Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Repository cleanup - Remove unnecessary files (#16)

Browse Source 
## Summary

Repository cleanup to remove unnecessary files and streamline documentation after the successful EVPN-VXLAN lab implementation.

Closes #15

---

## Changes

### Files Removed (13 files total)

**Scripts folder:**
- `scripts/deploy.sh`
- `scripts/test-connectivity.sh`
- `scripts/cleanup.sh`

**Root-level markdown files:**
- `BRANCH_SUMMARY.md`
- `BUGFIX_EVPN_ACTIVATION.md`
- `DEPLOYMENT_GUIDE.md`
- `FIXES_APPLIED.md`
- `TESTING_CHECKLIST.md`
- `VLAN_TAGGING_FIX_EXPLANATION.md`

**docs/ folder (entire folder removed):**
- `docs/HOST_INTERFACE_CONFIGURATION.md`
- `docs/configuration-guide.md`
- `docs/quick-reference.md`
- `docs/validation-commands.md`

### Files Updated
- `hosts/README.md` - Fixed broken links
- `README.md` - Updated repository structure section

---

## Final Repository Structure

```
├── .gitignore
├── README.md                    # Main documentation
├── TROUBLESHOOTING.md           # Troubleshooting guide
├── END_TO_END_TESTING.md        # Testing procedures
├── evpn-lab.clab.yml            # ContainerLab topology
├── configs/                     # Switch configurations (10 files)
└── hosts/                       # Host interface configs (5 files)
```

---

## Testing

- [x] Lab redeployed successfully with `containerlab deploy -t evpn-lab.clab.yml`
- [x] L2 VXLAN connectivity verified (host1 ↔ host3)
- [x] L3 VXLAN connectivity verified (host2 ↔ host4)
- [x] All BGP EVPN sessions established
- [x] MLAG pairs operational

Reviewed-on: #16
This commit was merged in pull request #16.
This commit is contained in:
Damien Arnodo
2025-11-30 19:07:22 +00:00
parent 1080bf07bb
commit db54e56b41
15 changed files with 16 additions and 2889 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
docs/HOST_INTERFACE_CONFIGURATION.md
View File

@@ -1,154 +0,0 @@
# Host Interface Configuration Guide
## Overview
All four hosts in the lab use **persistent interface configuration files** mounted via ContainerLab's `binds` feature. This approach provides cleaner, more maintainable configuration compared to using `exec` commands.
## Architecture
### Dual-Homing with LACP Bonding
Each host is dual-homed to an MLAG pair of leaf switches:
- **host1**: dual-homed to leaf1 + leaf2 (VTEP1)
- **host2**: dual-homed to leaf3 + leaf4 (VTEP2)
- **host3**: dual-homed to leaf5 + leaf6 (VTEP3)
- **host4**: dual-homed to leaf7 + leaf8 (VTEP4)
### VLAN Configuration
Hosts handle VLAN tagging using sub-interfaces on the bond:
| Host | VLAN | IP Address | Purpose | VRF |
|------|------|------------|---------|-----|
| host1 | 40 | 10.40.40.101/24 | L2 VXLAN test | default |
| host2 | 34 | 10.34.34.102/24 | L3 VXLAN test | gold |
| host3 | 40 | 10.40.40.103/24 | L2 VXLAN test | default |
| host4 | 78 | 10.78.78.104/24 | L3 VXLAN test | gold |
## Interface Files Structure
Each host has a configuration file in `hosts/` directory:
- `hosts/host1_interfaces` → mounted to `/etc/network/interfaces` in host1
- `hosts/host2_interfaces` → mounted to `/etc/network/interfaces` in host2
- `hosts/host3_interfaces` → mounted to `/etc/network/interfaces` in host3
- `hosts/host4_interfaces` → mounted to `/etc/network/interfaces` in host4
## Interface Configuration Format
### Example: host1_interfaces
```
auto lo
iface lo inet loopback
# Bond interface with LACP (802.3ad)
auto bond0
iface bond0 inet manual
bond-mode 4
bond-miimon 100
bond-lacp-rate 1
bond-slaves eth1 eth2
# VLAN 40 on bond0
auto bond0.40
iface bond0.40 inet static
address 10.40.40.101
netmask 255.255.255.0
vlan-raw-device bond0
```
### Key Parameters Explained
**Bond Configuration:**
- `bond-mode 4`: LACP (802.3ad) mode - requires LACP on switch side
- `bond-miimon 100`: Link monitoring interval (100ms)
- `bond-lacp-rate 1`: Fast LACP (1 second intervals)
- `bond-slaves eth1 eth2`: Physical interfaces in the bond
**VLAN Sub-interface:**
- `bond0.40`: VLAN interface notation (bond0.VLAN_ID)
- `vlan-raw-device bond0`: Parent interface for VLAN
- Static IP configuration with address/netmask
## Deployment Process
When ContainerLab starts a host:
1. **Mount interface file** via binds
2. **Install packages**: `apk add ifupdown bonding vlan`
3. **Load kernel modules**:
- `modprobe bonding` - enables LACP bonding
- `modprobe 8021q` - enables VLAN tagging
4. **Bring up interfaces**: `ifup -a` reads `/etc/network/interfaces`
## Switch Configuration Requirements
For proper LACP operation, leaf switches must have:
```
interface Port-Channel1
description host-X
switchport mode trunk
switchport trunk allowed vlan <vlan-id>
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
interface Ethernet1
description host-X-link1
channel-group 1 mode active
lacp timer fast
no shutdown
```
**Critical settings:**
- `port-channel lacp fallback`: Required for ContainerLab timing
- `lacp timer fast`: Matches host's fast LACP rate
- `no shutdown`: Must explicitly enable Port-Channel interface
## Advantages of This Approach
1. **Persistence**: Configuration survives container restarts
2. **Clarity**: Single file shows complete network config
3. **Maintainability**: Easy to modify VLAN assignments
4. **Production-like**: Mirrors real-world dual-homing scenarios
5. **Clean deployment**: No manual post-deployment fixes needed
## Testing Connectivity
### L2 VXLAN (same VLAN)
```bash
# host1 (VLAN 40) → host3 (VLAN 40)
docker exec clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
```
### L3 VXLAN (inter-VRF)
```bash
# host2 (VLAN 34, VRF gold) → host4 (VLAN 78, VRF gold)
docker exec clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
```
## Troubleshooting
### Verify bond status on host
```bash
docker exec clab-arista-evpn-fabric-host1 cat /proc/net/bonding/bond0
```
### Check VLAN interface
```bash
docker exec clab-arista-evpn-fabric-host1 ip addr show bond0.40
```
### Verify LACP on switch
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show port-channel 1 detailed"
```
## References
- Alpine Linux ifupdown-ng documentation
- Linux bonding documentation: `/usr/src/linux/Documentation/networking/bonding.txt`
- Arista MLAG configuration guide
- srl-labs/srl-evpn-mh-lab (reference implementation)

400
docs/configuration-guide.md
View File

@@ -1,400 +0,0 @@
# Configuration Guide
This guide walks through the key configuration concepts used in this EVPN-VXLAN lab.
## Table of Contents
- [Architecture Overview](#architecture-overview)
- [Underlay Configuration](#underlay-configuration)
- [Overlay Configuration](#overlay-configuration)
- [MLAG Configuration](#mlag-configuration)
- [L2 VXLAN Configuration](#l2-vxlan-configuration)
- [L3 VXLAN Configuration](#l3-vxlan-configuration)
- [Best Practices](#best-practices)
## Architecture Overview
### Topology Design
- **Spine-Leaf Architecture**: 2 Spines, 8 Leafs forming 4 VTEPs
- **Underlay**: BGP with eBGP between Spine-Leaf, iBGP between MLAG pairs
- **Overlay**: BGP EVPN for control plane
- **Data Plane**: VXLAN encapsulation
### AS Number Scheme
```
Spine: AS 65000
VTEP1: AS 65001 (Leaf1/Leaf2)
VTEP2: AS 65002 (Leaf3/Leaf4)
VTEP3: AS 65003 (Leaf5/Leaf6)
VTEP4: AS 65004 (Leaf7/Leaf8)
```
### IP Addressing Plan
```
Management: 172.16.0.0/24
Router-ID Loopbacks: 10.0.250.0/24
VTEP Loopbacks: 10.0.255.0/24
Spine1 P2P Links: 10.0.1.0/24
Spine2 P2P Links: 10.0.2.0/24
MLAG iBGP Peering: 10.0.3.0/24
MLAG Peer-Link: 10.0.199.0/24
```
## Underlay Configuration
### 1. Enable Multi-Agent Routing Protocol Model
Required for EVPN to function properly:
```
service routing protocols model multi-agent
```
### 2. Configure Loopback Interfaces
Each device needs two loopbacks:
```
! Router-ID Loopback (unique per device)
interface Loopback0
ip address 10.0.250.x/32
! VTEP Loopback (shared within MLAG pair)
interface Loopback1
ip address 10.0.255.x/32
```
### 3. Configure Point-to-Point Interfaces
Use /31 subnets for efficiency:
```
interface Ethernet11
description spine1
no switchport
ip address 10.0.1.1/31
mtu 9214
```
### 4. Configure BGP Underlay
#### On Spines:
```
router bgp 65000
router-id 10.0.250.1
no bgp default ipv4-unicast
distance bgp 20 200 200
neighbor 10.0.1.1 remote-as 65001
neighbor 10.0.1.3 remote-as 65001
# ... more neighbors
address-family ipv4
neighbor 10.0.1.1 activate
network 10.0.250.1/32
maximum-paths 4 ecmp 64
```
#### On Leafs:
```
router bgp 65001
router-id 10.0.250.11
no bgp default ipv4-unicast
distance bgp 20 200 200
neighbor underlay peer group
neighbor underlay remote-as 65000
neighbor 10.0.1.0 peer group underlay
neighbor 10.0.2.0 peer group underlay
address-family ipv4
neighbor underlay activate
network 10.0.250.11/32
network 10.0.255.11/32
maximum-paths 4 ecmp 64
```
### Why These Settings?
- **no bgp default ipv4-unicast**: Requires explicit activation per address family
- **distance bgp 20 200 200**: eBGP=20, iBGP=200, Local=200 (prefer eBGP routes)
- **maximum-paths 4 ecmp 64**: Enable ECMP with up to 4 paths
- **mtu 9214**: Support jumbo frames for VXLAN overhead
## Overlay Configuration
### 1. Configure EVPN Neighbors
#### On Leafs:
```
router bgp 65001
neighbor evpn peer group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor 10.0.250.1 peer group evpn
neighbor 10.0.250.2 peer group evpn
address-family evpn
neighbor evpn activate
```
#### On Spines:
```
router bgp 65000
neighbor evpn peer group
neighbor evpn next-hop-unchanged
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor 10.0.250.11 peer group evpn
neighbor 10.0.250.11 remote-as 65001
# ... more neighbors
address-family evpn
neighbor evpn activate
```
### Why These Settings?
- **update-source Loopback0**: Use loopback for stable peering
- **ebgp-multihop 3**: Allow multi-hop eBGP through underlay
- **send-community extended**: Required for EVPN route-targets
- **next-hop-unchanged**: On spines, preserve original next-hop for optimal routing
### 2. Configure VXLAN Interface
```
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
```
- **source-interface Loopback1**: Use VTEP loopback as source
- **udp-port 4789**: Standard VXLAN port
- **learn-restrict any**: Use EVPN control plane only (no data plane learning)
## MLAG Configuration
### 1. Configure MLAG VLANs
```
vlan 4090
name mlag-peer
trunk group mlag-peer
vlan 4091
name mlag-ibgp
trunk group mlag-peer
```
### 2. Configure MLAG SVIs
```
interface Vlan4090
description MLAG Peer-Link
ip address 10.0.199.254/31
no autostate
interface Vlan4091
description MLAG iBGP Peering
ip address 10.0.3.0/31
mtu 9214
```
### 3. Configure Peer-Link
```
interface Ethernet10
channel-group 999 mode active
interface Port-Channel999
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
```
### 4. Configure MLAG Domain
```
mlag configuration
domain-id leafs
local-interface Vlan4090
peer-address 10.0.199.255
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.50 vrf mgmt
```
### 5. Configure iBGP Between MLAG Peers
```
router bgp 65001
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 65001
neighbor underlay_ibgp next-hop-self
neighbor 10.0.3.1 peer group underlay_ibgp
address-family ipv4
neighbor underlay_ibgp activate
```
### 6. Configure Virtual Router MAC
```
ip virtual-router mac-address c001.cafe.babe
```
This MAC is used for anycast gateway functionality across the MLAG pair.
## L2 VXLAN Configuration
For extending Layer 2 domains across the fabric:
### 1. Create VLAN
```
vlan 40
name test-l2-vxlan
```
### 2. Map VLAN to VNI
```
interface Vxlan1
vxlan vlan 40 vni 110040
```
### 3. Configure BGP EVPN for VLAN
```
router bgp 65001
vlan 40
rd 65001:110040
route-target both 40:110040
redistribute learned
```
### Key Concepts
- **VNI (VXLAN Network Identifier)**: 24-bit segment ID (110040)
- **RD (Route Distinguisher)**: Makes routes unique (AS:VNI format)
- **RT (Route Target)**: Controls route import/export (VLAN:VNI format)
- **redistribute learned**: Advertise locally learned MAC addresses
## L3 VXLAN Configuration
For routing between VRFs across the fabric:
### 1. Create VRF
```
vrf instance gold
ip routing vrf gold
```
### 2. Map VRF to VNI
```
interface Vxlan1
vxlan vrf gold vni 100001
```
### 3. Configure VRF VLAN Interface
```
vlan 34
name vrf-gold-subnet
interface Vlan34
vrf gold
ip address 10.34.34.2/24
ip virtual-router address 10.34.34.1
```
### 4. Configure BGP for VRF
```
router bgp 65002
vrf gold
rd 10.0.250.13:1
route-target import evpn 1:100001
route-target export evpn 1:100001
redistribute connected
```
### Key Concepts
- **VRF**: Virtual Routing and Forwarding instance
- **L3 VNI**: VNI for routing between VRFs
- **Anycast Gateway**: Same gateway IP/MAC on both MLAG peers
- **Type-5 Routes**: EVPN IP prefix routes for inter-subnet routing
## Best Practices
### IP Addressing
1. Use consistent /31 for P2P links
2. Reserve /32 blocks for loopbacks
3. Use non-overlapping private address space
### BGP Configuration
1. Always use peer groups for scalability
2. Set appropriate maximum-routes limits
3. Enable logging for troubleshooting
4. Use `distance bgp 20 200 200` for predictable behavior
### VXLAN/EVPN
1. Use meaningful VNI numbers (e.g., 1XXYYY where XX is VLAN/VRF)
2. Keep RD unique per device
3. Keep RT consistent across devices in same domain
4. Enable `vxlan learn-restrict any` to avoid data-plane learning
### MLAG
1. Always configure dual-active detection
2. Use trunk groups to isolate MLAG VLANs
3. Configure iBGP between peers for redundancy
4. Use consistent domain-id across pairs
### MTU
1. Set MTU to 9214 on underlay links for VXLAN overhead
2. Ensure consistent MTU across the fabric
3. Account for 50-byte VXLAN header overhead
### Security
1. Change default passwords immediately
2. Configure management VRF
3. Use authentication for BGP peers (not shown in lab configs)
4. Implement prefix-lists and route-maps in production
## Verification Checklist
After configuration, verify:
- [ ] All BGP neighbors established
- [ ] Loopbacks reachable via underlay
- [ ] EVPN routes being exchanged
- [ ] MLAG state is Active
- [ ] VXLAN interface is up
- [ ] Remote VTEPs discovered
- [ ] MAC addresses learned via EVPN
- [ ] VRF routing working end-to-end
Refer to [validation-commands.md](validation-commands.md) for detailed verification steps.
## Troubleshooting Tips
1. **No BGP neighbors**: Check IP connectivity and firewall rules
2. **No EVPN routes**: Verify `send-community extended` is configured
3. **No MAC learning**: Check VNI mapping and route-targets
4. **MLAG not working**: Verify peer-link and domain-id match
5. **No VXLAN traffic**: Check MTU and VNI configuration
## References
- [Arista EVPN Design Guide](https://www.arista.com/en/solutions/design-guides)
- [RFC 7432 - BGP MPLS-Based Ethernet VPN](https://tools.ietf.org/html/rfc7432)
- [RFC 8365 - A Network Virtualization Overlay Solution Using EVPN](https://tools.ietf.org/html/rfc8365)
- [Original Blog Post](https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/)

288
docs/quick-reference.md
View File

@@ -1,288 +0,0 @@
# Quick Reference Guide
Quick commands and references for the Arista EVPN-VXLAN lab.
## Quick Start
```bash
# Deploy lab
sudo containerlab deploy -t evpn-lab.clab.yml
# Check status
sudo containerlab inspect -t evpn-lab.clab.yml
# Destroy lab
sudo containerlab destroy -t evpn-lab.clab.yml
```
## Using Helper Scripts
```bash
# Make scripts executable
chmod +x scripts/*.sh
# Interactive deployment menu
sudo ./scripts/deploy.sh
# Direct commands
sudo ./scripts/deploy.sh deploy
sudo ./scripts/deploy.sh status
sudo ./scripts/deploy.sh validate
# Test connectivity
sudo bash scripts/test-connectivity.sh
# Cleanup
sudo bash scripts/cleanup.sh
```
## Device Access
### SSH Access
```bash
ssh admin@clab-arista-evpn-fabric-spine1
ssh admin@clab-arista-evpn-fabric-leaf1
# Password: admin
```
### Docker Exec
```bash
docker exec -it clab-arista-evpn-fabric-spine1 Cli
docker exec -it clab-arista-evpn-fabric-leaf1 Cli
```
## Management IPs
| Device | Management IP | Loopback0 | Loopback1 |
|---------|---------------|----------------|---------------|
| spine1 | 172.16.0.1 | 10.0.250.1 | N/A |
| spine2 | 172.16.0.2 | 10.0.250.2 | N/A |
| leaf1 | 172.16.0.25 | 10.0.250.11 | 10.0.255.11 |
| leaf2 | 172.16.0.50 | 10.0.250.12 | 10.0.255.11 |
| leaf3 | 172.16.0.27 | 10.0.250.13 | 10.0.255.12 |
| leaf4 | 172.16.0.28 | 10.0.250.14 | 10.0.255.12 |
| leaf5 | 172.16.0.29 | 10.0.250.15 | 10.0.255.13 |
| leaf6 | 172.16.0.30 | 10.0.250.16 | 10.0.255.13 |
| leaf7 | 172.16.0.31 | 10.0.250.17 | 10.0.255.14 |
| leaf8 | 172.16.0.32 | 10.0.250.18 | 10.0.255.14 |
## AS Numbers
| Device Pair | AS Number |
|------------|-----------|
| Spines | 65000 |
| Leaf1/2 | 65001 |
| Leaf3/4 | 65002 |
| Leaf5/6 | 65003 |
| Leaf7/8 | 65004 |
## VNI Mapping
| VLAN/VRF | VNI | Type | VTEPs |
|----------|--------|------|----------|
| VLAN 40 | 110040 | L2 | 1, 3 |
| VRF gold | 100001 | L3 | 2, 4 |
| VLAN 34 | - | L3 | 2 |
| VLAN 78 | - | L3 | 4 |
## Essential Show Commands
### Quick Status Check
```bash
show ip interface brief
show bgp summary
show bgp evpn summary
show mlag
show vxlan vtep
```
### Detailed Verification
```bash
# Underlay
show ip bgp
show ip route
show bgp ipv4 unicast summary
# Overlay
show bgp evpn
show bgp evpn route-type mac-ip
show bgp evpn route-type ip-prefix ipv4
# VXLAN
show interface vxlan1
show vxlan address-table
show vxlan vni
show vxlan config-sanity
# MLAG
show mlag detail
show mlag interfaces
show port-channel summary
# VRF
show vrf
show ip route vrf gold
show bgp ipv4 unicast vrf gold summary
```
## Common Troubleshooting Commands
```bash
# Check BGP neighbors
show ip bgp neighbors <ip>
show bgp evpn neighbors <ip>
# Check routes
show ip route detail
show bgp evpn detail
# Check counters
show interfaces counters errors
show vxlan counters
# Check logs
show logging
show logging last 50
# Packet capture
bash tcpdump -i et11 -n port 179
bash tcpdump -i et11 -n port 4789
```
## Configuration Snippets
### Save Configuration
```bash
write memory
# or
copy running-config startup-config
```
### View Configuration
```bash
show running-config
show running-config | section bgp
show running-config | section vxlan
```
### Enable Configuration Mode
```bash
enable
configure terminal
```
## Testing Connectivity
### From Leaf Devices
```bash
# Ping loopbacks
ping 10.0.250.1
ping 10.0.255.13
# Ping in VRF
ping vrf gold 10.78.78.1
# Traceroute
traceroute 10.0.255.14
traceroute vrf gold 10.34.34.1
```
### From Host Containers
```bash
# Enter host container
docker exec -it clab-arista-evpn-fabric-host1 sh
# Test connectivity
ping 10.40.40.1
```
## Performance Monitoring
```bash
# Interface statistics
show interfaces ethernet 11 counters
show interfaces ethernet 11 counters rate
# BGP statistics
show bgp evpn summary
show bgp evpn route-type mac-ip | count
# System resources
show processes top
show version
```
## Useful Filters
```bash
# Grep examples
show bgp evpn summary | grep Estab
show interfaces status | include up
show running-config | section vxlan
# JSON output (for automation)
show bgp evpn summary | json
show interfaces status | json
```
## Lab Topology Reference
```
Spine1 -------- Spine2
| |
+---------+-----------+---+----------+
| | | |
Leaf1/2 Leaf3/4 Leaf5/6 Leaf7/8
(VTEP1) (VTEP2) (VTEP3) (VTEP4)
| | | |
Host1 Host2 Host3 Host4
```
## Feature Matrix
| Feature | VTEP1 | VTEP2 | VTEP3 | VTEP4 |
|------------------|-------|-------|-------|-------|
| L2 VXLAN (VLAN40)| ✓ | - | ✓ | - |
| L3 VXLAN (VRF) | - | ✓ | - | ✓ |
| BGP Border | - | - | - | ✓ |
| MLAG | ✓ | ✓ | ✓ | ✓ |
## Keyboard Shortcuts (CLI)
```
Ctrl+Z - Exit to privileged EXEC mode
Ctrl+C - Interrupt current command
Tab - Command completion
? - Context-sensitive help
```
## Reset to Factory
```bash
# Erase startup config
enable
bash sudo /mnt/flash/zerotouch reset
# Or manually
enable
write erase
reload
```
## Additional Resources
- Full documentation: `docs/`
- Validation commands: `docs/validation-commands.md`
- Configuration guide: `docs/configuration-guide.md`
- Helper scripts: `scripts/`
## Support
For issues or questions:
- Check logs: `show logging`
- Review documentation in `docs/` directory
- Original blog post: https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/
---
**Tip**: Bookmark this page for quick reference during lab work!

375
docs/validation-commands.md
View File

@@ -1,375 +0,0 @@
# Validation Commands Guide
This document provides a comprehensive list of commands to validate the EVPN-VXLAN fabric.
## Table of Contents
- [Underlay Validation](#underlay-validation)
- [Overlay Validation](#overlay-validation)
- [MLAG Validation](#mlag-validation)
- [VXLAN Validation](#vxlan-validation)
- [VRF Validation](#vrf-validation)
- [Troubleshooting](#troubleshooting)
## Underlay Validation
### Check BGP IPv4 Unicast Neighbors
```bash
# On Spine
show bgp ipv4 unicast summary
# On Leaf
show bgp ipv4 unicast summary
```
Expected: All neighbors in `Established` state
### Verify Loopback Reachability
```bash
# From any leaf, ping spine loopbacks
ping 10.0.250.1
ping 10.0.250.2
# From spine, ping all leaf loopbacks
ping 10.0.250.11
ping 10.0.250.12
# ... etc
```
### Check BGP Routes
```bash
# View all BGP routes
show ip bgp
# View routes for specific prefix
show ip bgp 10.0.250.0/24
# View ECMP paths
show ip route 10.0.250.11
```
Expected: Multiple equal-cost paths via both spines
### Verify Interface Status
```bash
# Check all interfaces
show interfaces status
# Check specific interface
show interfaces ethernet 11
```
## Overlay Validation
### Check BGP EVPN Neighbors
```bash
# On Spine
show bgp evpn summary
# On Leaf
show bgp evpn summary
```
Expected: All EVPN neighbors in `Established` state
### View EVPN Routes
```bash
# Show all EVPN routes
show bgp evpn
# Show Type-2 routes (MAC/IP)
show bgp evpn route-type mac-ip
# Show Type-5 routes (IP Prefix)
show bgp evpn route-type ip-prefix ipv4
# Show routes for specific VNI
show bgp evpn vni 110040
show bgp evpn vni 100001
```
### Check Route Distinguishers and Route Targets
```bash
# View RD/RT configuration
show running-config | section bgp
# View imported routes
show bgp evpn route-type ip-prefix ipv4 | grep RT
```
## MLAG Validation
### Check MLAG Status
```bash
# Overall MLAG status
show mlag
# MLAG interfaces
show mlag interfaces
# MLAG config-sanity
show mlag config-sanity
```
Expected output:
- State: Active
- Negotiation status: Connected
- Peer-link status: Up
### Verify Dual-Active Detection
```bash
# Check dual-active detection status
show mlag detail | include dual
# Verify heartbeat
show mlag detail | include Heartbeat
```
### Check Port-Channel Status
```bash
# View all port-channels
show port-channel summary
# Detailed port-channel info
show interfaces port-channel 999
show interfaces port-channel 1
```
## VXLAN Validation
### Check VXLAN Interface
```bash
# VXLAN interface summary
show interface vxlan1
# Detailed VXLAN info
show vxlan config-sanity
```
### Verify VTEPs
```bash
# Show remote VTEPs
show vxlan vtep
# Show VXLAN VNI mapping
show vxlan vni
# Show flood VTEPs
show vxlan flood vtep
```
### Check VXLAN Address Table
```bash
# Show all MAC addresses learned via VXLAN
show vxlan address-table
# Show MAC addresses for specific VLAN
show mac address-table vlan 40
# Show MAC addresses for specific VNI
show vxlan address-table vni 110040
```
### Verify Overlay Learning
```bash
# Check if EVPN control plane is learning MACs
show bgp evpn route-type mac-ip
# Compare with local MAC table
show mac address-table dynamic
```
## VRF Validation
### Check VRF Configuration
```bash
# List all VRFs
show vrf
# VRF routing table
show ip route vrf gold
# VRF interfaces
show ip interface vrf gold brief
```
### Verify VRF BGP
```bash
# BGP summary for VRF
show bgp ipv4 unicast vrf gold summary
# BGP routes in VRF
show bgp ipv4 unicast vrf gold
```
### Test VRF Connectivity
```bash
# Ping from VRF
ping vrf gold 10.78.78.78
# Traceroute in VRF
traceroute vrf gold 10.78.78.78
```
### Check VNI to VRF Mapping
```bash
# Show VRF to VNI mapping
show vxlan vrf
# Show Type-5 routes for VRF
show bgp evpn route-type ip-prefix ipv4 vrf gold
```
## Troubleshooting
### General Health Checks
```bash
# System health
show version
show inventory
show environment all
# Check for errors
show logging
show interfaces counters errors
```
### BGP Troubleshooting
```bash
# BGP process status
show ip bgp summary
# BGP neighbor details
show ip bgp neighbors 10.0.250.1
# BGP update messages
show bgp evpn neighbors 10.0.250.1 advertised-routes
show bgp evpn neighbors 10.0.250.1 received-routes
```
### VXLAN Troubleshooting
```bash
# VXLAN counters
show interfaces vxlan1 counters
# VXLAN flood list
show vxlan flood vtep
# Check for VXLAN errors
show vxlan counters
```
### MLAG Troubleshooting
```bash
# MLAG detailed status
show mlag detail
# MLAG inconsistencies
show mlag config-sanity
# Port-channel LACP status
show lacp interface
show lacp neighbor
```
### Packet Capture
```bash
# Capture BGP packets
bash tcpdump -i et11 -n port 179
# Capture VXLAN packets
bash tcpdump -i et11 -n port 4789
# Capture on VXLAN interface
monitor session vxlan source vxlan1 both
```
## Useful Show Commands by Category
### Quick Status Commands
```bash
show ip interface brief
show bgp summary
show vxlan vtep
show mlag
```
### Detailed Analysis Commands
```bash
show tech-support
show running-config
show ip route detail
show bgp evpn detail
```
### Real-time Monitoring
```bash
watch 1 show bgp evpn summary
watch 1 show vxlan address-table
watch 1 show mlag
```
## Expected Normal Output Examples
### Healthy BGP EVPN Summary (Leaf)
```
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc
10.0.250.1 4 65000 50 48 0 0 00:24:30 Estab 10 10
10.0.250.2 4 65000 49 47 0 0 00:24:25 Estab 10 10
```
### Healthy MLAG Status
```
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : c0:01:ca:fe:ba:be
dual-primary detection : Configured
```
### Healthy VXLAN Interface
```
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback1 and is active with 10.0.255.11
Replication/Flood Mode is headend with Flood List Source: EVPN
Remote MAC learning via EVPN
```
## Tips
1. **Always check both spines and leafs** - Verify configurations are symmetric
2. **Use 'watch' command** for real-time monitoring during changes
3. **Check logs** if something doesn't work as expected
4. **Verify bidirectional** connectivity and routing
5. **Test failure scenarios** by shutting down interfaces/devices
---
For more information, refer to:
- [Arista EOS EVPN Documentation](https://www.arista.com/en/um-eos/eos-section-41-1-evpn)
- [Arista VXLAN Configuration Guide](https://www.arista.com/en/um-eos/eos-vxlan)