[prev in list] [next in list] [prev in thread] [next in thread] 

List:       juniper-nsp
Subject:    Re: [j-nsp] STP in spine leaf architecture
From:       Hugo Slabbert <hugo () slabnet ! com>
Date:       2017-10-27 16:23:09
Message-ID: 20171027162309.GF28211 () bamboo ! slabnet ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Fri 2017-Oct-27 18:04:36 +0200, Thomas Bellman <bellman@nsc.liu.se> wrote:

>On 2017-10-26 18:11 (CEST), Hugo Slabbert wrote:
>
>> [...] in a general a spine & leaf setup should be L3 for interswitch
>> links, so any STP should be local to a given switch.  [...]
>> Here I'm just talking about a vanilla spine & leaf setup, not anything
>> Juniper-specific e.g. QFabric or VCF or whatnot.
>
>You can also build a spine & leaf setup using TRILL och Shortest Path
>Bridging (SPB), in which case you have a single large layer 2-domain.
>Not using Juniper equipment, though, since Juniper supports neither
>TRILL nor SPB...

A fair point; TRILL was only somewhat in the mix when we were evaluating 
options, but vendor support was hit and miss.  VXLAN ended up being a more 
common and "vetted" solution for L2 across a spine & leaf setup.

>> I'd be curious about more specific details from folks running QFX in
>> prod in this type of setup.
>
>You are generally correct though.  Configure your swithc-to-switch
>links as L3 ports (i.e. 'interface ... unit ... family inet/inet6',
>not 'family ethernet-switching'), and some routing protocol like
>OSPF, IS-IS or BGP.  BGP is fairly popular in datacenter settings,
>but OSPF works fine as well, as should IS-IS.
>
>Layer 2 domains should be kept to a single leaf switch, and thus you
>don't need to run Spanning Tree at all.  And definitely not on your
>links between spines and leafs, since that would block all but one of
>the uplinks, and give you all the pains of Spanning Tree without any
>of the benefits.  (You *might* want to run STP on your client ports and
>configure them as edge ports with bpdu-block-on-edge, to protect against
>someone misadvertently connecting two L2 client ports togethere.)

Yep; that's our CYA config.

>(I don't run a pure spine-and-leaf network myself.  I am trying to
>migrate towards one, but we still have several "impurities", and
>have STP running in several places.)

We all still have lots of "dirty corners" in our networks ;)

-- 
Hugo Slabbert       | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E   | also on Signal

["signature.asc" (application/pgp-signature)]

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic