Data Center

 View Only
last person joined: 7 days ago 

Ask questions and share experiences about Data Center Architecture and approaches.

VXLAN Campus Fabric and STP

  • 1.  VXLAN Campus Fabric and STP

    Posted 11-07-2023 05:48

    Hi all,

    I have been reading through the published Juniper campus design guides but the section regarding STP interactions are about are not really covered very well.

    They simply state that STP is not needed (in the core).

    I have a L2 network in typical style.


    STP Topology

    We have a Virtual chassis as a core switch which is the STP root.

    We have a number of access switches that hang from the virtual chassis.  Some of these access switches also have attached access switches ( two layers deep ).

    All of this runs RSTP with the root being the core switch.

    I would like to understand better the interaction and recommended config for the STP configuration between the core and access layer.

    I understand that the VXLAN core is loop free due to its L3 underlay, but that it has no internal loop protection mechanism.

    Thus we have the risk of a loop being introduced by a miswiring (backdoor link) or some other loop creation problem in the access layer.

    The access switches still need to run STP to make sure that there are no loops in their domain.

    But how is the VXLAN core configured?

    I have seen documents talking about EVPN loop-Protect (where OAM/CFM frames are used for loop protection) and also about placing [protocols layer2-control bpdu-block] on the edge ports of the switches.

    But what is the recommended template for the core switch?

    https://www.juniper.net/documentation/us/en/software/junos/stp-l2/topics/topic-map/spanning-tree-bpdu-protection.html#id-understanding-bpdu-protection-for-evpnvxlan

    Is this stating that these commands should be implemented on the Core switch interface facing the access or are they stating that they should be on the access switch that faces the core switch?

    This is not explained very well.  I would assume that it is on the edge interface of the core switch to isolate the troublesome access switch, but it then states:

    "Note: Ensure that the switch is connected to an end device.", thus it then gives the appearance that these commands are for the access switch…..

    https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/evpn-vxlan-lightweight-leaf-server-loop-detection.html

    This seems more of a DC related feature and looks like it may be QFX platform specific rather than a campus related feature.

    The design guides don't cover this and simply state that the VXLAN core is loop free (STP free).

    Can someone please share some recommended implementation details or someone from Juniper ask the Documentation Team to update these design guides to cover this topic please.

    thank you




    ------------------------------
    William Jackson
    ------------------------------