What are the advantages of a spine-leaf architecture (leaf-spine)?

The spine and leaf network design was originally implemented in data centers as a way to improve performance when handling the predominantly east-west traffic. It does so largely by reducing the number of “hops” between any two devices in the network to just one, because every leaf switch in the network has a direct connection to every spine switch.

The traditional three-tier network architecture, by contrast, may consist of many hops, depending on where traffic needs to flow.  But this is really just one of the advantages of the leaf-spine architecture vs traditional architecture. Following are several others.

Improved redundancy: In a leaf and spine architecture, any single leaf switch (which are roughly equivalent to access switches in the three-tier model) is connected to multiple spine switches. In a data center, each leaf switch may well connect to all other spine switches. This provides a superior level of redundancy vs. the three-tier model, which is typically implemented using the Spanning Tree Protocol (STP), to prevent network loops. STP allows for dual redundant paths between any two points, with only one of them active at any given time.

Leaf-spine topologies provide for numerous paths between two points, typically implemented using protocols such as Transparent Interconnection of Lots of Links (TRILL) or Shortest Path Bridging (SPB). TRILL and SPB both allow traffic flows across all available routes, offering improved redundancy, but both, like STP, still prevent loops.

Improved performance: The ability to use multiple network paths at the same time also improves performance. With STP, if the only available path becomes congested, performance suffers. With TRILL and SPB able to use multiple routes, congestion is less of an issue. What’s more, having only a single hop between any two points likewise makes for a more direct network path, which can also improve performance.

Improved scalability: Leaf and spine topologies are also inherently scalable. Providing so many paths between any two network points, all of them available to carry traffic, reduces the possibility of congestion even in a large network. Adding switches to a leaf-spine network provides additional traffic routes, thus increasing scalability.

Supports less expensive, fixed configuration switches: Fixed configuration switches are less costly than the modular, chassis switches that are often required with three-tier networks in order to provide the port density required to enable the appropriate number of connections between switches at different layers. The leaf-spine architecture enables all ports on a spine switch to support connections to leaf switches, instead of to other spine switches. Additionally, it enables connections to be spread among a large number of spine switches. Chassis can still be used, but they’re not required. That’s one reason the leaf-spine design is a good fit for HPC networking.

Adaptable to the enterprise: While it’s true that the leaf-spine architecture was originally designed for data center networks, to address the east-west nature of traffic between servers and storage systems, the architecture can also be extended outside the data center to the enterprise network at large – bringing many of the same benefits and more.  

As configured for data centers, the leaf-spine architecture essentially collapses the core and aggregation layers into one layer – the spine – while the leaf layer is analogous to the access layer in the three-tier model.  

In the enterprise, the approach is different because the challenges are different. The three-tier architecture is coming under pressure predominantly because of a dramatic increase in the number of devices connecting at the access layer. This is the result of the Internet of Things (IoT) phenomenon with potentially thousands of sensors and devices connecting at the network edge. The trend toward bring-your-own-device (BYOD) is another driver, with each user connecting two, three or more devices to the network, each capable of generating large amounts of traffic from applications including video. Heavy use of cloud services also means lots of traffic entering at the network edge on its way to the cloud.  

To deal with all that incoming traffic at the network edge, steps need to be taken at the access layer, as opposed to the core and aggregation layers as with data center networks.  

With leaf-spine, it’s possible to do away with STP between the access layer switch and the switch it feeds into and instead use MLAG. As with STP, MLAG enables each access layer switch to have a pair of connections to upstream switches for redundancy. But with MLAG, both links can be active at all times, without sacrificing redundancy. MLAG peer switches synchronize forwarding state between them, so if a leaf or spine switch fails, traffic is automatically rerouted for continuous uptime.  

Pica8 adds to leaf-spine benefits:In practice, what this means is enterprises can install many low-cost, access layer switches to support the onslaught of traffic from IoT, BYOD, cloud and other traffic.

Whereas normally this may only exacerbate management issues, technology such as Pica8’s PICOS makes the network much simpler to manage. Pica8’s PICOS network operating system enables dozens of leaf and spine switches to be managed as though they were a single logical switch, with a single IP address. That means any switch software updates can be issued just once but applied to many switches, for example. Such ease of management, combined with the fact that it’s all built on flexible infrastructure, makes the network highly cost-effective from both a CapEx and OpEX perspective.  

Network automation is also becoming a more important requirement as networks continue to grow and the same number of administrators must deal with ever-larger networks. Automating tasks such as network device provisioning, configuration, testing and management enables the same number of administrators to deal with larger networks.

Flexible source frameworks have emerged to enable automation in enterprise networks, most notably Ansible. A library of Ansible “playbooks” contain predefined scripts that make it relatively simple for any IT personnel to implement automated routines in their networks. Vendors are also building on the Ansible framework, such as Pica8 with its Ampcon™ automation framework.

PICOS also enables a leaf-spine enterprise network to retain the features and functions of the traditional three-tier design. That includes Layer 2 switching, Layer 3 routing and resilient, high-availability, multi-path fabric architecture. It also supports software-defined network (SDN) protocols and programmability.  

This enables enterprises to use bare metal switches as replacements for groups of proprietary stacked switches or expensive chassis-based switches. With the ability to manage dozens of the switches as one, you can now install as many switches as you need to support access layer traffic, while actually lowering the management burden.  

Improved security: The Pica8 approach brings another important benefit to the leaf-spine architecture: improved security. PICOS can help address security threats at the network edge in two ways. First, bare metal switches at the aggregation layer typically have 48 ports, which usually leaves ample room to install a security processing node such as intrusion prevention appliance or firewall to monitor all incoming traffic.  

With support for SDN technology on the same ports that carry Layer 2/Layer 3 traffic, it’s also possible to implement a mirroring functionality that sends a copy of all data to a security or analytics tool for analysis. Should such tools find any suspicious or malicious traffic, PICOS can then shut down the port the offending traffic is coming from.