Design Recommendations
Sizing and Scaling
When designing the fabric, it is important to be aware of the scaling limits of each switch model and role in the fabric. The Routed-Access design is generally preferable if it can meet the scale requirements. Since it can support over 100 switches/stacks in the access layer, Routed-Access can accommodate tens of thousands of end devices in the fabric, if CX6300 switches in VSF stacks are used at the Edge.
Routed Access Design
Routed Access Validated Scale
Below numbers require all switches use AOS CX 10.14 minimum firmware level
256 VTEPs across 16 VRFs | Edge 6300 | Border 8360 | Stub 8360 | RR / Core 8360 |
---|---|---|---|---|
OSPF area | 1 | 1 | 1 | 1 |
OSPF neighbors | 2 | 48 | 48 | 48 |
BGP AS (iBGP EVPN) | 1 | 1 | 1 | 1 |
BGP peers | 2 | 17 | 2 | 256 |
VRFs1 | 16 | 16 | 16 | 16 |
IPv4 routes | 2000 | 2000 | 2000 | 2000 |
IPv6 routes | 2000 | 2000 | 2000 | 2000 |
MAC | 23000 | 1000 | 23000 | - |
IPv4 ARP | 20000 | 1000 | 20000 | - |
IPv6 ND | 10000 | 1000 | 10000 | - |
L2 VNIs/VLANs | 32 | 32 | 32 | - |
Overlay hosts (MAC / ARP / ND) | 30K | 30K | 30K | - |
EVPN VTEP peers (number of VXLAN tunnels) | 256 | 256 | 256 | - |
The Scaled-Access design uses Access-Aggregation stub switches in the BGP EVPN VXLAN fabric to extended Edge switches using static VXLAN tunnels to increase the available scale by more than an order of magnitude in the same manner used for connecting gateway devices to the fabric in either design. VXLAN GBP information is still passed all the way to the edge switches, affording the same advantages for authentication, role assignment, and enforcement of security policy as the Routed-Edge design.
As with the standards-based BGP EVPN VXLAN fabric used for both design options, creation of the static VXLAN tunnels to the Edge switches is orchestrated as part of the NetConductor solution.
Scaled Access Design
Scaled-Access Validated Scale
This is an allow-listed feature. Please contact your Aruba representative for more information.
Extended Edge Switch model choices
When using the Scaled-Access design, it is possible to use the CX6200 series switch model for the Extended Edge persona switches because the model supports static VXLAN. However, when compared to the CX6300 and other options for Edge switches, consider these limitations:
No support for Application recognition and Application-based policies
No support for BGP EVPN
No support for multiple VRFs; only default and mgmt VRFs are supported.
No support for reflexive ACLs
Lower limit (8) for stack members compared to the 6300 (10)
Less available SmartRate port density
No SmartRate 10 support
No Class 8 PoE options