- Integrated Systems
- About Us
- Integrated Systems
- About Us
a month ago
Recommended Aruba switches for core of network
We intend to replace our current 'core' switch. It has 12x SFP+ ports which are used to link to other switches and 2x physical servers (VMware ESXi hosts). We are currently at max capacity on it, and want to move away from a single point of failure (understandably...).
I say 'core' because I don't know a better word. That switch is definitely a SPOF currently, and concerning. All traffic must go though it to get to the servers (2x VMware ESXi hosts) and by extension the FortiGate VM. We're not really big enough to have real defined areas of the network as core, distribution and access. All 'access' switches are directly connecting to this current 'core' switch.
Currently using a 'router on a stick' type network with inter-VLAN routing being handled by a FortiGate VM on the VMware cluster. I would like to move to inter-VLAN routing being managed by L3 switches, but currently most of the 'access' switches are managed L2. Only the current 'core' switch - and 2x 'access' switches - are L3. The FortiGate's 'IPv4 Policy' also gives us a better control than L3 ACLs, although at a major throughput disadvantage compared to L3 routing.
The 2x 'access' switches that are L3 capable are Aruba 2930F-48G-740W-PoEP-4SFPP, and we intend to replace the rest of the 'access' switches with these, and hopefully go with full on Aruba AirWave for management.
We need a solution to replace the current 'core' switch, one that will handle at least 48 SFP+ connections, to allow for two links per switch and server, and for growth room.
Currently thinking about 2x Aruba 3810M 24SFP+ 250W Switch (JL430A), if that switch is suitable we'd probably run one link from each switch / server to each of the switches, then maybe 2x links from each 3810M to each ESXi server.
Another option is using just one switch, but 48x SFP+ ports on it and redundant internal controllers? IE firmware upgrades or 1x control module failure etc result in no network downtime. Then using link aggregation on that switch to the other devices.
I have used simple link aggregation before to connect switches to the current 'core' switch, and understand having an actually redundant path is a lot better, as with link aggregation you still have the SPOF by using 1 switch (unless it's dual controller).
I'm not a networking expert, but I'm well acquainted with VLANs, firewalls policies and routers etc. I haven't needed to modify spanning tree settings on any devices so far, so will definitely need to do some more learning on it before I start looking into changing this network to make it actually redundant. I've never worked with BGP, OSPF etc. I know there are far more complex protocols for managing networks with multiple paths, but what would you recommend I do in this scenario? No need to go overboard, but it needs improved from what it's at.
a month ago - last edited a month ago
Re: Recommended Aruba switches for core of network
Hi, one essential question would be: are you prepared to suffer from (an amount of) downtime during a simple software update operations on your "Core"? consider that's just an example question among many other one can ask...if the answer of such of a question is something like "No, I'm not...I want a hitless software update approach because I want a "Core" capable of being in operation - from a offered services standpoing - 24x7x365" then you should move from Frontplane Stacking (like VSF over common SFP/SFP+/SFP28+/etc...Ethernet interfaces) and Backplane Stacking (like when using Hardware Stacking modules+cables) and move to something like Comware 7 based (with IRF stacking with ISSU) or ArubaOS-CX based (with VSX, not with VSF).
Two Aruba 3810M switches deployed in Hardware Stacking probably fit perfectly as the "collapsed" Core and Distribution L3 level IF you don't care about continuous operation (even) during software updates, why? because the software update will force the stack to reboot (so you will have a downtime). If you don't care it's OK...but if you care about it you just need to move to a stacking solution where (a) switches' management planes aren't shared and so you deal with two chassis virtualized from the peers standpoints - aka multi-chassis LAG with LACP or Static offered to peers - but not from the administrative standpoint (as in VSX) and/or where (b) two chassis aren't de-facto "stacked" as in "stacking" but are just coupled/paired in terms of a particular provided service (as with VRRP <- probably an old approach considering what IRF or VSX offer) or where (c) stacked switches share management planes but the software update procedure benefits from ISSU feature (like in IRF).
Don't know available budgets but if you just need 2 x 24 SFP+ for peer connectivity (with 24+24 I assume you're planning to offer - at least - two links aggregation interface for each downlink to an host or to an access switch...so 24 ports are enough to serve your actual number of Access Switches and VMware hosts) you could stay on Aruba 3810M (with said limit) or move to a pair of Aruba 8360-24XF2C Port to Power 3 Fans 2 PSU Bundle (JL710A) or a pair of Aruba 8360-24XF2C Power to Port 3 Fans 2 PSU Bundle (JL711A) but, for sure (I believe), the price point is going to be quite different if compared to a pair of Aruba 3810M deployed with the required pair of Hardware Stacking modules and four Stacking Cables...it's like comparing apples to peaches...both are fruits but not from the same tree.
On the other hands, if you consider VSF valid enough for your scenario then a pair of switches deployed into a VSF stack on ArubaOS-Switch based switch series (such as Aruba 2930F or Aruba 5400R zl2 modular chassis with dual MMs, one inactivated by VSF) or deployed on ArubaOS-CX based switch series (such as Aruba 6200, 6300F and 6300M) leaves you with room to explore various scenarios (staying with ArubaOS-Switch - current development of well known HP ProVision of old ProCurve - or move to the newer ArubaOS-CX operating system deployed for new CX switch series?). I don't touch Comware 7 based switches of HPE because you named Aruba AirWave and Aruba 2930F/3810M, that's you've a bias through ArubaOS-Switch based switch series and tools designed around AOS-Switch/AOS-CX and Wireless...which are a little bit distant from HPE Comware solutions right now.
Another point would be the chassis resiliency...single CPU (Management) or something that has dual MMs capabilities (where dual MMs feature is not in conflict with the fact you then run a virtual switch/stack)....then if you care about resilient Fans, resilient Power Supplies AND resilient MMs within the "stack" of two (chassis)...choices really fall down to (a) IRF deployed using a Modular chassis switch series admitting dual MMs (starts with HPE 7500 IIRC) or to (b) VSX deployed using a pair of modular Aruba 6400 Switch Series equipped with dual MMs....prices go up, necessarily.
I'm not an HPE Employee