + WLAN-Stub | Campus Core | 6400, 8360 |
Border + WLAN-Stub | WAN-Aggregation | 6400, 8360 |
Border + Route Reflector (RR) + WLAN-Stub + Edge ñ Lab purposes only, minimum recommended version is 10.12 and above for switch | Campus Core | 8100, 6300* |
*6300L is not supported for any fabric roles.
Connections to Switches Not Supporting VXLAN
There are several situations where a switch or other device that does not support VXLAN may require connection to the fabric. Examples and conditions include:
Small switches in conference rooms
Outdoor or other ruggedized switches such as the CX4100 or similar
Switches that are not managed or orchestrated by Aruba Central
User-Roles, Role-to-Role policy enforcement is not supported.
In these cases, a fabric stub persona switch should be provisioned connecting to a Layer 2 access switch. Required VLANs can be carried on a single Layer 2 connection or Layer 2 LAG/MLAG with required VLANs passing normally. The Stub persona can be a standalone or VSF stack or VSX pair switches.
The stub switch(es) also can be provisioned with edge switches and connected to Extended Edge switches through Layer2 LAG/MLAG with required VLANs passing normally. The Stub/Edge devices are configured with SVI, distributed anycast-gateway extending VLANs across the fabric.