We used Cisco’s three-layer hierarchical architecture for more than a decade, but in data centers, the spine-leaf architecture is more popular nowadays. In this lesson, you will learn about the spine-leaf architecture and its advantages.
Before we do that, you need to understand how data centers evolved and the disadvantages of the three-layer hierarchical architecture.
Data Center Evolution
Let’s start with a short history lesson of how the three-layer architecture evolved throughout the years.
Three-layer hierarchical architecture
Here’s an overview of the three-layer model:
For over a decade, we used this architecture with the three layers:
- Distribution (aggregation)
The access layer is where we connect our end devices. In a campus network, these are usually computers, laptops, and access points. In a data center, this is where our servers are. The distribution layer has redundant connections to access layer switches and connects to the core layer. The core layer provides fast transport between distribution layer switches.
Between the access layer and the distribution layer, we use L2 and spanning-tree (STP) to block all links except one. Between the distribution and core layer, we use routing.
For a detailed explanation, you can take a look at the campus network design lesson.
To overcome the limitations of STP, Cisco introduced virtual-port-channels (vPC) in 2010. vPCs offer active-active uplinks from the access layer switches to the distribution layer switches. vPCs allow us to use all available bandwidth.
Because of virtualization, we can now pool the computing, networking, and storage resources in a pod into virtual resources. Pooling these resources often requires large L2 domains that span from the access layer up to the core layer.
With these large L2 domains that span across the entire network, we can create a flexible resource pool and reallocate resources where needed.
An example is our servers. Before virtualization, we had physical servers in a single pod. With virtualization, we have hypervisors in multiple pods. A virtual machine that runs on a hypervisor in pod one can move to a hypervisor in pod two without any downtime. VMWare’s VMotion can do this but requires L2 connectivity to do it.
A side effect of having resources spread out over the network instead of within a single pod is that the amount of east-west traffic increases.
Traffic between the two servers has to go through all layers of our network.
Another option is to use routing everywhere. The advantages of a routed topology are that we can use all links for forwarding and routing protocols converge faster than STP. If we require L2 connectivity between servers in different pods, we can use a VXLAN overlay network if needed.
Advantages and disadvantages
The three-layer hierarchical architecture has some advantages and disadvantages. Let’s take a look.
This model offers the following advantages:
- Availability: When a pod goes down, the issue is usually isolated to one pod and doesn’t affect other pods.
- Security: We use L2 between the access and distribution layers and L3 between the distribution layers and core layer. We can filter traffic on L3 so we can decide what traffic goes into or outside of a pod.
- Scalability: When the network grows, we can easily add more distribution or access layer switches.
- Familiarity: We used this model for over a decade, so network engineers are familiar with this design and the protocols we use.
There are, however, some disadvantages, which is why the spine-leaf architecture is gaining popularity.
Here are two important disadvantages:
- Limited bandwidth: vPCs solve the STP problem that we can only use one active link, but vPCs are limited to two active uplinks.
- Latency: The server-to-server latency could be high, depending on the traffic path. East-west traffic between pods has to go through the distribution and core layers.
Spine and Leaf Architecture
The spine-leaf architecture was developed to overcome the limitations of the three-tier architecture. It offers high bandwidth, low latency, and non-blocking server-to-server connectivity for data centers that primarily have east-west traffic flows. Here’s what it looks like: