05-19-2015 09:25 PM - edited 03-01-2019 04:50 AM
Hi
We are planning a leaf and spine architecture using Nexus 9300 & 9500 in NX-OS mode.Seek to know if an overlay(VXLAN) is mandatory in leaf and spine mode
Also whats the configuration that s required on the Nexus 9500 Spine (routing?)Can I actually configure BGP peering with my internet edge over here.I hear that the spine will act just like a fabric.My leaf will be in L3 mode and downlinks to servers/hosts would be trunk links.
Rgds
Sumesh
Solved! Go to Solution.
05-20-2015 01:20 AM
Hi Sumesh,
On your first question, when running in NX-OS mode no an overlay such as VXLAN is not mandatory. You can configure the platform as per any other Nexus platform, i.e. you could use 802.1Q VLAN trunking between all spine and leaf switches if you wanted to.
However, if you do need layer 2 extended between leaf switches the preferred approach now would be a VXLAN overlay with BGP EVPN for the control plane. The Nexus 9000 platform can do VXLAN encap/decap at line-rate in hardware so there is no performance penalty, and you get additional features such as anycast gateway rather than relying on older tech like HSRP. You can also use the Cisco VTS management tool for provisioning of the overlay fabric, which I would highly recommend. You can see more information on VXLAN BGP EVPN at http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_0100.html
For your second question, yes if you are operating in NX-OS mode you could connect your Internet edge directly to the spine switch(es) and configure BGP. This is not a recommended approach however and you would be better served connecting external services at the leaf layer. The spine layer should not have "services" directly connected to it as it's function is a high-speed interconnect between leaf switches (equidistant bandwidth, deterministic performance etc). As the spine switches are not connected to each other, if your Internet service(s) are only connected to a subset of the spine switches you could also experience black holes under certain failure scenarios.
So to summarise - no, you don't have to run VXLAN but it is the suggested deployment method. You could connect your Internet service(s) to the spine, but this is not a recommended deployment option.
Hope that helps.
05-20-2015 01:20 AM
Hi Sumesh,
On your first question, when running in NX-OS mode no an overlay such as VXLAN is not mandatory. You can configure the platform as per any other Nexus platform, i.e. you could use 802.1Q VLAN trunking between all spine and leaf switches if you wanted to.
However, if you do need layer 2 extended between leaf switches the preferred approach now would be a VXLAN overlay with BGP EVPN for the control plane. The Nexus 9000 platform can do VXLAN encap/decap at line-rate in hardware so there is no performance penalty, and you get additional features such as anycast gateway rather than relying on older tech like HSRP. You can also use the Cisco VTS management tool for provisioning of the overlay fabric, which I would highly recommend. You can see more information on VXLAN BGP EVPN at http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_0100.html
For your second question, yes if you are operating in NX-OS mode you could connect your Internet edge directly to the spine switch(es) and configure BGP. This is not a recommended approach however and you would be better served connecting external services at the leaf layer. The spine layer should not have "services" directly connected to it as it's function is a high-speed interconnect between leaf switches (equidistant bandwidth, deterministic performance etc). As the spine switches are not connected to each other, if your Internet service(s) are only connected to a subset of the spine switches you could also experience black holes under certain failure scenarios.
So to summarise - no, you don't have to run VXLAN but it is the suggested deployment method. You could connect your Internet service(s) to the spine, but this is not a recommended deployment option.
Hope that helps.
05-20-2015 01:30 AM
Thanks Nikolas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide