yes, you can do that but then your core switches will have vtep configuration for vlans that go to FW - typically you would have leaf switches with FW and not Core but core switches can be used for any services like internet exit/FW/LB etc - hth
@@safteachacademy5584 Thanks for reply. Please if you make a lab video on this and configure two Core switches with two firewalls and then Core switches will be connected to leap switches. I will be very thankful to you.
if you want to use spine as services exit node you can - it all depends on your budget, scale, stability and availability goals of the business - we are using spines to connect to core and then into the Internet services. As long as you do not "oversubscribe" the spine you should be ok!
Great video, thank you for the effort. but i'm a little confused about the traditional dc design, when the vlan-20 on the left communicate with the right one, why need go all way up to the aggregation switch, aren't they connect to the same access switch?
Well for the 2nd architecture with VxLAN, we have BGP running on VTEPs, a multicast protocol for handling BUM traffic. So not that simple,great comparison though! Thanks
Thanks for the comment Saurabh- with some technologies like Arista you can actually make use of "flood-list" command option without using BGP or Mcast. Thanks for watching !
Are the links going ftom the physical srrvers to the leaf switches trunks? And then the switches use SVIs and trunking everything to the spine, with ospf on top to route? Im trying to understand exactly how the underlay network works before I move on to the details of vxlan, vtep and the anycasting voodoo magic thing happening on top. Any videos on this specifically?
watch the VXLAN over IP video. No Trunk between leaf and spine switches. Only L3 links. All VLANS are encaped in VXLANs in IP. Links from Servers to Leaf switches could be Trunks if Server has Hypervisor and VMs on different VLANS. If server is baremetal with 1 OS and 1 App then 1 vlan coming to the leaf switch. Underlay is very simple-L3-OSPF only. Overlay is where VLANS are carried as VXLANs from VTEP switch to another VTEP switch. Anycast is also explained in the VXLAN over IP video. I would encourage you to build the virtual lab in VirtualBox, download Arist EOS [free for all- have a video on that too] and implement it- very easy with Unicast flood list -HTH
OSPF is a standards based protocols and is supported by any vendor who is making their devices routing capable- Fortinet switches support layer 3 routing with OS 7.2 and later. That means you can configure OSPF on these switches if they have OS version 7.2 or later - hope this helps!
@@safteachacademy5584 Thank you very much. I’ll look into what version of OS I have in my Forti-gear as well as UniFi. I’m designing a DC rack including net as we speak. Haven’t designed a network from the ground up for over 20 years. Having lots of fun but there have been som changes since the ‘90s that I’m trying my best to get a grip around.
you can also use VXLANs if the hardware supports it to build spine leaf design - I believe Forti OS 7.2.6 or later supports VXLANs - check with your account SE/Manager for vxlan support- good luck !
pc and servers can have multiple NICs - servers typically comes with 2 or 4 NIC cards - 2 for network redundancy and 2 for storage redundancy - hope this helps
Thanks for the insights. however, the new spine leaf model will not be cost effective considering all the L3 switches. Also, can you make derailed video on Vxlan.☺️
Cost depends on many factors. If you're using "cheap" desktop class switches - the things you'd typically have at the access layer in a classic model, then yes, layer-3 is an expensive option. But when working with Big Iron(tm) at the scale of a data center, layer-3 is pretty much everywhere. For the record, my 20+ year old Bay/Nortel/Avaya (and has continued to change hands) ERS 5500's are layer-3; that layer-3 support is built into the broadcom SoC. More modern merchant silicon understands VXLAN - eg. Cisco nexus 3000/9000.
real nice introduction ! thnx a lot! I was completely matched as an "arguing with a tv one" at least twice a time)))
Glad you liked it!
Love to see how it all comes together.
Thanks for watching - you can now test this with VYOS 1.4 using BGP EVPN - Video on that is available now - HTH
Thank you for this video. Appreciate the effort and the lesson here.
My pleasure!
Very nice and well structured presentation. Thank you.
Glad it was helpful!
Very Good Technical Video, Thanks a lot
Most welcome
Hi Sir, if we place firewalls, then core switches and coonect it with top of the rack switch. can you configure and make this topology? thanks
yes, you can do that but then your core switches will have vtep configuration for vlans that go to FW - typically you would have leaf switches with FW and not Core but core switches can be used for any services like internet exit/FW/LB etc - hth
@@safteachacademy5584 Thanks for reply. Please if you make a lab video on this and configure two Core switches with two firewalls and then Core switches will be connected to leap switches. I will be very thankful to you.
I have seen Internet/services connection attached to the leaf not the spine, which the way to go?
if you want to use spine as services exit node you can - it all depends on your budget, scale, stability and availability goals of the business - we are using spines to connect to core and then into the Internet services. As long as you do not "oversubscribe" the spine you should be ok!
Great video, thank you for the effort. but i'm a little confused about the traditional dc design, when the vlan-20 on the left communicate with the right one, why need go all way up to the aggregation switch, aren't they connect to the same access switch?
Yes, they are - only when they need to hop between two different vlans they would go to AGG switch- go catch !
Well for the 2nd architecture with VxLAN, we have BGP running on VTEPs, a multicast protocol for handling BUM traffic. So not that simple,great comparison though! Thanks
Thanks for the comment Saurabh- with some technologies like Arista you can actually make use of "flood-list" command option without using BGP or Mcast.
Thanks for watching !
Are the links going ftom the physical srrvers to the leaf switches trunks? And then the switches use SVIs and trunking everything to the spine, with ospf on top to route? Im trying to understand exactly how the underlay network works before I move on to the details of vxlan, vtep and the anycasting voodoo magic thing happening on top. Any videos on this specifically?
watch the VXLAN over IP video. No Trunk between leaf and spine switches. Only L3 links. All VLANS are encaped in VXLANs in IP. Links from Servers to Leaf switches could be Trunks if Server has Hypervisor and VMs on different VLANS. If server is baremetal with 1 OS and 1 App then 1 vlan coming to the leaf switch. Underlay is very simple-L3-OSPF only. Overlay is where VLANS are carried as VXLANs from VTEP switch to another VTEP switch. Anycast is also explained in the VXLAN over IP video. I would encourage you to build the virtual lab in VirtualBox, download Arist EOS [free for all- have a video on that too] and implement it- very easy with Unicast flood list -HTH
succinct but comprehensive! great video
Glad you think so!
most of your taskbar same as mine😂...BTW very informative video
Thanks 😅
Interesting video. Is this OSPF protocol available with other brands too? Like UniFi or FortiNet switches?
OSPF is a standards based protocols and is supported by any vendor who is making their devices routing capable- Fortinet switches support layer 3 routing with OS 7.2 and later. That means you can configure OSPF on these switches if they have OS version 7.2 or later - hope this helps!
@@safteachacademy5584 Thank you very much. I’ll look into what version of OS I have in my Forti-gear as well as UniFi. I’m designing a DC rack including net as we speak. Haven’t designed a network from the ground up for over 20 years. Having lots of fun but there have been som changes since the ‘90s that I’m trying my best to get a grip around.
you can also use VXLANs if the hardware supports it to build spine leaf design - I believe Forti OS 7.2.6 or later supports VXLANs - check with your account SE/Manager for vxlan support- good luck !
good explaination..
glad you liked it!
one pc connected to 2 switch , how ?
pc and servers can have multiple NICs - servers typically comes with 2 or 4 NIC cards - 2 for network redundancy and 2 for storage redundancy - hope this helps
port-group NIC bundling
thats very great video...and would be happy if u could share me the documents u use for this topic
there are so much information on this topic - here is one example
www.arubanetworks.com/faq/what-is-spine-leaf-architecture/
Thanks for the insights. however, the new spine leaf model will not be cost effective considering all the L3 switches. Also, can you make derailed video on Vxlan.☺️
here is the vxlan video with Arista
ua-cam.com/video/eUVy185wnlc/v-deo.html
Cost depends on many factors. If you're using "cheap" desktop class switches - the things you'd typically have at the access layer in a classic model, then yes, layer-3 is an expensive option. But when working with Big Iron(tm) at the scale of a data center, layer-3 is pretty much everywhere.
For the record, my 20+ year old Bay/Nortel/Avaya (and has continued to change hands) ERS 5500's are layer-3; that layer-3 support is built into the broadcom SoC. More modern merchant silicon understands VXLAN - eg. Cisco nexus 3000/9000.
eeh... Ok but hmmm
thanks for watching