It’s Time to Deploy White Box Leaf-Spine Architecture in the Enterprise

July 3, 2019 No Comments

Featured article by Jeff Paine, Senior Vice President at Pica8

Driven by a deluge of new types and volumes of devices and services, staid, three-tier enterprise networks have become a hot, and increasingly complex, mess. IT managers who are used to the relatively “climate controlled” environment of their data centers – fixed topologies, extant automation tools and management networks – are instead facing the moral equivalent of out-of-control climate change in their campus and access networks. Expensive and inflexible three-tier architectures populated by legacy switch stacks and chassis – many untouched since Y2K – are being rendered obsolete and/or ineffective. It’s time to look at whether a two-tier network architecture for the campus and access edge makes more sense.

The leading edge of the migration to two-tier is already taking place in DC networks, of course, where the “leaf-spine” architecture has been taking hold for some time. But developments in open networking now make it possible to expand this architecture out to the enterprise as a whole. Here, two-tier leaf-spine promises to greatly simplify the operational overhead of these networks by making them far easier to manage, creating a necessary counterbalance to the new levels of complexity hitting the access edge every day. Leaf-spine can also improve performance and reliability; enhance security; and lower costs, especially if you choose an open, automated, white box networking model.

How we got here: the 3-tier journey

Back in their heyday, three-tier networks made sense with access switches sitting close to users connected to their PCs, printers and the like. These switches fed into larger aggregation switch/routers, maybe one per floor, for example. The aggregation (aka distribution) layer routers, in turn, fed larger core routers that form the high-speed network backbone itself.

IoT, BYOD, and Cloud pressure the 3-tier model

Today, however, the old architecture is facing a two-fold problem. First is an explosion of devices at the access layer, the result of the Internet of Things (IoT) phenomenon, with potentially thousands of sensors and devices connecting at the network edge. According to Gartner, 80% of IoT will be wireless, requiring upgrades to wireless technology/switches, and 20 percent will be wired, largely via PoE, mandating both new and replacement ports. Joining the fray is the BYOD trend, with users connecting multiple mobile devices to the network, each generating significant amounts of traffic, including video.

Where we are today — Leaf-spine in the data center

At the top of a server rack lie a pair of switches, known as Top of Rack (ToR) switches. Each server in the rack connects to both switches – leaf switches in a leaf-spine topology — for redundancy.

Each leaf switch then connects to multiple spine switches. Here there’s no need for spine switches to connect to one another; all ports on a spine switch are used to connect to leaf switches, using either Layer 2 switched, or Layer 3 routed, links. From a logical perspective, all switches are then equidistant and reachable in a single “hop.”

Configured for DCs, the leaf-spine architecture essentially collapses the core and aggregation layers into one – the spine – while the leaf layer is analogous to the access layer in the three-tier model.

Extending leaf-spine to the enterprise

In the enterprise, however, networking challenges are not resident at the relatively climate-controlled core, but at the unruly network edge. Making this an even bigger problem is that all this new IoT/BYOD chaos and modernization is happening in the one place where top-tier network support engineers are largely non-existent – remote offices. Again, the opposite scenario from the DC.

In the enterprise, unlike the DC, leaf-spine is best utilized to compress the access and aggregation layers – in a sense, letting enterprises throw a bucket of simplicity on a complexity fire where they have few support resources.

How to reap the benefits of an open, leaf-spine architecture in the enterprise

The first thing to do is not to kill all the lawyers, as Shakespeare famously suggested, but to kill

the three-tier legacy requirement for Spanning Tree Protocol (STP). For redundancy, STP networks use two uplinks from each access switch that run to either a single, or pair, of aggregation switches. Should any link fail, STP will route traffic over the alternate link. Unfortunately, these “alternate” links normally lie dormant; STP allows only one link to be used at any time, so 50% of available bandwidth is unusable as data loads skyrocket.

With enterprise leaf-spine, it’s now possible to do away with STP. Running an open Linux NOS, white box switches can, instead, use Multi-Chassis Link Aggregation (MLAG). MLAG also allows every access switch to have a pair of connections to upstream aggregation switches. But with MLAG, both links can be active without sacrificing redundancy. MLAG peer switches synchronize their forwarding state, so if a leaf or spine switch fails, traffic automatically reroutes for continuous uptime. All legacy STP standby ports are now returned to service.

The open white box leaf-spine architectures described here are now in the market and are starting to replicate the success of their brethren in the DC, boosted by new capabilities, such as automation frameworks that can remotely activate ONIE (Open Network Install Environment) and ZTP (Zero-Touch Provisioning) for thousands of open access switches at remote sites without an out-of-band management network.

In fact, automation and network simplification are leading factors in the adoption uptick of scalable, open leaf-spine enterprise networks. Switch stacks can now contain different models, even from different manufacturers; clusters of leaf/spine switches can appear as single, logical IP addresses; software updates can be issued once, but applied to many switches; automated license renewals and upgrades for 1,000s of switches across 100s of remote locations; and more. All of this, combined with the proven economic and reliability benefits of open, white box networks, offer a proven, viable commercial alternative to legacy three-tier architectures.