From 3515bdadc2c686376f9525844775ad1c28cebd5a Mon Sep 17 00:00:00 2001 From: Damien Date: Mon, 30 Mar 2026 13:03:25 +0000 Subject: [PATCH] Add access layer --- configs/access1.cfg | 65 +++++++++++++++++++++++++++++ configs/access2.cfg | 65 +++++++++++++++++++++++++++++ configs/access3.cfg | 65 +++++++++++++++++++++++++++++ configs/access4.cfg | 65 +++++++++++++++++++++++++++++ configs/leaf1.cfg | 6 +-- configs/leaf2.cfg | 6 +-- configs/leaf3.cfg | 6 +-- configs/leaf4.cfg | 6 +-- configs/leaf5.cfg | 6 +-- configs/leaf6.cfg | 6 +-- configs/leaf7.cfg | 6 +-- configs/leaf8.cfg | 6 +-- evpn-lab.clab.yml | 66 +++++++++++++++++++++++------- evpn-lab.clab.yml.annotations.json | 45 ++++++++++++++++---- 14 files changed, 373 insertions(+), 46 deletions(-) create mode 100644 configs/access1.cfg create mode 100644 configs/access2.cfg create mode 100644 configs/access3.cfg create mode 100644 configs/access4.cfg diff --git a/configs/access1.cfg b/configs/access1.cfg new file mode 100644 index 0000000..2c5a20f --- /dev/null +++ b/configs/access1.cfg @@ -0,0 +1,65 @@ +! Access1 Configuration +! L2-only access switch for VTEP1 (leaf1/leaf2) +! +hostname access1 +! +! LLDP Management0 +lldp management-address Management0 +! +! enable gNMI API +management api gnmi + transport grpc default + provider eos-native +! +! admin/admin for ssh access +username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0 +! +! VLANs +vlan 40 + name test-l2-vxlan +! +! Management interface +interface Management0 + ip address 172.16.0.41/24 +! +! Spanning-tree +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +! +! Uplink to leaf MLAG pair (Port-Channel 10) +interface Ethernet1 + description leaf1-uplink + channel-group 10 mode active +! +interface Ethernet2 + description leaf2-uplink + channel-group 10 mode active +! +interface Port-Channel10 + description uplink-to-leaf-mlag + switchport mode trunk + switchport trunk allowed vlan 40 + no shutdown +! +! Host-facing downlink (Port-Channel 1) +interface Ethernet3 + description host1 + channel-group 1 mode active +! +interface Ethernet4 + description host1 + channel-group 1 mode active +! +interface Port-Channel1 + description host1 + switchport mode trunk + switchport trunk allowed vlan 40 + port-channel lacp fallback timeout 5 + port-channel lacp fallback individual + spanning-tree portfast + no shutdown +! +! Default route for management +ip route 0.0.0.0/0 172.16.0.254 +! +end diff --git a/configs/access2.cfg b/configs/access2.cfg new file mode 100644 index 0000000..0437f31 --- /dev/null +++ b/configs/access2.cfg @@ -0,0 +1,65 @@ +! Access2 Configuration +! L2-only access switch for VTEP2 (leaf3/leaf4) +! +hostname access2 +! +! LLDP Management0 +lldp management-address Management0 +! +! enable gNMI API +management api gnmi + transport grpc default + provider eos-native +! +! admin/admin for ssh access +username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0 +! +! VLANs +vlan 34 + name vrf-gold-subnet +! +! Management interface +interface Management0 + ip address 172.16.0.42/24 +! +! Spanning-tree +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +! +! Uplink to leaf MLAG pair (Port-Channel 10) +interface Ethernet1 + description leaf3-uplink + channel-group 10 mode active +! +interface Ethernet2 + description leaf4-uplink + channel-group 10 mode active +! +interface Port-Channel10 + description uplink-to-leaf-mlag + switchport mode trunk + switchport trunk allowed vlan 34 + no shutdown +! +! Host-facing downlink (Port-Channel 1) +interface Ethernet3 + description host2 + channel-group 1 mode active +! +interface Ethernet4 + description host2 + channel-group 1 mode active +! +interface Port-Channel1 + description host2 + switchport mode trunk + switchport trunk allowed vlan 34 + port-channel lacp fallback timeout 5 + port-channel lacp fallback individual + spanning-tree portfast + no shutdown +! +! Default route for management +ip route 0.0.0.0/0 172.16.0.254 +! +end diff --git a/configs/access3.cfg b/configs/access3.cfg new file mode 100644 index 0000000..a6c4d4f --- /dev/null +++ b/configs/access3.cfg @@ -0,0 +1,65 @@ +! Access3 Configuration +! L2-only access switch for VTEP3 (leaf5/leaf6) +! +hostname access3 +! +! LLDP Management0 +lldp management-address Management0 +! +! enable gNMI API +management api gnmi + transport grpc default + provider eos-native +! +! admin/admin for ssh access +username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0 +! +! VLANs +vlan 40 + name test-l2-vxlan +! +! Management interface +interface Management0 + ip address 172.16.0.43/24 +! +! Spanning-tree +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +! +! Uplink to leaf MLAG pair (Port-Channel 10) +interface Ethernet1 + description leaf5-uplink + channel-group 10 mode active +! +interface Ethernet2 + description leaf6-uplink + channel-group 10 mode active +! +interface Port-Channel10 + description uplink-to-leaf-mlag + switchport mode trunk + switchport trunk allowed vlan 40 + no shutdown +! +! Host-facing downlink (Port-Channel 1) +interface Ethernet3 + description host3 + channel-group 1 mode active +! +interface Ethernet4 + description host3 + channel-group 1 mode active +! +interface Port-Channel1 + description host3 + switchport mode trunk + switchport trunk allowed vlan 40 + port-channel lacp fallback timeout 5 + port-channel lacp fallback individual + spanning-tree portfast + no shutdown +! +! Default route for management +ip route 0.0.0.0/0 172.16.0.254 +! +end diff --git a/configs/access4.cfg b/configs/access4.cfg new file mode 100644 index 0000000..bde8efe --- /dev/null +++ b/configs/access4.cfg @@ -0,0 +1,65 @@ +! Access4 Configuration +! L2-only access switch for VTEP4 (leaf7/leaf8) +! +hostname access4 +! +! LLDP Management0 +lldp management-address Management0 +! +! enable gNMI API +management api gnmi + transport grpc default + provider eos-native +! +! admin/admin for ssh access +username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0 +! +! VLANs +vlan 78 + name vrf-gold-subnet +! +! Management interface +interface Management0 + ip address 172.16.0.44/24 +! +! Spanning-tree +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +! +! Uplink to leaf MLAG pair (Port-Channel 10) +interface Ethernet1 + description leaf7-uplink + channel-group 10 mode active +! +interface Ethernet2 + description leaf8-uplink + channel-group 10 mode active +! +interface Port-Channel10 + description uplink-to-leaf-mlag + switchport mode trunk + switchport trunk allowed vlan 78 + no shutdown +! +! Host-facing downlink (Port-Channel 1) +interface Ethernet3 + description host4 + channel-group 1 mode active +! +interface Ethernet4 + description host4 + channel-group 1 mode active +! +interface Port-Channel1 + description host4 + switchport mode trunk + switchport trunk allowed vlan 78 + port-channel lacp fallback timeout 5 + port-channel lacp fallback individual + spanning-tree portfast + no shutdown +! +! Default route for management +ip route 0.0.0.0/0 172.16.0.254 +! +end diff --git a/configs/leaf1.cfg b/configs/leaf1.cfg index ca4bebf..88d4362 100644 --- a/configs/leaf1.cfg +++ b/configs/leaf1.cfg @@ -78,13 +78,13 @@ interface Ethernet12 ip address 10.0.2.1/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host1 + description access1 channel-group 1 mode active ! interface Port-Channel1 - description host1 + description access1 switchport mode trunk switchport trunk allowed vlan 40 mlag 1 diff --git a/configs/leaf2.cfg b/configs/leaf2.cfg index cfc1946..0ea5757 100644 --- a/configs/leaf2.cfg +++ b/configs/leaf2.cfg @@ -78,13 +78,13 @@ interface Ethernet12 ip address 10.0.2.3/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host1 + description access1 channel-group 1 mode active ! interface Port-Channel1 - description host1 + description access1 switchport mode trunk switchport trunk allowed vlan 40 mlag 1 diff --git a/configs/leaf3.cfg b/configs/leaf3.cfg index 3c2a327..b2b97c2 100644 --- a/configs/leaf3.cfg +++ b/configs/leaf3.cfg @@ -91,13 +91,13 @@ interface Ethernet12 ip address 10.0.2.5/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host2 + description access2 channel-group 1 mode active ! interface Port-Channel1 - description host2 + description access2 switchport mode trunk switchport trunk allowed vlan 34 mlag 1 diff --git a/configs/leaf4.cfg b/configs/leaf4.cfg index 3f700f3..c5ff533 100644 --- a/configs/leaf4.cfg +++ b/configs/leaf4.cfg @@ -91,13 +91,13 @@ interface Ethernet12 ip address 10.0.2.7/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host2 + description access2 channel-group 1 mode active ! interface Port-Channel1 - description host2 + description access2 switchport mode trunk switchport trunk allowed vlan 34 mlag 1 diff --git a/configs/leaf5.cfg b/configs/leaf5.cfg index a1c1649..6822b5e 100644 --- a/configs/leaf5.cfg +++ b/configs/leaf5.cfg @@ -79,13 +79,13 @@ interface Ethernet12 ip address 10.0.2.9/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host3 + description access3 channel-group 1 mode active ! interface Port-Channel1 - description host3 + description access3 switchport mode trunk switchport trunk allowed vlan 40 mlag 1 diff --git a/configs/leaf6.cfg b/configs/leaf6.cfg index 48846b6..eda2288 100644 --- a/configs/leaf6.cfg +++ b/configs/leaf6.cfg @@ -78,13 +78,13 @@ interface Ethernet12 ip address 10.0.2.11/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host3 + description access3 channel-group 1 mode active ! interface Port-Channel1 - description host3 + description access3 switchport mode trunk switchport trunk allowed vlan 40 mlag 1 diff --git a/configs/leaf7.cfg b/configs/leaf7.cfg index 39fce10..a710e7f 100644 --- a/configs/leaf7.cfg +++ b/configs/leaf7.cfg @@ -97,13 +97,13 @@ interface Ethernet12 ip address 10.0.2.13/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host4 + description access4 channel-group 1 mode active ! interface Port-Channel1 - description host4 + description access4 switchport mode trunk switchport trunk allowed vlan 78 mlag 1 diff --git a/configs/leaf8.cfg b/configs/leaf8.cfg index 82f8db7..b22c341 100644 --- a/configs/leaf8.cfg +++ b/configs/leaf8.cfg @@ -97,13 +97,13 @@ interface Ethernet12 ip address 10.0.2.15/31 mtu 9214 ! -! Host-facing interface (MLAG with LACP) +! Access-facing interface (MLAG with LACP) interface Ethernet1 - description host4 + description access4 channel-group 1 mode active ! interface Port-Channel1 - description host4 + description access4 switchport mode trunk switchport trunk allowed vlan 78 mlag 1 diff --git a/evpn-lab.clab.yml b/evpn-lab.clab.yml index c4a6a90..9467cd0 100644 --- a/evpn-lab.clab.yml +++ b/evpn-lab.clab.yml @@ -66,7 +66,28 @@ topology: mgmt-ipv4: 172.16.0.32 startup-config: configs/leaf8.cfg - # Host devices - DUAL-HOMED with LACP bonding to MLAG pairs + # Access Switches - L2 only + access1: + kind: arista_ceos + mgmt-ipv4: 172.16.0.41 + startup-config: configs/access1.cfg + + access2: + kind: arista_ceos + mgmt-ipv4: 172.16.0.42 + startup-config: configs/access2.cfg + + access3: + kind: arista_ceos + mgmt-ipv4: 172.16.0.43 + startup-config: configs/access3.cfg + + access4: + kind: arista_ceos + mgmt-ipv4: 172.16.0.44 + startup-config: configs/access4.cfg + + # Host devices - DUAL-HOMED with LACP bonding to access switches host1: kind: linux mgmt-ipv4: 172.16.0.101 @@ -182,19 +203,36 @@ topology: - endpoints: ["leaf5:eth10", "leaf6:eth10"] - endpoints: ["leaf7:eth10", "leaf8:eth10"] - # Host connections - DUAL-HOMED with LACP to MLAG pairs - # host1 dual-homed to leaf1 + leaf2 - - endpoints: ["leaf1:eth1", "host1:eth1"] - - endpoints: ["leaf2:eth1", "host1:eth2"] + # Access switch uplinks to leaf MLAG pairs (dual-homed via LACP) + # access1 dual-homed to leaf1 + leaf2 + - endpoints: ["leaf1:eth1", "access1:eth1"] + - endpoints: ["leaf2:eth1", "access1:eth2"] - # host2 dual-homed to leaf3 + leaf4 - - endpoints: ["leaf3:eth1", "host2:eth1"] - - endpoints: ["leaf4:eth1", "host2:eth2"] + # access2 dual-homed to leaf3 + leaf4 + - endpoints: ["leaf3:eth1", "access2:eth1"] + - endpoints: ["leaf4:eth1", "access2:eth2"] - # host3 dual-homed to leaf5 + leaf6 - - endpoints: ["leaf5:eth1", "host3:eth1"] - - endpoints: ["leaf6:eth1", "host3:eth2"] + # access3 dual-homed to leaf5 + leaf6 + - endpoints: ["leaf5:eth1", "access3:eth1"] + - endpoints: ["leaf6:eth1", "access3:eth2"] - # host4 dual-homed to leaf7 + leaf8 - - endpoints: ["leaf7:eth1", "host4:eth1"] - - endpoints: ["leaf8:eth1", "host4:eth2"] + # access4 dual-homed to leaf7 + leaf8 + - endpoints: ["leaf7:eth1", "access4:eth1"] + - endpoints: ["leaf8:eth1", "access4:eth2"] + + # Host connections to access switches (dual-homed via LACP) + # host1 dual-homed to access1 + - endpoints: ["access1:eth3", "host1:eth1"] + - endpoints: ["access1:eth4", "host1:eth2"] + + # host2 dual-homed to access2 + - endpoints: ["access2:eth3", "host2:eth1"] + - endpoints: ["access2:eth4", "host2:eth2"] + + # host3 dual-homed to access3 + - endpoints: ["access3:eth3", "host3:eth1"] + - endpoints: ["access3:eth4", "host3:eth2"] + + # host4 dual-homed to access4 + - endpoints: ["access4:eth3", "host4:eth1"] + - endpoints: ["access4:eth4", "host4:eth2"] diff --git a/evpn-lab.clab.yml.annotations.json b/evpn-lab.clab.yml.annotations.json index 7608810..8984cba 100644 --- a/evpn-lab.clab.yml.annotations.json +++ b/evpn-lab.clab.yml.annotations.json @@ -1,21 +1,22 @@ { "freeTextAnnotations": [], "freeShapeAnnotations": [], + "trafficRateAnnotations": [], "groupStyleAnnotations": [], "networkNodeAnnotations": [], "nodeAnnotations": [ { "id": "spine1", "position": { - "x": 340, - "y": 180 + "x": 260, + "y": 160 } }, { "id": "spine2", "position": { - "x": 660, - "y": 180 + "x": 740, + "y": 160 } }, { @@ -78,28 +79,56 @@ "id": "host1", "position": { "x": 20, - "y": 500 + "y": 680 } }, { "id": "host2", "position": { "x": 340, - "y": 500 + "y": 680 } }, { "id": "host3", "position": { "x": 660, - "y": 500 + "y": 680 } }, { "id": "host4", "position": { "x": 1000, - "y": 500 + "y": 680 + } + }, + { + "id": "access4", + "position": { + "x": 1000, + "y": 540 + } + }, + { + "id": "access3", + "position": { + "x": 660, + "y": 520 + } + }, + { + "id": "access2", + "position": { + "x": 340, + "y": 520 + } + }, + { + "id": "access1", + "position": { + "x": 20, + "y": 520 } } ],