Large Layer-2 Domains Strike Again.

Supposedly it was a problem with the management network used by their optical gear, but it looks a lot like a layer-2 network spanning 15 data centers and no control-plane policing on the managed devices… proving yet again that large-scale layer-2 networks are a really bad idea.

Yes! I had to argue against a stretched L2 at a previous job and almost lost that one. What happens when you stretch layer 2 all over the place? Congratulations, you’ve just created one big broadcast domain and that means when one datacenter goes down, in many cases, they all go down.

“But having one big stretched Layer 2 network makes management so easy!” you cry. It sure does. And that’s part of the problem! It virtually virtualizes (my usage is very deliberate here) what in reality is complex and discrete — so you can no longer monitor and police what in truth are real-world boundaries that actually matter a great deal.

Stretched L2 does have its uses. Sure it does. But it shouldn’t be used to thoughtlessly abstract away complexity when the complexity should be completely visible.