Our experience after 100 days of production is only the best - TRILL setup
is pretty straightforward and thanks to IS-IS it provides shortest-path
IP-like "routing" for L2 ethernet packets over any reasonable topology
out of the box (without the burden and cost implications of VPLS).
Trident ASICs perform deep packet inspection so ECMP loadbalancing based
on L3 and L4 headers inside TRILL-encapsulated packets works for both IPv4
and IPv6. Port-security is supported on physical ports as well as on LAGs
- and L4 access-lists could be applied at the same time.
As most 1RU switches are based on Trident ASICs, you just need to pick
a vendor which implements TRILL properly and of course thoroughly test
before deployment. We selected Huawei Cloud Engine 6850 boxes.
Our experience after 100 days of production is only the best - TRILL setup
is pretty straightforward and thanks to IS-IS it provides shortest-path
IP-like "routing" for L2 ethernet packets over any reasonable topology
out of the box (without the burden and cost implications of VPLS).
I'm not sure what the burden refers to, but cost implications to me seem same,
trident HW can do VPLS.
From complexity POV, I don't expect much different development time to write
functioning control-plane to either.
I'm not against Trill, I think Trill, and especially SPB-M are great, now they
just feel too little and 20 years too late. There was no particular reason why
SPB-M couldn't have existed 20 years ago in HW. But perhaps it's good it
didn't, it might have made ethernet 'good enough', that selling MPLS might
have been much more difficult.
Well, it can, but as usual the devil is in the detail.
For example, loadbalancing on outgoing LAGs depends on *inbound* packet
encapsulation as follows:
- native ethernet, TRILL, L3 MPLS : hash based on L3 and L4 headers
- L2 MPLS, MACinMAC : hash based on L2 headers only.
Thus if you use VPLS or SPB-M on Trident HW, the egress PE doesn't support
per-flow loadbalancing on IXP participants' LAGs.
In any case, we preferred TRILL over SPB-M not just because of that, but
mainly due to a fact that TRILL provides real routing using IS-IS as we
know it from IP world, while SPB still builds on top of MST and just cleverly
uses multiple trees. Yes, compatibility with existing ASICs was one of the
main design goals of SPB, but that's irrelevant once you have Trident HW.
I think in fairly short order both TRILL and 802.1AQ will be depercated in
place of VXLAN and using BGP EVPN as the control plane ala Juniper
QFX5100/Nexus 9300.
We also evaluated VXLAN for IXP deployment, since Trident-2 introduced HW
support for it. But VXLAN does *not* create a network for you, it relies on
some existing underlying IP network, on top of which VXLAN creates stateless
tunnels.
By using TRILL, we could connect 4 switches into a ring (or any other
reasonable topology) and have a fully functional network with shortest-path
"routing" of L2 packets.
With VXLAN, we'd need at least two additional IP routers with bunch of
40GE interfaces to perform the functions TRILL supports out of the box.
