Networking Planning Principles and Solution Description

Spine Node

• It is recommended that a two-layer architecture be deployed. That is, spine nodes and server leaf nodes set up M-LAGs separately and implement two-level M-LAG interconnection. Active-active gateways are deployed on the spine nodes.
• PEs/Core nodes use square-looped or dual-homed networking to connect to the spine nodes, and Layer 3 interconnection is implemented using static routes, Open Shortest Path First (OSPF), or Border Gateway Protocol (BGP). In the preceding figure, square-looped networking is used.
• Inter-card Eth-Trunk is configured as a peer-link between the two spine nodes. If the rates of the Eth-Trunk member interfaces on the two cards are different, the interface rate is decreased (for example, decreasing 100 Gbit/s to 40 Gbit/s) or interfaces at different rates are bundled to ensure peer-link reliability. (In interface bundling, the weights of load sharing need to be set, which is not supported by M-LAG interfaces.)
• An independent Layer 3 link is deployed as the backup path of the uplink and functions as the dual-active detection (DAD) link of the M-LAG, as shown by the green line in the preceding figure. When a peer-link fails, DAD detects whether the peer device or peer interface is faulty.
• The interfaces on the Layer 3 DAD link between the spine nodes must be configured as reserved interfaces so that they will not enter the Error-Down state when a peer-link fails.

Server Leaf Node

• Server leaf nodes set up M-LAGs to connect to the spine nodes in the M-LAG. Server NICs use the load sharing mode to connect to the server leaf nodes. When the NICs work in active/standby mode (that is, after a fault is rectified, the original active link remains blocked or delays preemption to prevent frequent active/standby NIC switchovers due to unstable links), physical interfaces on the server leaf nodes are added to a VLAN to connect to the servers, and M-LAG interfaces are not required.
• The spine nodes and server leaf nodes are connected in dual-homed mode. Links must be deployed on different devices and cards to ensure reliability.
• It is recommended that two or more links of a server be dual-homed to the server leaf nodes in the M-LAG. Single-homed access is unreliable.
• DAD is deployed on independent Layer 3 links. When a peer-link fails, DAD detects whether the peer device or peer interface is faulty. The interfaces on the DAD link must be configured as reserved interfaces so that they will not enter the Error-Down state when a peer-link fails.

DCI Leaf Node

• Two DCI leaf nodes set up an M-LAG to connect to the spine nodes in the M-LAG and use a VXLAN to connect to a backup DC to implement Layer 2 interconnection.
• An independent Layer 3 link between DCI leaf nodes is used as the DAD link. If the peer-link fails, the DAD link can be used to detect whether the peer device or peer interface is faulty. The interfaces on the DAD link must be configured as reserved interfaces so that they will not enter the Error-Down state when the peer-link fails.
• After Layer 3 interconnection is implemented between DCs and the DCI leaf nodes in the M-LAG are connected to the local spine nodes in the M-LAG, the DCI leaf nodes are connected to the active-active gateways at Layer 3. On the DCI leaf nodes, static routes that point to the spine nodes are configured. The static routes are advertised to the backup DC through Border Gateway Protocol Ethernet Virtual Private Network (BGP EVPN).

Firewall

Intranet firewalls are connected to the spine nodes in off-path mode, and Eth-Trunk interfaces are configured on the firewalls to connect to the spine nodes in the M-LAG. Static routes are used for interconnection, and dynamic routing protocols are not supported.

LB

Eth-Trunk interfaces are configured on the LBs to connect to the spine nodes in the M-LAG, and static routes are used for interconnection.