Posted on August 7, 2020 7:54 pm
 |  Asked by Matthew Taylor
Print Friendly, PDF & Email

Hello, still new but getting better.  I have build a L2LS topology in GNS3 (2 SPINES-4 LEAVES).  Built MLAG domains between each stack and also created MLAGs between the Spines and Leaves.  Now I need to connect a host and have created VARP on leaf 101/102 for SVI VLAN 100 and that is up.  Now how do I extend this to the Spines so they can route the traffic to Leafs 3 and 4?  Do I just move VIP to the Spines?  Is it that easy?  Confused and trying but thanks again.

Answered on August 7, 2020 8:32 pm

Hi Matthew,

Usual design is to keep the Spines L3 and extend the L2 between Leafs using VxLAN. i.e From leaves to spine, the links will be L3 and we use a routing protocol (BGP, OSPF etc) to route the packets over Spine. When we have to route a L2 packet from one Leaf pair to another, we encapsulate that packet in VxLAN header and route using the encapsulated L3 header.

Including Spines and Leaves in the same broadcast domain isn't a recommended way. For one thing, STP would block many of the redundant links. If you do want everything in the same broadcast domain, the packets should reach Leafs 3 and 4 without moving the VIP to Spines.

Take a look at VxLAN white paper below for more information on use cases of VxLAN:

Once you have an understanding on why we use VxLAN, we have some considerations on what type of control plane you want to use. The simplest being Static configuration (which does not scale well). Then we have other options like CVX (Arista implemented centralized controller for VxLAN) and EVPN (standardized protocol using BGP for control plane). Based on your requirements, you can choose what you want to configure.

There are guides for each of these:

Hope this helps. Let me know if you have any questions


Posted by Matthew Taylor
Answered on August 7, 2020 10:54 pm

ok thank you Bharath that makes sense.

Posted by Alexis Dacquay
Answered on August 11, 2020 8:09 am


Although many would prefer (including myself) a Layer3 Leaf-Spine design with SVI/ default GW at the leaf, and the Spine being purely Layer3, your Layer2-only solution is also valid, and has some advantages:

  • financially: there is no Layer3 / EVPN license
  • central routing: if your leaves don't need to do any routing, all the traffic just get aggregated to the Spine

In this scenario, to your original question, yes the SVI need to be on the Spine, and the leaves don't get any, they just bridge.

It works at modest scale.

Use cases for Layer2 Leaf-Spine:

  • OOB Management network might not need the scale, uptime, agility of VXLAN.
  • Expanding a network with existing switches that don't support VXLAN: keep the old ones in, making the design "legacy" Layer2 and backward compatible.
  • Some environment with strict control, where physical segregation is necessary, then it means a Leaf cannot have Layer3 to route between subnets(SVIs), or even use L3 EVPN. For example: DMZ, Internet, 3rd-party facing, Colocation, etc. These are potential use cases for VXLAN but some environment dictate mandatory physical separation. In that case Layer2 Leaf-Spine can be just right.


As a general rules, Layer3 and VXLAN like suggested by Bharath would also be my preference.

I just wanted to highlight that Layer2 wasn't wrong.






Posted by Matthew Taylor
Answered on August 11, 2020 4:35 pm

Thank you Alex exactly what I needed.  I built a L3Vxlan in my test GNS3 which works great.  I have learned a lot thanks to you and Bharath.

Post your Answer

You must be logged in to post an answer.