Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add DC Border Leaf configs (AS 65005, MLAG pair)

Browse Source 
Both border leafs share VTEP Loopback1 10.0.255.15 and peer with DC
spines in eBGP IPv4 + EVPN. Uplinks to core1/core2 use dot1q
subinterfaces (.100 default underlay, .200 VRF gold) with OSPF area 0
and eBGP to AS 65500. VRF gold extended via vxlan vrf gold vni 100001
with RD <Lo0>:1 and RT 1:100001.
This commit is contained in:
Damien Arnodo
2026-04-18 08:38:12 +00:00
parent 5e4b39d05d
commit d3b3c38ead
2 changed files with 468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

234
configs/border-leaf-dc1.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-DC1 Configuration
! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc2)
! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-dc1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.3/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.0.199.246/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.0.3.8/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.0.250.21/32
!
interface Loopback1
description VTEP
ip address 10.0.255.15/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.0.250.221/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Spines
interface Ethernet11
description spine1
no switchport
ip address 10.0.1.17/31
mtu 9214
!
interface Ethernet12
description spine2
no switchport
ip address 10.0.2.17/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.1/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.1/31
mtu 9214
!
! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.5/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.5/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-dc
local-interface Vlan4090
peer-address 10.0.199.247
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.4 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.0.250.21
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.0.250.21/32 area 0
network 10.0.4.0/31 area 0
network 10.0.4.4/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65005
router-id 10.0.250.21
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to DC spines)
neighbor underlay peer group
neighbor underlay remote-as 65000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.0.1.16 peer group underlay
neighbor 10.0.2.16 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 65005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.0.3.9 peer group underlay_ibgp
!
! EVPN peer-group (to DC spines)
neighbor evpn peer group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.0.250.1 peer group evpn
neighbor 10.0.250.2 peer group evpn
!
! eBGP to Core routers (default VRF, underlay peer-group for /31 sessions)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.4.0 peer group core
neighbor 10.0.4.4 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.0.250.21/32
network 10.0.255.15/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.0.250.21:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.0.250.21
neighbor 10.0.14.0 remote-as 65500
neighbor 10.0.14.0 send-community extended
neighbor 10.0.14.0 maximum-routes 12000 warning-only
neighbor 10.0.14.4 remote-as 65500
neighbor 10.0.14.4 send-community extended
neighbor 10.0.14.4 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end

234
configs/border-leaf-dc2.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-DC2 Configuration
! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc1)
! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-dc2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.4/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.0.199.247/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.0.3.9/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.0.250.22/32
!
interface Loopback1
description VTEP
ip address 10.0.255.15/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.0.250.222/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Spines
interface Ethernet11
description spine1
no switchport
ip address 10.0.1.19/31
mtu 9214
!
interface Ethernet12
description spine2
no switchport
ip address 10.0.2.19/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.3/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.3/31
mtu 9214
!
! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.7/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.7/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-dc
local-interface Vlan4090
peer-address 10.0.199.246
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.3 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.0.250.22
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.0.250.22/32 area 0
network 10.0.4.2/31 area 0
network 10.0.4.6/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65005
router-id 10.0.250.22
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to DC spines)
neighbor underlay peer group
neighbor underlay remote-as 65000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.0.1.18 peer group underlay
neighbor 10.0.2.18 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 65005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.0.3.8 peer group underlay_ibgp
!
! EVPN peer-group (to DC spines)
neighbor evpn peer group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.0.250.1 peer group evpn
neighbor 10.0.250.2 peer group evpn
!
! eBGP to Core routers (default VRF)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.4.2 peer group core
neighbor 10.0.4.6 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.0.250.22/32
network 10.0.255.15/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.0.250.22:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.0.250.22
neighbor 10.0.14.2 remote-as 65500
neighbor 10.0.14.2 send-community extended
neighbor 10.0.14.2 maximum-routes 12000 warning-only
neighbor 10.0.14.6 remote-as 65500
neighbor 10.0.14.6 send-community extended
neighbor 10.0.14.6 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end