Campus Networks Are Going Data Center: How Leaf-Spine, EVPN, and VXLAN Are Redrawing Network Boundaries

So let’s go back to that original question: can you mix and match data center switches and campus switches?

The honest answer has never been about the hardware itself — it’s about the network scenario you’re dealing with. Are you serving compute, or are you serving people? Are you handling coordination between thousands of servers, or are you connecting an organization’s day-to-day office work? Get clear on that question, and the right choice basically makes itself. But the reality is, the line between these two worlds is getting blurrier by the day.

AI workloads, video, and big data are showing up inside campus environments, and East-West traffic is on the rise. Meanwhile, the design philosophy of the data center is steadily “trickling down” into campus networks. The old-school two-layer, tree-topology approach is increasingly struggling to support the demands of modern business.

And so a more practical question has emerged: is there a network architecture that can be both simple and controllable like a campus network, while also delivering the high performance and scalability of a data center? That’s exactly the direction the next generation of campus networks is being built toward. A Layer 3 architecture based on BGP EVPN and VXLAN, combined with a Leaf-Spine design approach, is bringing “data center-grade capability” into the campus — stable enough, scalable enough, but without pushing operational complexity to an unmanageable level.

Asterfusion’s campus network architecture does exactly this:

Using a data center-grade BGP EVPN + VXLAN Spine-Leaf architecture to reconstruct the traditional campus network, layered with OpenWiFi to deliver an open campus network with wired + wireless integration, multi-tenancy, and cloud-native operations.

Breaking the “Patch-the-Switch” Mindset — Rebuilding the Campus with Data Center Methodology

When you look at Asterfusion’s campus solution in the context of real-world deployments, what it’s actually solving is a very typical but long-overlooked problem: traditional campus networks have stopped being good enough, but everyone is still trying to fix them with “switch-centric thinking.”

Look at the campus networks most organizations are running today. At their core, they’re essentially the same thing that’s been around for decades: a three-tier architecture with access, aggregation, and core stacked on top of each other; a two-layer network held together by VLANs; STP still running in the background maintaining what loosely passes for a loop-free topology; and wireless and wired operating as two completely separate systems — an AC controller managing Wi-Fi on one side, switches managing wired on the other, with policies that don’t talk to each other. At small scale, you can get away with it. But once the campus grows — multiple buildings, multiple tenants, multiple business units — the cracks become impossible to ignore: scaling gets harder, faults become harder to trace, cross-zone access gets more and more convoluted, and most critically, the network has no real coherence as a whole.

What Asterfusion is doing isn’t fundamentally an optimization of that existing system — it’s a completely different approach. The thinking is: if campus environments have already gotten complicated, stop trying to hold them together with “Layer 2 + STP + VLAN” and just bring the data center’s network methodology directly into the campus.

From “Switch Assembly” to “Routing-Driven”

So the whole design starts from a single premise: take the campus from a traditional three-tier structure to Spine-Leaf, and keep the entire network purely Layer 3. Leaf, Spine, and Super-Spine where needed — the whole system stops relying on STP and instead uses BGP as the control plane with ECMP for multipath forwarding.

It sounds like “the data center trickling down,” but a more accurate way to put it is: it’s turning the campus network from a “switch assembly network” into a “routing-driven network.”

The direct consequence of this shift is that the network no longer needs to lean on VLANs to solve scale problems. VLANs are fundamentally a product of the two-layer era — their boundaries are inherently limited. What actually carries the network’s logic here is VXLAN.

VXLAN + EVPN: The Golden Pair for Distributed Control

The role of VXLAN, put simply, is to “wrap Layer 2 traffic inside Layer 3 for transport.” That breaks through the scaling ceiling that VLANs impose. You can think of it as the network going from a “flat structure” to an “infinitely stackable logical space.”

But VXLAN is just the tunnel. What makes it controllable is EVPN. The value of EVPN is that it stops relying on flooding to “guess” what devices exist on the network, and instead uses BGP — a proven routing protocol — to explicitly distribute MAC and IP location information across the entire network.

Think of it as a clean division of labor:

• VXLAN gets the data where it needs to go;
• EVPN tells it where that is.

Once these two work together, the behavior of the campus network fundamentally changes. It’s no longer a local area network maintained by broadcast — it’s a distributed network system with explicit control logic. When you look back at the traditional campus pain points from this vantage point, you realize that many of them — broadcast storms, ARP flooding, slow STP convergence — aren’t “optimized away” in the new architecture. They simply disappear, because the entire mechanism no longer depends on broadcast-driven behavior.

Open Wireless Integration: Wired and Wireless, Truly Unified

But the most interesting part of the Asterfusion solution isn’t just that the network structure changed — it’s that the way the campus is used was redesigned along with it.

On the wireless side, for example, instead of continuing with the traditional AC controller architecture, the approach brings in OpenWiFi thinking, turning wireless access into an open system and integrating it directly into the EVPN Fabric. Wireless users are no longer a “separately managed category of endpoints” — they enter the same EVPN network fabric directly. The result is that wired and wireless are finally not two separate networks, but one unified logical network.

This produces a very tangible experience change: when a user moves around the campus, their IP doesn’t change and their gateway doesn’t change, because every Leaf can act as an Anycast Gateway. From the user’s perspective, they’re just changing seats. From the network’s perspective, they’ve never left the same logical point. That’s why roaming latency can be driven so low — it’s not an optimization of Wi-Fi performance. It’s the elimination of “mobility” as a concept from the network structure itself.

Protocol-Level Multi-Tenant Isolation: From Shared Hardware to Logical Collections

Multi-tenancy follows the same logic. In a traditional campus, achieving isolation typically means VLAN stacking or layered policies — complex, fragile, and hard to scale. In a EVPN + VXLAN architecture, a tenant is essentially just a VNI. Each VNI is inherently isolated, without the need for patchwork design at the Layer 2 level. The campus shifts from a “hardware-shared network” to a “collection of logical networks.”

What you keep seeing this architecture do, over and over, is take things that used to be maintained by experience, by manual configuration, by tribal knowledge — and turn them into protocol-level capabilities.

Conclusion: Redefining the Next-Generation Campus Network

Looking back at the whole solution from here, there’s actually a very plain way to understand it: this isn’t an upgrade to campus switches. It’s a redefinition of the campus network itself as a “small-scale data center.”

• Spine-Leaf is the skeleton;
• BGP is the nervous system;
• EVPN is the brain’s ability to learn;
• VXLAN is the space that carries everything;
• OpenWiFi pulls the wireless world into the same fabric.

When all of these come together, the campus network is no longer a stacking relationship of “access devices + aggregation devices + core devices.” It’s more like a unified network platform — one that can be expanded, orchestrated, and even delivered as a service.

If you want to put it in more commercial terms: what Asterfusion has built isn’t a renovation of the traditional campus. It’s a use of data center network architecture to redefine what a campus network should be — and along the way, it unifies wireless, wired, multi-tenancy, and operations into a single logical system.