Thursday, October 11, 2018

How to transition to EVPN / VXLAN?

I'm leading a project to transition and existing, very old, network into something a bit more modern.

The current design is a mix of Cisco / Juniper switches and it's pretty simple

2x Cisco 3850-48XS devices act as the "core"

Every rack has a single switch which uplinks to both cores.

Running MSTP

All gateways live on the Cisco devices, of which there are around 30 different VLANs

The cores take a default route only to the internet - no requirements for full tables.

So yeah, nothing really special going on here, very simple flat layer 2 network. No security requirements for the VLANs either

There is some "decent" traffic requirements... some racks are pushing up to 20-30Gb/s. Not huge, but something to keep in mind

The reason for the rebuild is the core is basically out of ports, and we need to add more racks. Also all the switches are now 6-7 years old with no support and old software.

So this is what we have to play with for the new build. This section is set in stone (e.g. we have already purchased)

2x QFX10002-72Q for core

2x QFX5100-48S for all rack switches (20 racks)

So the old school network engineer in me is saying, to basically just build it the way it exists now, keep it simple.

This would be that all gateways (IRB) live on the QFX10K, simple L2 down to the racks but i'd do away with STP and just use MC-LAG to eliminate loops. Super simple and easy. This would 100% work and do what we need.

On the other hand... I kinda wanna do something different so was thinking i could jump on the EVPN/VXLAN bandwagon.

I'm pretty sure it would all work well running distributed gateway on all the rack switch pairs and having the QFX10K handle the inter-vxlan routing. But there will be a period of transitional time where both the old and new network will need to co-exist. We'd basically move VLANs over to the new network one or two at a time, but would still need to maintain full connectivity to the old network. And - there might be cases were i have a servers in the same VLAN existing in both the new and old so i'm not sure if that is a thing I can make work.

Thoughts?



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)