From d3b3c38eadf0b10bdb9a9d5c70339bc4189c5f43 Mon Sep 17 00:00:00 2001
From: Damien <damien@arnodo.fr>
Date: Sat, 18 Apr 2026 08:38:12 +0000
Subject: [PATCH] Add DC Border Leaf configs (AS 65005, MLAG pair)

Both border leafs share VTEP Loopback1 10.0.255.15 and peer with DC
spines in eBGP IPv4 + EVPN. Uplinks to core1/core2 use dot1q
subinterfaces (.100 default underlay, .200 VRF gold) with OSPF area 0
and eBGP to AS 65500. VRF gold extended via vxlan vrf gold vni 100001
with RD <Lo0>:1 and RT 1:100001.
---
 configs/border-leaf-dc1.cfg | 234 ++++++++++++++++++++++++++++++++++++
 configs/border-leaf-dc2.cfg | 234 ++++++++++++++++++++++++++++++++++++
 2 files changed, 468 insertions(+)
 create mode 100644 configs/border-leaf-dc1.cfg
 create mode 100644 configs/border-leaf-dc2.cfg

diff --git a/configs/border-leaf-dc1.cfg b/configs/border-leaf-dc1.cfg
new file mode 100644
index 0000000..98274a0
--- /dev/null
+++ b/configs/border-leaf-dc1.cfg
@@ -0,0 +1,234 @@
+! Border-Leaf-DC1 Configuration
+! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc2)
+! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
+!
+hostname border-leaf-dc1
+!
+! LLDP Management0
+lldp management-address Management0
+!
+! enable gNMI API
+management api gnmi
+   transport grpc default
+   provider eos-native
+!
+! admin/admin for ssh access
+username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
+!
+! Enable IP routing
+ip routing
+!
+! Enable routing protocols
+service routing protocols model multi-agent
+!
+! VRF Definition
+vrf instance gold
+!
+! VLANs
+vlan 4090
+   name mlag-peer
+   trunk group mlag-peer
+!
+vlan 4091
+   name mlag-ibgp
+   trunk group mlag-peer
+!
+! Management interface
+interface Management0
+   ip address 172.16.0.3/24
+!
+! MLAG Peer-link SVI
+interface Vlan4090
+   description MLAG Peer-Link
+   ip address 10.0.199.246/31
+   no autostate
+!
+! iBGP Peering SVI
+interface Vlan4091
+   description MLAG iBGP Peering
+   ip address 10.0.3.8/31
+   mtu 9214
+!
+! Loopbacks
+interface Loopback0
+   description Router-ID
+   ip address 10.0.250.21/32
+!
+interface Loopback1
+   description VTEP
+   ip address 10.0.255.15/32
+!
+interface Loopback2
+   description VRF-Gold-health
+   vrf gold
+   ip address 10.0.250.221/32
+!
+! MLAG Peer-link
+interface Ethernet10
+   description mlag peer link
+   channel-group 999 mode active
+!
+interface Port-Channel999
+   description MLAG Peer
+   switchport mode trunk
+   switchport trunk group mlag-peer
+   spanning-tree link-type point-to-point
+!
+! Underlay P2P interfaces to Spines
+interface Ethernet11
+   description spine1
+   no switchport
+   ip address 10.0.1.17/31
+   mtu 9214
+!
+interface Ethernet12
+   description spine2
+   no switchport
+   ip address 10.0.2.17/31
+   mtu 9214
+!
+! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
+interface Ethernet13
+   description core1
+   no switchport
+   mtu 9214
+!
+interface Ethernet13.100
+   description core1-underlay
+   encapsulation dot1q vlan 100
+   ip address 10.0.4.1/31
+   mtu 9214
+!
+interface Ethernet13.200
+   description core1-vrf-gold
+   encapsulation dot1q vlan 200
+   vrf gold
+   ip address 10.0.14.1/31
+   mtu 9214
+!
+! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
+interface Ethernet14
+   description core2
+   no switchport
+   mtu 9214
+!
+interface Ethernet14.100
+   description core2-underlay
+   encapsulation dot1q vlan 100
+   ip address 10.0.4.5/31
+   mtu 9214
+!
+interface Ethernet14.200
+   description core2-vrf-gold
+   encapsulation dot1q vlan 200
+   vrf gold
+   ip address 10.0.14.5/31
+   mtu 9214
+!
+! Spanning-tree
+no spanning-tree vlan 4090
+no spanning-tree vlan 4091
+!
+! Virtual MAC for Anycast Gateway
+ip virtual-router mac-address c001.cafe.babe
+!
+! MLAG Configuration
+mlag configuration
+   domain-id border-leafs-dc
+   local-interface Vlan4090
+   peer-address 10.0.199.247
+   peer-link Port-Channel999
+   dual-primary detection delay 10 action errdisable all-interfaces
+   peer-address heartbeat 172.16.0.4 vrf mgmt
+!
+! VXLAN Interface
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan learn-restrict any
+   vxlan vrf gold vni 100001
+!
+! IP Routing
+ip routing
+ip routing vrf gold
+ip route 100.64.0.0/10 172.16.0.254
+!
+! OSPF for loopback reachability with Core (default VRF)
+router ospf 1
+   router-id 10.0.250.21
+   passive-interface default
+   no passive-interface Ethernet13.100
+   no passive-interface Ethernet14.100
+   network 10.0.250.21/32 area 0
+   network 10.0.4.0/31 area 0
+   network 10.0.4.4/31 area 0
+   max-lsa 12000
+!
+! BGP Configuration
+router bgp 65005
+   router-id 10.0.250.21
+   no bgp default ipv4-unicast
+   bgp log-neighbor-changes
+   distance bgp 20 200 200
+   maximum-paths 4 ecmp 64
+   !
+   ! Underlay peer-group (to DC spines)
+   neighbor underlay peer group
+   neighbor underlay remote-as 65000
+   neighbor underlay maximum-routes 12000 warning-only
+   neighbor 10.0.1.16 peer group underlay
+   neighbor 10.0.2.16 peer group underlay
+   !
+   ! iBGP peer-group (to MLAG peer)
+   neighbor underlay_ibgp peer group
+   neighbor underlay_ibgp remote-as 65005
+   neighbor underlay_ibgp maximum-routes 12000 warning-only
+   neighbor underlay_ibgp next-hop-self
+   neighbor 10.0.3.9 peer group underlay_ibgp
+   !
+   ! EVPN peer-group (to DC spines)
+   neighbor evpn peer group
+   neighbor evpn remote-as 65000
+   neighbor evpn update-source Loopback0
+   neighbor evpn ebgp-multihop 3
+   neighbor evpn send-community extended
+   neighbor evpn maximum-routes 12000 warning-only
+   neighbor 10.0.250.1 peer group evpn
+   neighbor 10.0.250.2 peer group evpn
+   !
+   ! eBGP to Core routers (default VRF, underlay peer-group for /31 sessions)
+   neighbor core peer group
+   neighbor core remote-as 65500
+   neighbor core send-community extended
+   neighbor core maximum-routes 12000 warning-only
+   neighbor 10.0.4.0 peer group core
+   neighbor 10.0.4.4 peer group core
+   !
+   ! IPv4 address family
+   address-family ipv4
+      neighbor underlay activate
+      neighbor underlay_ibgp activate
+      neighbor core activate
+      network 10.0.250.21/32
+      network 10.0.255.15/32
+   !
+   ! EVPN address family
+   address-family evpn
+      neighbor evpn activate
+   !
+   ! VRF Gold configuration
+   vrf gold
+      rd 10.0.250.21:1
+      route-target import evpn 1:100001
+      route-target export evpn 1:100001
+      router-id 10.0.250.21
+      neighbor 10.0.14.0 remote-as 65500
+      neighbor 10.0.14.0 send-community extended
+      neighbor 10.0.14.0 maximum-routes 12000 warning-only
+      neighbor 10.0.14.4 remote-as 65500
+      neighbor 10.0.14.4 send-community extended
+      neighbor 10.0.14.4 maximum-routes 12000 warning-only
+      redistribute connected
+      redistribute learned
+!
+end
diff --git a/configs/border-leaf-dc2.cfg b/configs/border-leaf-dc2.cfg
new file mode 100644
index 0000000..41edd3f
--- /dev/null
+++ b/configs/border-leaf-dc2.cfg
@@ -0,0 +1,234 @@
+! Border-Leaf-DC2 Configuration
+! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc1)
+! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
+!
+hostname border-leaf-dc2
+!
+! LLDP Management0
+lldp management-address Management0
+!
+! enable gNMI API
+management api gnmi
+   transport grpc default
+   provider eos-native
+!
+! admin/admin for ssh access
+username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
+!
+! Enable IP routing
+ip routing
+!
+! Enable routing protocols
+service routing protocols model multi-agent
+!
+! VRF Definition
+vrf instance gold
+!
+! VLANs
+vlan 4090
+   name mlag-peer
+   trunk group mlag-peer
+!
+vlan 4091
+   name mlag-ibgp
+   trunk group mlag-peer
+!
+! Management interface
+interface Management0
+   ip address 172.16.0.4/24
+!
+! MLAG Peer-link SVI
+interface Vlan4090
+   description MLAG Peer-Link
+   ip address 10.0.199.247/31
+   no autostate
+!
+! iBGP Peering SVI
+interface Vlan4091
+   description MLAG iBGP Peering
+   ip address 10.0.3.9/31
+   mtu 9214
+!
+! Loopbacks
+interface Loopback0
+   description Router-ID
+   ip address 10.0.250.22/32
+!
+interface Loopback1
+   description VTEP
+   ip address 10.0.255.15/32
+!
+interface Loopback2
+   description VRF-Gold-health
+   vrf gold
+   ip address 10.0.250.222/32
+!
+! MLAG Peer-link
+interface Ethernet10
+   description mlag peer link
+   channel-group 999 mode active
+!
+interface Port-Channel999
+   description MLAG Peer
+   switchport mode trunk
+   switchport trunk group mlag-peer
+   spanning-tree link-type point-to-point
+!
+! Underlay P2P interfaces to Spines
+interface Ethernet11
+   description spine1
+   no switchport
+   ip address 10.0.1.19/31
+   mtu 9214
+!
+interface Ethernet12
+   description spine2
+   no switchport
+   ip address 10.0.2.19/31
+   mtu 9214
+!
+! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
+interface Ethernet13
+   description core1
+   no switchport
+   mtu 9214
+!
+interface Ethernet13.100
+   description core1-underlay
+   encapsulation dot1q vlan 100
+   ip address 10.0.4.3/31
+   mtu 9214
+!
+interface Ethernet13.200
+   description core1-vrf-gold
+   encapsulation dot1q vlan 200
+   vrf gold
+   ip address 10.0.14.3/31
+   mtu 9214
+!
+! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
+interface Ethernet14
+   description core2
+   no switchport
+   mtu 9214
+!
+interface Ethernet14.100
+   description core2-underlay
+   encapsulation dot1q vlan 100
+   ip address 10.0.4.7/31
+   mtu 9214
+!
+interface Ethernet14.200
+   description core2-vrf-gold
+   encapsulation dot1q vlan 200
+   vrf gold
+   ip address 10.0.14.7/31
+   mtu 9214
+!
+! Spanning-tree
+no spanning-tree vlan 4090
+no spanning-tree vlan 4091
+!
+! Virtual MAC for Anycast Gateway
+ip virtual-router mac-address c001.cafe.babe
+!
+! MLAG Configuration
+mlag configuration
+   domain-id border-leafs-dc
+   local-interface Vlan4090
+   peer-address 10.0.199.246
+   peer-link Port-Channel999
+   dual-primary detection delay 10 action errdisable all-interfaces
+   peer-address heartbeat 172.16.0.3 vrf mgmt
+!
+! VXLAN Interface
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan learn-restrict any
+   vxlan vrf gold vni 100001
+!
+! IP Routing
+ip routing
+ip routing vrf gold
+ip route 100.64.0.0/10 172.16.0.254
+!
+! OSPF for loopback reachability with Core (default VRF)
+router ospf 1
+   router-id 10.0.250.22
+   passive-interface default
+   no passive-interface Ethernet13.100
+   no passive-interface Ethernet14.100
+   network 10.0.250.22/32 area 0
+   network 10.0.4.2/31 area 0
+   network 10.0.4.6/31 area 0
+   max-lsa 12000
+!
+! BGP Configuration
+router bgp 65005
+   router-id 10.0.250.22
+   no bgp default ipv4-unicast
+   bgp log-neighbor-changes
+   distance bgp 20 200 200
+   maximum-paths 4 ecmp 64
+   !
+   ! Underlay peer-group (to DC spines)
+   neighbor underlay peer group
+   neighbor underlay remote-as 65000
+   neighbor underlay maximum-routes 12000 warning-only
+   neighbor 10.0.1.18 peer group underlay
+   neighbor 10.0.2.18 peer group underlay
+   !
+   ! iBGP peer-group (to MLAG peer)
+   neighbor underlay_ibgp peer group
+   neighbor underlay_ibgp remote-as 65005
+   neighbor underlay_ibgp maximum-routes 12000 warning-only
+   neighbor underlay_ibgp next-hop-self
+   neighbor 10.0.3.8 peer group underlay_ibgp
+   !
+   ! EVPN peer-group (to DC spines)
+   neighbor evpn peer group
+   neighbor evpn remote-as 65000
+   neighbor evpn update-source Loopback0
+   neighbor evpn ebgp-multihop 3
+   neighbor evpn send-community extended
+   neighbor evpn maximum-routes 12000 warning-only
+   neighbor 10.0.250.1 peer group evpn
+   neighbor 10.0.250.2 peer group evpn
+   !
+   ! eBGP to Core routers (default VRF)
+   neighbor core peer group
+   neighbor core remote-as 65500
+   neighbor core send-community extended
+   neighbor core maximum-routes 12000 warning-only
+   neighbor 10.0.4.2 peer group core
+   neighbor 10.0.4.6 peer group core
+   !
+   ! IPv4 address family
+   address-family ipv4
+      neighbor underlay activate
+      neighbor underlay_ibgp activate
+      neighbor core activate
+      network 10.0.250.22/32
+      network 10.0.255.15/32
+   !
+   ! EVPN address family
+   address-family evpn
+      neighbor evpn activate
+   !
+   ! VRF Gold configuration
+   vrf gold
+      rd 10.0.250.22:1
+      route-target import evpn 1:100001
+      route-target export evpn 1:100001
+      router-id 10.0.250.22
+      neighbor 10.0.14.2 remote-as 65500
+      neighbor 10.0.14.2 send-community extended
+      neighbor 10.0.14.2 maximum-routes 12000 warning-only
+      neighbor 10.0.14.6 remote-as 65500
+      neighbor 10.0.14.6 send-community extended
+      neighbor 10.0.14.6 maximum-routes 12000 warning-only
+      redistribute connected
+      redistribute learned
+!
+end