Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Damien:12ad491bf9edfd6cd3de707df0d22fc0972fd5cf
Branches Tags
Damien:main
...
compare: Damien:ff15e90b5ccfc57bb91df2724a0835c4806058af
Branches Tags
Damien:main

5 Commits
12ad491bf9 ... ff15e90b5c

Author SHA1 Message Date
Damien
ff15e90b5c Update docs and diagram for extended multi-fabric topology 
- README: rewritten node inventory, AS map, addressing plan
  (management, Lo0/Lo1, P2P, hosts), VNI/RD/RT tables, control-plane
  summary and end-to-end Campus <-> DC test procedures through the
  Core (VRF gold stitching).
- hosts/README: document the two new Campus host configurations.
- assets/arista-evpn-fabric.svg: new three-zone layout (Campus, Core,
  DC) with legend.
- evpn-lab.clab.yml.annotations.json: reposition nodes and add zone
  labels so the ContainerLab graph matches the extended topology.
 2026-04-18 08:38:44 +00:00
Damien
6e0dcce746 Add Campus EVPN-VXLAN fabric configs and host interfaces 
- campus-spine1/2 (AS 66000): eBGP underlay + EVPN RR toward leafs
  and border leafs, addressing plan 10.1.x.x.
- campus-leaf1/2 (VTEP1, AS 66001, VTEP 10.1.255.11): VLAN 50
  (stretched L2 VXLAN, VNI 110050) and VLAN 60 (VRF gold anycast
  10.60.60.1, L3 VNI 100001).
- campus-leaf3/4 (VTEP2, AS 66002, VTEP 10.1.255.12): VLAN 50 and
  VLAN 70 (VRF gold anycast 10.60.70.1).
- border-leaf-campus1/2 (AS 66005, VTEP 10.1.255.21): MLAG pair,
  OSPF + eBGP to cores, VRF gold stitched via vxlan vrf gold
  vni 100001 with RT 1:100001.
- campus-access1/2: L2-only uplinks to campus leaf MLAG pairs,
  trunks VLAN 50+60 / 50+70.
- campus-host1/2 interface files: bond0 + VLAN sub-interfaces for
  the stretched L2 VLAN 50 and the VRF gold subnets.
 2026-04-18 08:38:35 +00:00
Damien
4b4c1852c4 Add Core router configs (AS 65500, iBGP + VRF gold transit) 
core1/core2 provide L3 transit between DC and Campus fabrics. Each
physical link toward a Border Leaf is subinterfaced (.100 default,
.200 VRF gold). OSPF area 0 in default VRF, eBGP to DC BLs (65005)
and Campus BLs (66005), iBGP between core1 and core2 via Loopback0.
VRF gold uses redistribute connected and VRF-aware eBGP sessions on
.200 subinterfaces to stitch VRF gold end-to-end across fabrics.
 2026-04-18 08:38:21 +00:00
Damien
d3b3c38ead Add DC Border Leaf configs (AS 65005, MLAG pair) 
Both border leafs share VTEP Loopback1 10.0.255.15 and peer with DC
spines in eBGP IPv4 + EVPN. Uplinks to core1/core2 use dot1q
subinterfaces (.100 default underlay, .200 VRF gold) with OSPF area 0
and eBGP to AS 65500. VRF gold extended via vxlan vrf gold vni 100001
with RD <Lo0>:1 and RT 1:100001.
 2026-04-18 08:38:12 +00:00
Damien
5e4b39d05d Extend topology with Core, Campus fabric and DC Border Leafs 
Add node declarations and links for:
- DC Border Leaf MLAG pair (border-leaf-dc1/2)
- Core routers (core1, core2) interconnected via eth5
- Campus spines, leafs, border leafs, access switches and two hosts
- DC spine eth9/eth10 uplinks toward DC Border Leafs (underlay + EVPN)
 2026-04-18 08:38:00 +00:00
23 changed files with 3479 additions and 731 deletions
Expand all files Collapse all files

423
README.md
View File

@@ -1,17 +1,23 @@
# Arista EVPN-VXLAN ContainerLab
# Arista EVPN-VXLAN ContainerLab — DC + Core + Campus
A production-ready Arista BGP EVPN-VXLAN data center fabric topology using ContainerLab and cEOS.
An extended Arista BGP EVPN-VXLAN multi-fabric lab using ContainerLab and cEOS. The topology interconnects a **Data Center fabric** and a **Campus fabric** through a dedicated **Core L3 transit zone**, with a VRF (`gold`) stretched end-to-end across both fabrics.
## 🎯 Overview
This lab demonstrates a complete 3-tier EVPN-VXLAN data center fabric with:
| Zone | Devices |
| ------ | --------------------------------------------------------------------------------------- |
| DC | 2 spines, 8 leafs (4 MLAG VTEPs), 2 border leafs (MLAG), 4 access switches, 4 hosts |
| Core | 2 core routers (iBGP AS 65500, OSPF underlay with BLs, eBGP to DC & Campus BLs) |
| Campus | 2 spines, 4 leafs (2 MLAG VTEPs), 2 border leafs (MLAG), 2 access switches, 2 hosts |
- **2 Spine switches** (BGP Route Reflectors)
- **8 Leaf switches** forming 4 VTEPs (MLAG pairs)
- **4 Access switches** (L2-only, dual-homed to leaf MLAG pairs)
- **BGP EVPN overlay** with L2/L3 VXLAN
- **MLAG configuration** for high availability
- **Test hosts** for validation
Key design choices:
- **eBGP** in both fabrics (underlay + EVPN overlay) between spines and leafs / border leafs.
- **OSPF area 0 + eBGP multi-hop** between each Border Leaf pair and both Core routers (over dot1q subinterfaces: `.100` = default VRF underlay, `.200` = VRF `gold`).
- **MLAG** everywhere there is dual-homing (leaf pairs, border-leaf pairs, access → leafs, host → access).
- **VRF `gold`** is stretched end-to-end: DC leafs (VLAN 34 / 78) ↔ DC-BL ↔ Core ↔ Campus-BL ↔ Campus leafs (VLAN 60 / 70), all sharing L3 VNI `100001`.
- **VLAN 50** is a campus-local L2 VXLAN stretched between the two Campus VTEPs.
- **Convention**: L2 VNI = `110000 + vlan_id`, L3 VNI = `100001` for VRF `gold`, RT `1:100001` in both fabrics.
## 📐 Topology
@@ -21,284 +27,323 @@ This lab demonstrates a complete 3-tier EVPN-VXLAN data center fabric with:
### Prerequisites
- ContainerLab installed
- Docker installed
- ContainerLab
- Docker
- Arista cEOS image: `ceos:4.35.0`
### Deploy the Lab
```bash
# Clone the repository
git clone https://gitea.arnodo.fr/Damien/arista-evpn-vxlan-clab.git
cd arista-evpn-vxlan-clab
# Deploy the topology
sudo containerlab deploy -t evpn-lab.clab.yml
# Check status
sudo containerlab inspect -t evpn-lab.clab.yml
```
### Access Devices
```bash
# SSH to any device (password: admin)
# SSH (password: admin) — works for every cEOS node
ssh admin@clab-arista-evpn-fabric-leaf1
ssh admin@clab-arista-evpn-fabric-core1
ssh admin@clab-arista-evpn-fabric-campus-leaf1
# Or use docker exec
docker exec -it clab-arista-evpn-fabric-leaf1 Cli
# Or via docker exec
docker exec -it clab-arista-evpn-fabric-border-leaf-dc1 Cli
```
## 📋 Configuration Details
## 📋 Architecture
### AS Numbers
### Node Inventory
- **Spine**: AS 65000
- **VTEP1 (Leaf1/2)**: AS 65001
- **VTEP2 (Leaf3/4)**: AS 65002
- **VTEP3 (Leaf5/6)**: AS 65003
- **VTEP4 (Leaf7/8)**: AS 65004
| Zone | Role | Nodes | AS |
| ------ | ----------------------- | ------------------------------------------------------ | ------ |
| DC | Spine | `spine1`, `spine2` | 65000 |
| DC | Leaf VTEP1 (MLAG) | `leaf1`, `leaf2` | 65001 |
| DC | Leaf VTEP2 (MLAG) | `leaf3`, `leaf4` | 65002 |
| DC | Leaf VTEP3 (MLAG) | `leaf5`, `leaf6` | 65003 |
| DC | Leaf VTEP4 (MLAG) | `leaf7`, `leaf8` | 65004 |
| DC | Border Leaf (MLAG) | `border-leaf-dc1`, `border-leaf-dc2` | 65005 |
| DC | Access (L2-only) | `access1`-`access4` | — |
| DC | Host | `host1`-`host4` | — |
| Core | Core router | `core1`, `core2` | 65500 |
| Campus | Spine | `campus-spine1`, `campus-spine2` | 66000 |
| Campus | Leaf VTEP1 (MLAG) | `campus-leaf1`, `campus-leaf2` | 66001 |
| Campus | Leaf VTEP2 (MLAG) | `campus-leaf3`, `campus-leaf4` | 66002 |
| Campus | Border Leaf (MLAG) | `border-leaf-campus1`, `border-leaf-campus2` | 66005 |
| Campus | Access (L2-only) | `campus-access1`, `campus-access2` | — |
| Campus | Host | `campus-host1`, `campus-host2` | — |
### AS Numbering
| AS | Role |
| ----- | ---------------------------------- |
| 65000 | DC Spine |
| 65001 | DC VTEP1 (leaf1/2) |
| 65002 | DC VTEP2 (leaf3/4) |
| 65003 | DC VTEP3 (leaf5/6) |
| 65004 | DC VTEP4 (leaf7/8) |
| 65005 | DC Border Leaf pair |
| 65500 | Core (iBGP between core1 & core2) |
| 66000 | Campus Spine |
| 66001 | Campus VTEP1 (campus-leaf1/2) |
| 66002 | Campus VTEP2 (campus-leaf3/4) |
| 66005 | Campus Border Leaf pair |
### Access Switches
| Access Switch | Uplink Leaf Pair | VLAN(s) | Connected Host |
| ------------- | ---------------- | ------- | -------------- |
| access1 | Leaf1/2 (VTEP1) | 40 | host1 |
| access2 | Leaf3/4 (VTEP2) | 34 | host2 |
| access3 | Leaf5/6 (VTEP3) | 40 | host3 |
| access4 | Leaf7/8 (VTEP4) | 78 | host4 |
| Access Switch | Uplink Pair | VLANs | Host |
| --------------- | ------------------------ | -------- | -------------- |
| access1 | leaf1/2 (VTEP1) | 40 | host1 |
| access2 | leaf3/4 (VTEP2) | 34 | host2 |
| access3 | leaf5/6 (VTEP3) | 40 | host3 |
| access4 | leaf7/8 (VTEP4) | 78 | host4 |
| campus-access1 | campus-leaf1/2 (VTEP1) | 50, 60 | campus-host1 |
| campus-access2 | campus-leaf3/4 (VTEP2) | 50, 70 | campus-host2 |
- L2-only switches with LACP uplinks (Port-Channel 10) to leaf MLAG pairs
- Host-facing downlinks via LACP (Port-Channel 1)
- STP mode MSTP with edge-port BPDU guard
All access switches are L2-only, LACP-bonded to their leaf MLAG pair via `Port-Channel10`, with host downlinks on `Port-Channel1`. MSTP + edge-port BPDU guard.
### IP Addressing
## 🧭 IP Addressing Plan
#### Management Network
### Management (`172.16.0.0/24`)
- Subnet: `172.16.0.0/24`
- Spine1: `172.16.0.1`
- Spine2: `172.16.0.2`
- Leaf1: `172.16.0.25`, Leaf2: `172.16.0.50`, Leaf3-8: `172.16.0.27-32`
- Access1-4: `172.16.0.41-44`
| Node | IP | Node | IP |
| ------------------------- | --------------- | ------------------------- | --------------- |
| spine1 | 172.16.0.1 | campus-spine1 | 172.16.0.20 |
| spine2 | 172.16.0.2 | campus-spine2 | 172.16.0.21 |
| border-leaf-dc1 | 172.16.0.3 | border-leaf-campus1 | 172.16.0.22 |
| border-leaf-dc2 | 172.16.0.4 | border-leaf-campus2 | 172.16.0.23 |
| core1 | 172.16.0.10 | campus-leaf1-4 | 172.16.0.51-54 |
| core2 | 172.16.0.11 | campus-access1 | 172.16.0.61 |
| leaf1 | 172.16.0.25 | campus-access2 | 172.16.0.62 |
| leaf2 | 172.16.0.50 | host1-4 | 172.16.0.101-104|
| leaf3-8 | 172.16.0.27-32 | campus-host1 | 172.16.0.105 |
| access1-4 | 172.16.0.41-44 | campus-host2 | 172.16.0.106 |
#### Loopback Interfaces
Gateway: `172.16.0.254`.
- **Router-ID Loopbacks (Lo0)**: `10.0.250.0/24`
- Spine1: `10.0.250.1/32`
- Spine2: `10.0.250.2/32`
- Leaf1-8: `10.0.250.11-18/32`
### Router-ID Loopback0 (`Lo0`)
- **VTEP Loopbacks (Lo1)**: `10.0.255.0/24`
- VTEP1: `10.0.255.11/32`
- VTEP2: `10.0.255.12/32`
- VTEP3: `10.0.255.13/32`
- VTEP4: `10.0.255.14/32`
| Zone | Range | Nodes |
| ------ | ------------------- | --------------------------------------------------------------------- |
| DC | `10.0.250.0/24` | spine1 .1, spine2 .2, leaf1-8 .11-.18, BL-dc1 .21, BL-dc2 .22 |
| Core | `10.0.200.0/24` | core1 `10.0.200.1`, core2 `10.0.200.2` |
| Campus | `10.1.250.0/24` | campus-spine1 .1, campus-spine2 .2, campus-leaf1-4 .11-.14, BL-campus1 .21, BL-campus2 .22 |
#### Underlay P2P Links
### VTEP Loopback1 (`Lo1`) — shared per MLAG pair
- Spine1 to Leafs: `10.0.1.0/31`, `10.0.1.2/31`, ... `10.0.1.14/31`
- Spine2 to Leafs: `10.0.2.0/31`, `10.0.2.2/31`, ... `10.0.2.14/31`
- MLAG iBGP peering: `10.0.3.0/31`, `10.0.3.2/31`, `10.0.3.4/31`, `10.0.3.6/31`
| Fabric | VTEP | Address | Leafs |
| ------ | ------ | --------------- | ---------------------- |
| DC | VTEP1 | `10.0.255.11` | leaf1, leaf2 |
| DC | VTEP2 | `10.0.255.12` | leaf3, leaf4 |
| DC | VTEP3 | `10.0.255.13` | leaf5, leaf6 |
| DC | VTEP4 | `10.0.255.14` | leaf7, leaf8 |
| DC | BL | `10.0.255.15` | border-leaf-dc1/2 |
| Campus | VTEP1 | `10.1.255.11` | campus-leaf1/2 |
| Campus | VTEP2 | `10.1.255.12` | campus-leaf3/4 |
| Campus | BL | `10.1.255.21` | border-leaf-campus1/2 |
#### Host Network Addressing
### Underlay P2P (`/31`)
| Host | VLAN | VRF | IP Address | Gateway | Type |
| ----- | ---- | ------- | --------------- | ---------- | -------- |
| host1 | 40 | default | 10.40.40.101/24 | - | L2 VXLAN |
| host2 | 34 | gold | 10.34.34.102/24 | 10.34.34.1 | L3 VXLAN |
| host3 | 40 | default | 10.40.40.103/24 | - | L2 VXLAN |
| host4 | 78 | gold | 10.78.78.104/24 | 10.78.78.1 | L3 VXLAN |
| Segment | Subnets |
| -------------------------------- | --------------------------------------- |
| DC spine1 ↔ leaf/BL | `10.0.1.0/31``10.0.1.18/31` |
| DC spine2 ↔ leaf/BL | `10.0.2.0/31``10.0.2.18/31` |
| DC MLAG iBGP SVIs (per pair) | `10.0.3.0/31`, `.2/31`, `.4/31`, `.6/31`, `.8/31` (BL) |
| DC MLAG peer-link SVIs | `10.0.199.240/31``10.0.199.246/31` |
| DC-BL ↔ Core (default, `.100`) | `10.0.4.0/31` .. `10.0.4.6/31` |
| DC-BL ↔ Core (VRF gold, `.200`) | `10.0.14.0/31` .. `10.0.14.6/31` |
| Campus-BL ↔ Core (default) | `10.0.5.0/31` .. `10.0.5.6/31` |
| Campus-BL ↔ Core (VRF gold) | `10.0.15.0/31` .. `10.0.15.6/31` |
| Core1 ↔ Core2 (default) | `10.0.200.128/31` |
| Core1 ↔ Core2 (VRF gold) | `10.0.200.130/31` |
| Campus spine1 ↔ leaf/BL | `10.1.1.0/31``10.1.1.10/31` |
| Campus spine2 ↔ leaf/BL | `10.1.2.0/31``10.1.2.10/31` |
| Campus MLAG iBGP SVIs | `10.1.3.0/31`, `.2/31`, `.4/31` |
| Campus MLAG peer-link SVIs | `10.1.199.250/31``10.1.199.254/31` |
**Notes:**
### Host Addressing
- Host1 and Host3 are in VLAN 40 (L2 VXLAN only) and can communicate at Layer 2
- Host2 and Host4 are in VRF "gold" with different subnets, communicating via EVPN Type-5 routes (L3 VXLAN)
- All hosts use LACP bonding (802.3ad) with dual-homing to access switches
- Each access switch is dual-homed via LACP (Port-Channel) to a leaf MLAG pair
| Host | VLAN | VRF | IP / Mask | Gateway | Purpose |
| ------------- | ---- | -------- | ----------------- | ------------ | ------------------------------ |
| host1 | 40 | default | 10.40.40.101/24 | — | DC L2 stretched (VTEP1↔VTEP3) |
| host2 | 34 | gold | 10.34.34.102/24 | 10.34.34.1 | DC L3 VRF gold |
| host3 | 40 | default | 10.40.40.103/24 | — | DC L2 stretched |
| host4 | 78 | gold | 10.78.78.104/24 | 10.78.78.1 | DC L3 VRF gold |
| campus-host1 | 50 | default | 10.50.50.101/24 | — | Campus L2 stretched (VTEP1↔VTEP2) |
| campus-host1 | 60 | gold | 10.60.60.101/24 | 10.60.60.1 | Campus L3 VRF gold |
| campus-host2 | 50 | default | 10.50.50.102/24 | — | Campus L2 stretched |
| campus-host2 | 70 | gold | 10.60.70.102/24 | 10.60.70.1 | Campus L3 VRF gold |
### VXLAN Network Identifiers (VNI)
## 🏷️ VXLAN Network Identifiers
#### L2 VNI (VLAN to VNI Mapping)
### L2 VNI Mapping
| VLAN | Description | VNI | VTEPs | Route Target | Route Distinguisher |
| ---- | ------------- | ------ | ------------------------------- | ------------ | -------------------------- |
| 40 | test-l2-vxlan | 110040 | VTEP1, VTEP3 (Leaf1/2, Leaf5/6) | 40:110040 | 65001:110040, 65003:110040 |
| VLAN | Description | VNI | Scope | RT |
| ---- | ------------------------------ | ------ | ------------------------------------------------------ | ---------- |
| 40 | DC L2 VXLAN (stretched) | 110040 | DC VTEP1 (leaf1/2) + VTEP3 (leaf5/6) | 40:110040 |
| 50 | Campus L2 VXLAN (stretched) | 110050 | Campus VTEP1 (campus-leaf1/2) + VTEP2 (campus-leaf3/4) | 50:110050 |
| 34 | DC VRF gold subnet (local) | 110034 | DC VTEP2 only (anycast GW 10.34.34.1) | 34:110034 |
| 78 | DC VRF gold subnet (local) | 110078 | DC VTEP4 only (anycast GW 10.78.78.1) | 78:110078 |
| 60 | Campus VRF gold subnet (local) | 110060 | Campus VTEP1 only (anycast GW 10.60.60.1) | 60:110060 |
| 70 | Campus VRF gold subnet (local) | 110070 | Campus VTEP2 only (anycast GW 10.60.70.1) | 70:110070 |
**L2 VNI Details:**
### L3 VNI Mapping (end-to-end)
- VLAN 40 is stretched across VTEP1 (Leaf1/2) and VTEP3 (Leaf5/6) for pure Layer 2 connectivity
- Hosts in VLAN 40 (host1 and host3) communicate at Layer 2 across the EVPN fabric
- EVPN Type-2 (MAC/IP) routes are used for MAC address learning and distribution
| VRF | L3 VNI | RT | Scope |
| ---- | ------- | ---------- | ----------------------------------------------------- |
| gold | 100001 | 1:100001 | DC VTEP2/VTEP4/DC-BL + Campus VTEP1/VTEP2/Campus-BL |
#### L3 VNI (VRF to VNI Mapping)
VRF `gold` is announced over EVPN Type-5 (IP prefix) inside each fabric, and **stitched by the Core** via eBGP IPv4 unicast in VRF gold (over the `.200` dot1q subinterfaces). L3 VNI `100001` is re-used end-to-end for symmetry; RT `1:100001` is consistent across both fabrics.
| VRF | Description | VNI | VTEPs | Route Target | VLANs |
| ---- | ------------------------------- | ------ | ------------------------------- | ------------ | ------ |
| gold | L3 VRF for inter-subnet routing | 100001 | VTEP2, VTEP4 (Leaf3/4, Leaf7/8) | 1:100001 | 34, 78 |
### Route Distinguisher Convention
**L3 VNI Details:**
- Leafs / BLs: `rd <Loopback0>:1` for VRF gold; `rd <AS>:<L2_VNI>` per L2 VLAN (e.g. `65001:110040`, `66002:110050`).
- Cores: `rd <Loopback0>:100001` for VRF gold (transit only — no EVPN, IPv4 unicast with `redistribute connected`).
- VRF "gold" uses VNI 100001 for Layer 3 VXLAN routing between different subnets
- VLAN 34 (10.34.34.0/24) on VTEP2 and VLAN 78 (10.78.78.0/24) on VTEP4 are both in VRF gold
- EVPN Type-5 (IP Prefix) routes are used for inter-subnet routing
- Each VTEP advertises its local subnets via EVPN, enabling routed connectivity between host2 and host4
## 🔀 Control Plane Summary
#### VNI Summary
| VNI Type | VNI | Purpose | EVPN Route Type |
| -------- | ------ | ----------------------------- | ------------------ |
| L2 VNI | 110040 | Layer 2 extension for VLAN 40 | Type-2 (MAC/IP) |
| L3 VNI | 100001 | Layer 3 routing for VRF gold | Type-5 (IP Prefix) |
### Features Implemented
**Underlay**
- BGP IPv4 Unicast
- ECMP with 4 paths
- eBGP between Spine-Leaf
- iBGP between MLAG pairs
**Overlay**
- BGP EVPN address family
- VXLAN data plane
- EVPN Type-2 (MAC/IP routes)
- EVPN Type-5 (IP Prefix routes)
**High Availability**
- MLAG dual-homing
- Dual-active detection
- Anycast VTEP gateway
| Segment | Protocol | Notes |
| ----------------------------------- | ------------------------------------ | ------------------------------------- |
| DC spine ↔ leaf/BL underlay | eBGP IPv4 (AS 65000 ↔ 650xx) | `maximum-paths 4 ecmp 64` |
| DC spine ↔ leaf/BL overlay | eBGP EVPN via Loopback0, multi-hop 3 | Spines reflect via `ebgp peer-group` |
| DC MLAG pair iBGP | iBGP over VLAN 4091 SVI | `next-hop-self` |
| DC-BL ↔ Core (default) | OSPF area 0 + eBGP AS 65005 ↔ 65500 | on `.100` dot1q subinterface |
| DC-BL ↔ Core (VRF gold) | eBGP AS 65005 ↔ 65500 | on `.200` dot1q subinterface |
| Core1 ↔ Core2 (default) | OSPF area 0 + iBGP AS 65500 | via Loopback0 |
| Core1 ↔ Core2 (VRF gold) | iBGP AS 65500 | VRF-aware over `.200` subinterface |
| Campus-BL ↔ Core (default / gold) | OSPF + eBGP AS 66005 ↔ 65500 | same pattern as DC-BL |
| Campus spine ↔ leaf/BL underlay | eBGP IPv4 (AS 66000 ↔ 660xx) | |
| Campus spine ↔ leaf/BL overlay | eBGP EVPN via Loopback0, multi-hop 3 | |
| Campus MLAG pair iBGP | iBGP over VLAN 4091 SVI | |
## 🧪 Testing & Validation
### Verify BGP EVPN Neighbors
### Fabric health
```bash
# On any spine
show bgp evpn summary
# DC
ssh admin@clab-arista-evpn-fabric-spine1 "show bgp evpn summary"
ssh admin@clab-arista-evpn-fabric-leaf3 "show bgp evpn summary"
ssh admin@clab-arista-evpn-fabric-border-leaf-dc1 "show bgp evpn summary"
# On any leaf
show bgp evpn summary
# Campus
ssh admin@clab-arista-evpn-fabric-campus-spine1 "show bgp evpn summary"
ssh admin@clab-arista-evpn-fabric-campus-leaf1 "show bgp evpn summary"
# Core transit (no EVPN — IPv4 only)
ssh admin@clab-arista-evpn-fabric-core1 "show ip bgp summary"
ssh admin@clab-arista-evpn-fabric-core1 "show ip bgp summary vrf gold"
ssh admin@clab-arista-evpn-fabric-core1 "show ip ospf neighbor"
```
### Verify VXLAN
### VXLAN
```bash
# Check VXLAN interface
# On any leaf/BL
show interface vxlan1
# Check remote VTEPs
show vxlan vtep
# Check VXLAN address table
show vxlan address-table
```
### Verify MLAG
### MLAG
```bash
# Check MLAG status
show mlag
# Check MLAG interfaces
show mlag interfaces
show mlag interfaces detail
```
### Test Connectivity
#### L2 VXLAN Testing (VLAN 40)
Test Layer 2 connectivity between host1 and host3 across the EVPN fabric:
### Intra-DC connectivity (existing tests)
```bash
# From host1 to host3 (same VLAN 40, different VTEPs)
docker exec -it clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
# L2 VLAN 40: host1 host3
docker exec -it clab-arista-evpn-fabric-host1 ping -c 3 10.40.40.103
# Check host1 interface
docker exec -it clab-arista-evpn-fabric-host1 ip addr show bond0
# From host3 to host1
docker exec -it clab-arista-evpn-fabric-host3 ping -c 4 10.40.40.101
# L3 VRF gold (DC only): host2 ↔ host4
docker exec -it clab-arista-evpn-fabric-host2 ping -c 3 10.78.78.104
```
#### L3 VXLAN Testing (VRF gold)
Test Layer 3 connectivity between host2 and host4 in VRF "gold":
### Intra-Campus connectivity
```bash
# From host2 to host4 (different subnets via EVPN Type-5)
docker exec -it clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
# L2 VLAN 50: campus-host1 ↔ campus-host2
docker exec -it clab-arista-evpn-fabric-campus-host1 ping -c 3 10.50.50.102
# From host4 to host2
docker exec -it clab-arista-evpn-fabric-host4 ping -c 4 10.34.34.102
# Check routing table on hosts
docker exec -it clab-arista-evpn-fabric-host2 ip route
docker exec -it clab-arista-evpn-fabric-host4 ip route
# L3 VRF gold (Campus only): campus-host1 ↔ campus-host2
docker exec -it clab-arista-evpn-fabric-campus-host1 ping -c 3 10.60.70.102
docker exec -it clab-arista-evpn-fabric-campus-host2 ping -c 3 10.60.60.101
```
#### Verify EVPN Routes on Switches
### End-to-end Campus ↔ DC (VRF gold via Core)
```bash
# Check EVPN Type-2 routes (MAC/IP) - for VLAN 40
ssh admin@clab-arista-evpn-fabric-leaf1
show bgp evpn route-type mac-ip
# campus-host1 (10.60.60.101, VRF gold Campus) → host2 (10.34.34.102, VRF gold DC)
docker exec -it clab-arista-evpn-fabric-campus-host1 ping -c 3 10.34.34.102
# Check EVPN Type-5 routes (IP Prefix) - for VRF gold
ssh admin@clab-arista-evpn-fabric-leaf3
show bgp evpn route-type ip-prefix ipv4
# campus-host2 (10.60.70.102) → host4 (10.78.78.104)
docker exec -it clab-arista-evpn-fabric-campus-host2 ping -c 3 10.78.78.104
# Verify VXLAN learned MACs
show vxlan address-table
# Reverse direction
docker exec -it clab-arista-evpn-fabric-host2 ping -c 3 10.60.60.101
docker exec -it clab-arista-evpn-fabric-host4 ping -c 3 10.60.70.102
# Check MAC addresses learned via EVPN
show mac address-table
# Traceroute: expected path campus-leaf → campus-BL → core → DC-BL → DC-leaf
docker exec -it clab-arista-evpn-fabric-campus-host1 traceroute 10.34.34.102
```
### Inspect the Core transit path
```bash
# Check VRF gold routes on core1 — both DC and Campus prefixes should be present
ssh admin@clab-arista-evpn-fabric-core1 "show ip route vrf gold"
ssh admin@clab-arista-evpn-fabric-core1 "show ip bgp vrf gold"
# EVPN Type-5 on DC-BL (imported from DC fabric, redistributed from Core into EVPN)
ssh admin@clab-arista-evpn-fabric-border-leaf-dc1 "show bgp evpn route-type ip-prefix ipv4"
# EVPN Type-5 on Campus-BL
ssh admin@clab-arista-evpn-fabric-border-leaf-campus1 "show bgp evpn route-type ip-prefix ipv4"
```
## 📁 Repository Structure
```
arista-evpn-vxlan-clab/
├── README.md # This file
├── TROUBLESHOOTING.md # Troubleshooting guide
├── END_TO_END_TESTING.md # Testing procedures
├── evpn-lab.clab.yml # ContainerLab topology
├── assets/
│ └── arista-evpn-fabric.svg # Topology diagram
├── configs/ # Device configurations
│ ├── spine1.cfg
│ ├── spine2.cfg
│ ├── leaf1.cfg through leaf8.cfg
│ ├── access1.cfg
│ ├── access2.cfg
│ ├── access3.cfg
│ └── access4.cfg
└── hosts/ # Host interface configurations
├── README.md
├── host1_interfaces
├── host2_interfaces
├── host3_interfaces
└── host4_interfaces
├── TROUBLESHOOTING.md
├── END_TO_END_TESTING.md
├── evpn-lab.clab.yml
├── evpn-lab.clab.yml.annotations.json
├── assets/
│ └── arista-evpn-fabric.svg
├── configs/
│ ├── spine1.cfg, spine2.cfg
│ ├── leaf1.cfg … leaf8.cfg
│ ├── border-leaf-dc1.cfg, border-leaf-dc2.cfg
│ ├── access1.cfg … access4.cfg
│ ├── core1.cfg, core2.cfg
│ ├── campus-spine1.cfg, campus-spine2.cfg
│ ├── campus-leaf1.cfg … campus-leaf4.cfg
│ ├── border-leaf-campus1.cfg, border-leaf-campus2.cfg
│ └── campus-access1.cfg, campus-access2.cfg
└── hosts/
├── README.md
├── host1_interfaces … host4_interfaces
├── campus-host1_interfaces
└── campus-host2_interfaces
```
## 🗑️ Cleanup
```bash
# Destroy the lab
sudo containerlab destroy -t evpn-lab.clab.yml
# Remove all related containers and networks
sudo containerlab destroy -t evpn-lab.clab.yml --cleanup
```
## 📚 References
- [Original Configuration Guide](https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/)
- [Arista EOS Documentation](https://www.arista.com/en/support/product-documentation)
- [ContainerLab Documentation](https://containerlab.dev/)
- [RFC 7432 - BGP MPLS-Based Ethernet VPN](https://tools.ietf.org/html/rfc7432)
- [RFC 8365 - A Network Virtualization Overlay Solution Using EVPN](https://tools.ietf.org/html/rfc8365)
- [RFC 7432 BGP MPLS-Based Ethernet VPN](https://tools.ietf.org/html/rfc7432)
- [RFC 8365 A Network Virtualization Overlay Solution Using EVPN](https://tools.ietf.org/html/rfc8365)
- [RFC 9135 — Integrated Routing and Bridging in EVPN](https://tools.ietf.org/html/rfc9135)

630
assets/arista-evpn-fabric.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 49 KiB

After

Width:  |  Height:  |  Size: 14 KiB

234
configs/border-leaf-campus1.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-Campus1 Configuration
! Campus Border Leaf - AS 66005 (MLAG pair with border-leaf-campus2)
! Provides egress from Campus EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-campus1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.22/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.254/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.4/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.21/32
!
interface Loopback1
description VTEP
ip address 10.1.255.21/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.1.250.221/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.9/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.9/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.1/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.1/31
mtu 9214
!
! Uplink to Core2
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.5/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.5/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-campus
local-interface Vlan4090
peer-address 10.1.199.255
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.23 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.1.250.21
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.1.250.21/32 area 0
network 10.0.5.0/31 area 0
network 10.0.5.4/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 66005
router-id 10.1.250.21
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to Campus spines)
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.8 peer group underlay
neighbor 10.1.2.8 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.5 peer group underlay_ibgp
!
! EVPN peer-group (to Campus spines)
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! eBGP to Core routers (default VRF)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.5.0 peer group core
neighbor 10.0.5.4 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.1.250.21/32
network 10.1.255.21/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.21:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.1.250.21
neighbor 10.0.15.0 remote-as 65500
neighbor 10.0.15.0 send-community extended
neighbor 10.0.15.0 maximum-routes 12000 warning-only
neighbor 10.0.15.4 remote-as 65500
neighbor 10.0.15.4 send-community extended
neighbor 10.0.15.4 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end

234
configs/border-leaf-campus2.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-Campus2 Configuration
! Campus Border Leaf - AS 66005 (MLAG pair with border-leaf-campus1)
! Provides egress from Campus EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-campus2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.23/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.255/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.5/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.22/32
!
interface Loopback1
description VTEP
ip address 10.1.255.21/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.1.250.222/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.11/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.11/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.3/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.3/31
mtu 9214
!
! Uplink to Core2
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.7/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.7/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-campus
local-interface Vlan4090
peer-address 10.1.199.254
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.22 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.1.250.22
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.1.250.22/32 area 0
network 10.0.5.2/31 area 0
network 10.0.5.6/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 66005
router-id 10.1.250.22
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to Campus spines)
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.10 peer group underlay
neighbor 10.1.2.10 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.4 peer group underlay_ibgp
!
! EVPN peer-group (to Campus spines)
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! eBGP to Core routers (default VRF)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.5.2 peer group core
neighbor 10.0.5.6 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.1.250.22/32
network 10.1.255.21/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.22:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.1.250.22
neighbor 10.0.15.2 remote-as 65500
neighbor 10.0.15.2 send-community extended
neighbor 10.0.15.2 maximum-routes 12000 warning-only
neighbor 10.0.15.6 remote-as 65500
neighbor 10.0.15.6 send-community extended
neighbor 10.0.15.6 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end

234
configs/border-leaf-dc1.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-DC1 Configuration
! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc2)
! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-dc1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.3/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.0.199.246/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.0.3.8/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.0.250.21/32
!
interface Loopback1
description VTEP
ip address 10.0.255.15/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.0.250.221/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Spines
interface Ethernet11
description spine1
no switchport
ip address 10.0.1.17/31
mtu 9214
!
interface Ethernet12
description spine2
no switchport
ip address 10.0.2.17/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.1/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.1/31
mtu 9214
!
! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.5/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.5/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-dc
local-interface Vlan4090
peer-address 10.0.199.247
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.4 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.0.250.21
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.0.250.21/32 area 0
network 10.0.4.0/31 area 0
network 10.0.4.4/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65005
router-id 10.0.250.21
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to DC spines)
neighbor underlay peer group
neighbor underlay remote-as 65000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.0.1.16 peer group underlay
neighbor 10.0.2.16 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 65005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.0.3.9 peer group underlay_ibgp
!
! EVPN peer-group (to DC spines)
neighbor evpn peer group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.0.250.1 peer group evpn
neighbor 10.0.250.2 peer group evpn
!
! eBGP to Core routers (default VRF, underlay peer-group for /31 sessions)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.4.0 peer group core
neighbor 10.0.4.4 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.0.250.21/32
network 10.0.255.15/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.0.250.21:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.0.250.21
neighbor 10.0.14.0 remote-as 65500
neighbor 10.0.14.0 send-community extended
neighbor 10.0.14.0 maximum-routes 12000 warning-only
neighbor 10.0.14.4 remote-as 65500
neighbor 10.0.14.4 send-community extended
neighbor 10.0.14.4 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end

234
configs/border-leaf-dc2.cfg Normal file
View File

@@ -0,0 +1,234 @@
! Border-Leaf-DC2 Configuration
! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc1)
! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-dc2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.4/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.0.199.247/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.0.3.9/31
mtu 9214
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.0.250.22/32
!
interface Loopback1
description VTEP
ip address 10.0.255.15/32
!
interface Loopback2
description VRF-Gold-health
vrf gold
ip address 10.0.250.222/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Spines
interface Ethernet11
description spine1
no switchport
ip address 10.0.1.19/31
mtu 9214
!
interface Ethernet12
description spine2
no switchport
ip address 10.0.2.19/31
mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
description core1
no switchport
mtu 9214
!
interface Ethernet13.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.3/31
mtu 9214
!
interface Ethernet13.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.3/31
mtu 9214
!
! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet14
description core2
no switchport
mtu 9214
!
interface Ethernet14.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.7/31
mtu 9214
!
interface Ethernet14.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.7/31
mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id border-leafs-dc
local-interface Vlan4090
peer-address 10.0.199.246
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.3 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
router-id 10.0.250.22
passive-interface default
no passive-interface Ethernet13.100
no passive-interface Ethernet14.100
network 10.0.250.22/32 area 0
network 10.0.4.2/31 area 0
network 10.0.4.6/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65005
router-id 10.0.250.22
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group (to DC spines)
neighbor underlay peer group
neighbor underlay remote-as 65000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.0.1.18 peer group underlay
neighbor 10.0.2.18 peer group underlay
!
! iBGP peer-group (to MLAG peer)
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 65005
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.0.3.8 peer group underlay_ibgp
!
! EVPN peer-group (to DC spines)
neighbor evpn peer group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.0.250.1 peer group evpn
neighbor 10.0.250.2 peer group evpn
!
! eBGP to Core routers (default VRF)
neighbor core peer group
neighbor core remote-as 65500
neighbor core send-community extended
neighbor core maximum-routes 12000 warning-only
neighbor 10.0.4.2 peer group core
neighbor 10.0.4.6 peer group core
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
neighbor core activate
network 10.0.250.22/32
network 10.0.255.15/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.0.250.22:1
route-target import evpn 1:100001
route-target export evpn 1:100001
router-id 10.0.250.22
neighbor 10.0.14.2 remote-as 65500
neighbor 10.0.14.2 send-community extended
neighbor 10.0.14.2 maximum-routes 12000 warning-only
neighbor 10.0.14.6 remote-as 65500
neighbor 10.0.14.6 send-community extended
neighbor 10.0.14.6 maximum-routes 12000 warning-only
redistribute connected
redistribute learned
!
end

68
configs/campus-access1.cfg Normal file
View File

@@ -0,0 +1,68 @@
! Campus-Access1 Configuration
! L2-only access switch for Campus VTEP1 (campus-leaf1/leaf2)
!
hostname campus-access1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 60
name vrf-gold-campus-subnet1
!
! Management interface
interface Management0
ip address 172.16.0.61/24
!
! Spanning-tree
spanning-tree mode mstp
spanning-tree edge-port bpduguard default
!
! Uplink to campus leaf MLAG pair (Port-Channel 10)
interface Ethernet1
description campus-leaf1-uplink
channel-group 10 mode active
!
interface Ethernet2
description campus-leaf2-uplink
channel-group 10 mode active
!
interface Port-Channel10
description uplink-to-campus-leaf-mlag
switchport mode trunk
switchport trunk allowed vlan 50,60
no shutdown
!
! Host-facing downlink (Port-Channel 1)
interface Ethernet3
description campus-host1
channel-group 1 mode active
!
interface Ethernet4
description campus-host1
channel-group 1 mode active
!
interface Port-Channel1
description campus-host1
switchport mode trunk
switchport trunk allowed vlan 50,60
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
spanning-tree portfast
no shutdown
!
! Default route for management
ip route 0.0.0.0/0 172.16.0.254
!
end

68
configs/campus-access2.cfg Normal file
View File

@@ -0,0 +1,68 @@
! Campus-Access2 Configuration
! L2-only access switch for Campus VTEP2 (campus-leaf3/leaf4)
!
hostname campus-access2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 70
name vrf-gold-campus-subnet2
!
! Management interface
interface Management0
ip address 172.16.0.62/24
!
! Spanning-tree
spanning-tree mode mstp
spanning-tree edge-port bpduguard default
!
! Uplink to campus leaf MLAG pair (Port-Channel 10)
interface Ethernet1
description campus-leaf3-uplink
channel-group 10 mode active
!
interface Ethernet2
description campus-leaf4-uplink
channel-group 10 mode active
!
interface Port-Channel10
description uplink-to-campus-leaf-mlag
switchport mode trunk
switchport trunk allowed vlan 50,70
no shutdown
!
! Host-facing downlink (Port-Channel 1)
interface Ethernet3
description campus-host2
channel-group 1 mode active
!
interface Ethernet4
description campus-host2
channel-group 1 mode active
!
interface Port-Channel1
description campus-host2
switchport mode trunk
switchport trunk allowed vlan 50,70
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
spanning-tree portfast
no shutdown
!
! Default route for management
ip route 0.0.0.0/0 172.16.0.254
!
end

195
configs/campus-leaf1.cfg Normal file
View File

@@ -0,0 +1,195 @@
! Campus-Leaf1 Configuration
! Campus VTEP1 - AS 66001 (MLAG pair with campus-leaf2)
!
hostname campus-leaf1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 60
name vrf-gold-campus-subnet1
!
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.51/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.252/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.0/31
mtu 9214
!
! VRF VLAN Interface
interface Vlan60
vrf gold
ip address 10.60.60.2/24
ip virtual-router address 10.60.60.1
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.11/32
!
interface Loopback1
description VTEP
ip address 10.1.255.11/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.1/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.1/31
mtu 9214
!
! Access-facing interface (MLAG with LACP)
interface Ethernet1
description campus-access1
channel-group 1 mode active
!
interface Port-Channel1
description campus-access1
switchport mode trunk
switchport trunk allowed vlan 50,60
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id campus-leafs
local-interface Vlan4090
peer-address 10.1.199.253
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.52 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vlan 50 vni 110050
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! BGP Configuration
router bgp 66001
router-id 10.1.250.11
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.0 peer group underlay
neighbor 10.1.2.0 peer group underlay
!
! iBGP peer-group
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66001
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.1 peer group underlay_ibgp
!
! EVPN peer-group
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! VLAN 50 for L2 VXLAN (stretched across Campus VTEPs)
vlan 50
rd 66001:110050
route-target both 50:110050
redistribute learned
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
network 10.1.250.11/32
network 10.1.255.11/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.11:1
route-target import evpn 1:100001
route-target export evpn 1:100001
redistribute connected
!
end

195
configs/campus-leaf2.cfg Normal file
View File

@@ -0,0 +1,195 @@
! Campus-Leaf2 Configuration
! Campus VTEP1 - AS 66001 (MLAG pair with campus-leaf1)
!
hostname campus-leaf2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 60
name vrf-gold-campus-subnet1
!
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.52/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.253/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.1/31
mtu 9214
!
! VRF VLAN Interface
interface Vlan60
vrf gold
ip address 10.60.60.3/24
ip virtual-router address 10.60.60.1
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.12/32
!
interface Loopback1
description VTEP
ip address 10.1.255.11/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.3/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.3/31
mtu 9214
!
! Access-facing interface (MLAG with LACP)
interface Ethernet1
description campus-access1
channel-group 1 mode active
!
interface Port-Channel1
description campus-access1
switchport mode trunk
switchport trunk allowed vlan 50,60
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id campus-leafs
local-interface Vlan4090
peer-address 10.1.199.252
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.51 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vlan 50 vni 110050
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! BGP Configuration
router bgp 66001
router-id 10.1.250.12
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.2 peer group underlay
neighbor 10.1.2.2 peer group underlay
!
! iBGP peer-group
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66001
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.0 peer group underlay_ibgp
!
! EVPN peer-group
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! VLAN 50 for L2 VXLAN (stretched across Campus VTEPs)
vlan 50
rd 66001:110050
route-target both 50:110050
redistribute learned
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
network 10.1.250.12/32
network 10.1.255.11/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.12:1
route-target import evpn 1:100001
route-target export evpn 1:100001
redistribute connected
!
end

195
configs/campus-leaf3.cfg Normal file
View File

@@ -0,0 +1,195 @@
! Campus-Leaf3 Configuration
! Campus VTEP2 - AS 66002 (MLAG pair with campus-leaf4)
!
hostname campus-leaf3
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 70
name vrf-gold-campus-subnet2
!
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.53/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.250/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.2/31
mtu 9214
!
! VRF VLAN Interface
interface Vlan70
vrf gold
ip address 10.60.70.2/24
ip virtual-router address 10.60.70.1
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.13/32
!
interface Loopback1
description VTEP
ip address 10.1.255.12/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.5/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.5/31
mtu 9214
!
! Access-facing interface (MLAG with LACP)
interface Ethernet1
description campus-access2
channel-group 1 mode active
!
interface Port-Channel1
description campus-access2
switchport mode trunk
switchport trunk allowed vlan 50,70
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id campus-leafs
local-interface Vlan4090
peer-address 10.1.199.251
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.54 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vlan 50 vni 110050
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! BGP Configuration
router bgp 66002
router-id 10.1.250.13
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.4 peer group underlay
neighbor 10.1.2.4 peer group underlay
!
! iBGP peer-group
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66002
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.3 peer group underlay_ibgp
!
! EVPN peer-group
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! VLAN 50 for L2 VXLAN (stretched across Campus VTEPs)
vlan 50
rd 66002:110050
route-target both 50:110050
redistribute learned
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
network 10.1.250.13/32
network 10.1.255.12/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.13:1
route-target import evpn 1:100001
route-target export evpn 1:100001
redistribute connected
!
end

195
configs/campus-leaf4.cfg Normal file
View File

@@ -0,0 +1,195 @@
! Campus-Leaf4 Configuration
! Campus VTEP2 - AS 66002 (MLAG pair with campus-leaf3)
!
hostname campus-leaf4
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 50
name test-l2-vxlan-campus
!
vlan 70
name vrf-gold-campus-subnet2
!
vlan 4090
name mlag-peer
trunk group mlag-peer
!
vlan 4091
name mlag-ibgp
trunk group mlag-peer
!
! Management interface
interface Management0
ip address 172.16.0.54/24
!
! MLAG Peer-link SVI
interface Vlan4090
description MLAG Peer-Link
ip address 10.1.199.251/31
no autostate
!
! iBGP Peering SVI
interface Vlan4091
description MLAG iBGP Peering
ip address 10.1.3.3/31
mtu 9214
!
! VRF VLAN Interface
interface Vlan70
vrf gold
ip address 10.60.70.3/24
ip virtual-router address 10.60.70.1
!
! Loopbacks
interface Loopback0
description Router-ID
ip address 10.1.250.14/32
!
interface Loopback1
description VTEP
ip address 10.1.255.12/32
!
! MLAG Peer-link
interface Ethernet10
description mlag peer link
channel-group 999 mode active
!
interface Port-Channel999
description MLAG Peer
switchport mode trunk
switchport trunk group mlag-peer
spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Campus Spines
interface Ethernet11
description campus-spine1
no switchport
ip address 10.1.1.7/31
mtu 9214
!
interface Ethernet12
description campus-spine2
no switchport
ip address 10.1.2.7/31
mtu 9214
!
! Access-facing interface (MLAG with LACP)
interface Ethernet1
description campus-access2
channel-group 1 mode active
!
interface Port-Channel1
description campus-access2
switchport mode trunk
switchport trunk allowed vlan 50,70
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
domain-id campus-leafs
local-interface Vlan4090
peer-address 10.1.199.250
peer-link Port-Channel999
dual-primary detection delay 10 action errdisable all-interfaces
peer-address heartbeat 172.16.0.53 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan learn-restrict any
vxlan vlan 50 vni 110050
vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! BGP Configuration
router bgp 66002
router-id 10.1.250.14
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay peer-group
neighbor underlay peer group
neighbor underlay remote-as 66000
neighbor underlay maximum-routes 12000 warning-only
neighbor 10.1.1.6 peer group underlay
neighbor 10.1.2.6 peer group underlay
!
! iBGP peer-group
neighbor underlay_ibgp peer group
neighbor underlay_ibgp remote-as 66002
neighbor underlay_ibgp maximum-routes 12000 warning-only
neighbor underlay_ibgp next-hop-self
neighbor 10.1.3.2 peer group underlay_ibgp
!
! EVPN peer-group
neighbor evpn peer group
neighbor evpn remote-as 66000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.1.250.1 peer group evpn
neighbor 10.1.250.2 peer group evpn
!
! VLAN 50 for L2 VXLAN (stretched across Campus VTEPs)
vlan 50
rd 66002:110050
route-target both 50:110050
redistribute learned
!
! IPv4 address family
address-family ipv4
neighbor underlay activate
neighbor underlay_ibgp activate
network 10.1.250.14/32
network 10.1.255.12/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
! VRF Gold configuration
vrf gold
rd 10.1.250.14:1
route-target import evpn 1:100001
route-target export evpn 1:100001
redistribute connected
!
end

124
configs/campus-spine1.cfg Normal file
View File

@@ -0,0 +1,124 @@
! Campus-Spine1 Configuration
! Campus BGP EVPN Spine - AS 66000
!
hostname campus-spine1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
ip route 100.64.0.0/10 172.16.0.254
!
! Enable routing protocols
service routing protocols model multi-agent
!
! Management interface
interface Management0
ip address 172.16.0.20/24
!
! Loopback for BGP Router-ID
interface Loopback0
ip address 10.1.250.1/32
!
! Underlay P2P interfaces to Campus Leafs
interface Ethernet1
description campus-leaf1
no switchport
ip address 10.1.1.0/31
mtu 9214
!
interface Ethernet2
description campus-leaf2
no switchport
ip address 10.1.1.2/31
mtu 9214
!
interface Ethernet3
description campus-leaf3
no switchport
ip address 10.1.1.4/31
mtu 9214
!
interface Ethernet4
description campus-leaf4
no switchport
ip address 10.1.1.6/31
mtu 9214
!
! Underlay P2P interfaces to Campus Border Leafs
interface Ethernet5
description border-leaf-campus1
no switchport
ip address 10.1.1.8/31
mtu 9214
!
interface Ethernet6
description border-leaf-campus2
no switchport
ip address 10.1.1.10/31
mtu 9214
!
! BGP Configuration
router bgp 66000
router-id 10.1.250.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay IPv4 neighbors
neighbor 10.1.1.1 remote-as 66001
neighbor 10.1.1.3 remote-as 66001
neighbor 10.1.1.5 remote-as 66002
neighbor 10.1.1.7 remote-as 66002
neighbor 10.1.1.9 remote-as 66005
neighbor 10.1.1.11 remote-as 66005
!
! EVPN peer-group configuration
neighbor evpn peer group
neighbor evpn next-hop-unchanged
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
!
! EVPN neighbors (to campus leaf loopbacks)
neighbor 10.1.250.11 peer group evpn
neighbor 10.1.250.11 remote-as 66001
neighbor 10.1.250.12 peer group evpn
neighbor 10.1.250.12 remote-as 66001
neighbor 10.1.250.13 peer group evpn
neighbor 10.1.250.13 remote-as 66002
neighbor 10.1.250.14 peer group evpn
neighbor 10.1.250.14 remote-as 66002
!
! EVPN neighbors (to campus border-leaf loopbacks)
neighbor 10.1.250.21 peer group evpn
neighbor 10.1.250.21 remote-as 66005
neighbor 10.1.250.22 peer group evpn
neighbor 10.1.250.22 remote-as 66005
!
! IPv4 address family
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.3 activate
neighbor 10.1.1.5 activate
neighbor 10.1.1.7 activate
neighbor 10.1.1.9 activate
neighbor 10.1.1.11 activate
network 10.1.250.1/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
end

124
configs/campus-spine2.cfg Normal file
View File

@@ -0,0 +1,124 @@
! Campus-Spine2 Configuration
! Campus BGP EVPN Spine - AS 66000
!
hostname campus-spine2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
ip route 100.64.0.0/10 172.16.0.254
!
! Enable routing protocols
service routing protocols model multi-agent
!
! Management interface
interface Management0
ip address 172.16.0.21/24
!
! Loopback for BGP Router-ID
interface Loopback0
ip address 10.1.250.2/32
!
! Underlay P2P interfaces to Campus Leafs
interface Ethernet1
description campus-leaf1
no switchport
ip address 10.1.2.0/31
mtu 9214
!
interface Ethernet2
description campus-leaf2
no switchport
ip address 10.1.2.2/31
mtu 9214
!
interface Ethernet3
description campus-leaf3
no switchport
ip address 10.1.2.4/31
mtu 9214
!
interface Ethernet4
description campus-leaf4
no switchport
ip address 10.1.2.6/31
mtu 9214
!
! Underlay P2P interfaces to Campus Border Leafs
interface Ethernet5
description border-leaf-campus1
no switchport
ip address 10.1.2.8/31
mtu 9214
!
interface Ethernet6
description border-leaf-campus2
no switchport
ip address 10.1.2.10/31
mtu 9214
!
! BGP Configuration
router bgp 66000
router-id 10.1.250.2
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! Underlay IPv4 neighbors
neighbor 10.1.2.1 remote-as 66001
neighbor 10.1.2.3 remote-as 66001
neighbor 10.1.2.5 remote-as 66002
neighbor 10.1.2.7 remote-as 66002
neighbor 10.1.2.9 remote-as 66005
neighbor 10.1.2.11 remote-as 66005
!
! EVPN peer-group configuration
neighbor evpn peer group
neighbor evpn next-hop-unchanged
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
!
! EVPN neighbors (to campus leaf loopbacks)
neighbor 10.1.250.11 peer group evpn
neighbor 10.1.250.11 remote-as 66001
neighbor 10.1.250.12 peer group evpn
neighbor 10.1.250.12 remote-as 66001
neighbor 10.1.250.13 peer group evpn
neighbor 10.1.250.13 remote-as 66002
neighbor 10.1.250.14 peer group evpn
neighbor 10.1.250.14 remote-as 66002
!
! EVPN neighbors (to campus border-leaf loopbacks)
neighbor 10.1.250.21 peer group evpn
neighbor 10.1.250.21 remote-as 66005
neighbor 10.1.250.22 peer group evpn
neighbor 10.1.250.22 remote-as 66005
!
! IPv4 address family
address-family ipv4
neighbor 10.1.2.1 activate
neighbor 10.1.2.3 activate
neighbor 10.1.2.5 activate
neighbor 10.1.2.7 activate
neighbor 10.1.2.9 activate
neighbor 10.1.2.11 activate
network 10.1.250.2/32
!
! EVPN address family
address-family evpn
neighbor evpn activate
!
end

224
configs/core1.cfg Normal file
View File

@@ -0,0 +1,224 @@
! Core1 Configuration
! Core Router - AS 65500
! Transit between DC Border Leafs and Campus Border Leafs
!
hostname core1
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! Management interface
interface Management0
ip address 172.16.0.10/24
!
! Loopback for BGP Router-ID (default VRF)
interface Loopback0
description Router-ID
ip address 10.0.200.1/32
!
! Loopback in VRF Gold (router-id and health)
interface Loopback1
description VRF-Gold-RouterID
vrf gold
ip address 10.0.200.101/32
!
! Link to DC Border Leaf 1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet1
description border-leaf-dc1
no switchport
mtu 9214
!
interface Ethernet1.100
description border-leaf-dc1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.0/31
mtu 9214
!
interface Ethernet1.200
description border-leaf-dc1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.0/31
mtu 9214
!
! Link to DC Border Leaf 2
interface Ethernet2
description border-leaf-dc2
no switchport
mtu 9214
!
interface Ethernet2.100
description border-leaf-dc2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.2/31
mtu 9214
!
interface Ethernet2.200
description border-leaf-dc2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.2/31
mtu 9214
!
! Link to Campus Border Leaf 1
interface Ethernet3
description border-leaf-campus1
no switchport
mtu 9214
!
interface Ethernet3.100
description border-leaf-campus1-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.0/31
mtu 9214
!
interface Ethernet3.200
description border-leaf-campus1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.0/31
mtu 9214
!
! Link to Campus Border Leaf 2
interface Ethernet4
description border-leaf-campus2
no switchport
mtu 9214
!
interface Ethernet4.100
description border-leaf-campus2-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.2/31
mtu 9214
!
interface Ethernet4.200
description border-leaf-campus2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.2/31
mtu 9214
!
! Inter-Core link
interface Ethernet5
description core2
no switchport
mtu 9214
!
interface Ethernet5.100
description core2-underlay
encapsulation dot1q vlan 100
ip address 10.0.200.128/31
mtu 9214
!
interface Ethernet5.200
description core2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.200.130/31
mtu 9214
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability (default VRF)
router ospf 1
router-id 10.0.200.1
passive-interface default
no passive-interface Ethernet1.100
no passive-interface Ethernet2.100
no passive-interface Ethernet3.100
no passive-interface Ethernet4.100
no passive-interface Ethernet5.100
network 10.0.200.1/32 area 0
network 10.0.4.0/31 area 0
network 10.0.4.2/31 area 0
network 10.0.5.0/31 area 0
network 10.0.5.2/31 area 0
network 10.0.200.128/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65500
router-id 10.0.200.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! iBGP to core2 (loopback-based, default VRF)
neighbor core_ibgp peer group
neighbor core_ibgp remote-as 65500
neighbor core_ibgp update-source Loopback0
neighbor core_ibgp next-hop-self
neighbor core_ibgp send-community extended
neighbor core_ibgp maximum-routes 12000 warning-only
neighbor 10.0.200.2 peer group core_ibgp
!
! eBGP to DC Border Leafs (default VRF)
neighbor dc_bl peer group
neighbor dc_bl remote-as 65005
neighbor dc_bl send-community extended
neighbor dc_bl maximum-routes 12000 warning-only
neighbor 10.0.4.1 peer group dc_bl
neighbor 10.0.4.3 peer group dc_bl
!
! eBGP to Campus Border Leafs (default VRF)
neighbor campus_bl peer group
neighbor campus_bl remote-as 66005
neighbor campus_bl send-community extended
neighbor campus_bl maximum-routes 12000 warning-only
neighbor 10.0.5.1 peer group campus_bl
neighbor 10.0.5.3 peer group campus_bl
!
! IPv4 address family (default VRF)
address-family ipv4
neighbor core_ibgp activate
neighbor dc_bl activate
neighbor campus_bl activate
network 10.0.200.1/32
!
! VRF Gold configuration - transit for inter-fabric routing
vrf gold
rd 10.0.200.1:100001
router-id 10.0.200.1
! iBGP to core2 in VRF gold (P2P)
neighbor 10.0.200.131 remote-as 65500
neighbor 10.0.200.131 next-hop-self
neighbor 10.0.200.131 send-community extended
neighbor 10.0.200.131 maximum-routes 12000 warning-only
! eBGP to DC Border Leafs in VRF gold
neighbor 10.0.14.1 remote-as 65005
neighbor 10.0.14.1 send-community extended
neighbor 10.0.14.1 maximum-routes 12000 warning-only
neighbor 10.0.14.3 remote-as 65005
neighbor 10.0.14.3 send-community extended
neighbor 10.0.14.3 maximum-routes 12000 warning-only
! eBGP to Campus Border Leafs in VRF gold
neighbor 10.0.15.1 remote-as 66005
neighbor 10.0.15.1 send-community extended
neighbor 10.0.15.1 maximum-routes 12000 warning-only
neighbor 10.0.15.3 remote-as 66005
neighbor 10.0.15.3 send-community extended
neighbor 10.0.15.3 maximum-routes 12000 warning-only
redistribute connected
!
end

224
configs/core2.cfg Normal file
View File

@@ -0,0 +1,224 @@
! Core2 Configuration
! Core Router - AS 65500
! Transit between DC Border Leafs and Campus Border Leafs
!
hostname core2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
transport grpc default
provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! Management interface
interface Management0
ip address 172.16.0.11/24
!
! Loopback for BGP Router-ID (default VRF)
interface Loopback0
description Router-ID
ip address 10.0.200.2/32
!
! Loopback in VRF Gold (router-id and health)
interface Loopback1
description VRF-Gold-RouterID
vrf gold
ip address 10.0.200.102/32
!
! Link to DC Border Leaf 1
interface Ethernet1
description border-leaf-dc1
no switchport
mtu 9214
!
interface Ethernet1.100
description border-leaf-dc1-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.4/31
mtu 9214
!
interface Ethernet1.200
description border-leaf-dc1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.4/31
mtu 9214
!
! Link to DC Border Leaf 2
interface Ethernet2
description border-leaf-dc2
no switchport
mtu 9214
!
interface Ethernet2.100
description border-leaf-dc2-underlay
encapsulation dot1q vlan 100
ip address 10.0.4.6/31
mtu 9214
!
interface Ethernet2.200
description border-leaf-dc2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.14.6/31
mtu 9214
!
! Link to Campus Border Leaf 1
interface Ethernet3
description border-leaf-campus1
no switchport
mtu 9214
!
interface Ethernet3.100
description border-leaf-campus1-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.4/31
mtu 9214
!
interface Ethernet3.200
description border-leaf-campus1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.4/31
mtu 9214
!
! Link to Campus Border Leaf 2
interface Ethernet4
description border-leaf-campus2
no switchport
mtu 9214
!
interface Ethernet4.100
description border-leaf-campus2-underlay
encapsulation dot1q vlan 100
ip address 10.0.5.6/31
mtu 9214
!
interface Ethernet4.200
description border-leaf-campus2-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.15.6/31
mtu 9214
!
! Inter-Core link
interface Ethernet5
description core1
no switchport
mtu 9214
!
interface Ethernet5.100
description core1-underlay
encapsulation dot1q vlan 100
ip address 10.0.200.129/31
mtu 9214
!
interface Ethernet5.200
description core1-vrf-gold
encapsulation dot1q vlan 200
vrf gold
ip address 10.0.200.131/31
mtu 9214
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability (default VRF)
router ospf 1
router-id 10.0.200.2
passive-interface default
no passive-interface Ethernet1.100
no passive-interface Ethernet2.100
no passive-interface Ethernet3.100
no passive-interface Ethernet4.100
no passive-interface Ethernet5.100
network 10.0.200.2/32 area 0
network 10.0.4.4/31 area 0
network 10.0.4.6/31 area 0
network 10.0.5.4/31 area 0
network 10.0.5.6/31 area 0
network 10.0.200.128/31 area 0
max-lsa 12000
!
! BGP Configuration
router bgp 65500
router-id 10.0.200.2
no bgp default ipv4-unicast
bgp log-neighbor-changes
distance bgp 20 200 200
maximum-paths 4 ecmp 64
!
! iBGP to core1 (loopback-based, default VRF)
neighbor core_ibgp peer group
neighbor core_ibgp remote-as 65500
neighbor core_ibgp update-source Loopback0
neighbor core_ibgp next-hop-self
neighbor core_ibgp send-community extended
neighbor core_ibgp maximum-routes 12000 warning-only
neighbor 10.0.200.1 peer group core_ibgp
!
! eBGP to DC Border Leafs (default VRF)
neighbor dc_bl peer group
neighbor dc_bl remote-as 65005
neighbor dc_bl send-community extended
neighbor dc_bl maximum-routes 12000 warning-only
neighbor 10.0.4.5 peer group dc_bl
neighbor 10.0.4.7 peer group dc_bl
!
! eBGP to Campus Border Leafs (default VRF)
neighbor campus_bl peer group
neighbor campus_bl remote-as 66005
neighbor campus_bl send-community extended
neighbor campus_bl maximum-routes 12000 warning-only
neighbor 10.0.5.5 peer group campus_bl
neighbor 10.0.5.7 peer group campus_bl
!
! IPv4 address family (default VRF)
address-family ipv4
neighbor core_ibgp activate
neighbor dc_bl activate
neighbor campus_bl activate
network 10.0.200.2/32
!
! VRF Gold configuration - transit for inter-fabric routing
vrf gold
rd 10.0.200.2:100001
router-id 10.0.200.2
! iBGP to core1 in VRF gold (P2P)
neighbor 10.0.200.130 remote-as 65500
neighbor 10.0.200.130 next-hop-self
neighbor 10.0.200.130 send-community extended
neighbor 10.0.200.130 maximum-routes 12000 warning-only
! eBGP to DC Border Leafs in VRF gold
neighbor 10.0.14.5 remote-as 65005
neighbor 10.0.14.5 send-community extended
neighbor 10.0.14.5 maximum-routes 12000 warning-only
neighbor 10.0.14.7 remote-as 65005
neighbor 10.0.14.7 send-community extended
neighbor 10.0.14.7 maximum-routes 12000 warning-only
! eBGP to Campus Border Leafs in VRF gold
neighbor 10.0.15.5 remote-as 66005
neighbor 10.0.15.5 send-community extended
neighbor 10.0.15.5 maximum-routes 12000 warning-only
neighbor 10.0.15.7 remote-as 66005
neighbor 10.0.15.7 send-community extended
neighbor 10.0.15.7 maximum-routes 12000 warning-only
redistribute connected
!
end

23
configs/spine1.cfg
View File

@@ -81,6 +81,19 @@ interface Ethernet8
ip address 10.0.1.14/31
mtu 9214
!
! Underlay P2P interfaces to DC Border Leafs
interface Ethernet9
description border-leaf-dc1
no switchport
ip address 10.0.1.16/31
mtu 9214
!
interface Ethernet10
description border-leaf-dc2
no switchport
ip address 10.0.1.18/31
mtu 9214
!
! BGP Configuration
router bgp 65000
router-id 10.0.250.1
@@ -98,6 +111,8 @@ router bgp 65000
neighbor 10.0.1.11 remote-as 65003
neighbor 10.0.1.13 remote-as 65004
neighbor 10.0.1.15 remote-as 65004
neighbor 10.0.1.17 remote-as 65005
neighbor 10.0.1.19 remote-as 65005
!
! EVPN peer-group configuration
neighbor evpn peer group
@@ -125,6 +140,12 @@ router bgp 65000
neighbor 10.0.250.18 peer group evpn
neighbor 10.0.250.18 remote-as 65004
!
! EVPN neighbors (to DC border-leaf loopbacks)
neighbor 10.0.250.21 peer group evpn
neighbor 10.0.250.21 remote-as 65005
neighbor 10.0.250.22 peer group evpn
neighbor 10.0.250.22 remote-as 65005
!
! IPv4 address family
address-family ipv4
neighbor 10.0.1.1 activate
@@ -135,6 +156,8 @@ router bgp 65000
neighbor 10.0.1.11 activate
neighbor 10.0.1.13 activate
neighbor 10.0.1.15 activate
neighbor 10.0.1.17 activate
neighbor 10.0.1.19 activate
network 10.0.250.1/32
!
! EVPN address family

23
configs/spine2.cfg
View File

@@ -81,6 +81,19 @@ interface Ethernet8
ip address 10.0.2.14/31
mtu 9214
!
! Underlay P2P interfaces to DC Border Leafs
interface Ethernet9
description border-leaf-dc1
no switchport
ip address 10.0.2.16/31
mtu 9214
!
interface Ethernet10
description border-leaf-dc2
no switchport
ip address 10.0.2.18/31
mtu 9214
!
! BGP Configuration
router bgp 65000
router-id 10.0.250.2
@@ -98,6 +111,8 @@ router bgp 65000
neighbor 10.0.2.11 remote-as 65003
neighbor 10.0.2.13 remote-as 65004
neighbor 10.0.2.15 remote-as 65004
neighbor 10.0.2.17 remote-as 65005
neighbor 10.0.2.19 remote-as 65005
!
! EVPN peer-group configuration
neighbor evpn peer group
@@ -125,6 +140,12 @@ router bgp 65000
neighbor 10.0.250.18 peer group evpn
neighbor 10.0.250.18 remote-as 65004
!
! EVPN neighbors (to DC border-leaf loopbacks)
neighbor 10.0.250.21 peer group evpn
neighbor 10.0.250.21 remote-as 65005
neighbor 10.0.250.22 peer group evpn
neighbor 10.0.250.22 remote-as 65005
!
! IPv4 address family
address-family ipv4
neighbor 10.0.2.1 activate
@@ -135,6 +156,8 @@ router bgp 65000
neighbor 10.0.2.11 activate
neighbor 10.0.2.13 activate
neighbor 10.0.2.15 activate
neighbor 10.0.2.17 activate
neighbor 10.0.2.19 activate
network 10.0.250.2/32
!
! EVPN address family

249
evpn-lab.clab.yml
View File

@@ -11,7 +11,11 @@ topology:
image: ceos:4.35.0F
nodes:
# Spine Switches
# =====================================================
# DATACENTER FABRIC
# =====================================================
# DC Spine Switches (AS 65000)
spine1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.1
@@ -22,7 +26,7 @@ topology:
mgmt-ipv4: 172.16.0.2
startup-config: configs/spine2.cfg
# Leaf Switches - VTEP1 (AS 65001)
# DC Leaf Switches - VTEP1 (AS 65001)
leaf1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.25
@@ -33,7 +37,7 @@ topology:
mgmt-ipv4: 172.16.0.50
startup-config: configs/leaf2.cfg
# Leaf Switches - VTEP2 (AS 65002)
# DC Leaf Switches - VTEP2 (AS 65002)
leaf3:
kind: arista_ceos
mgmt-ipv4: 172.16.0.27
@@ -44,7 +48,7 @@ topology:
mgmt-ipv4: 172.16.0.28
startup-config: configs/leaf4.cfg
# Leaf Switches - VTEP3 (AS 65003)
# DC Leaf Switches - VTEP3 (AS 65003)
leaf5:
kind: arista_ceos
mgmt-ipv4: 172.16.0.29
@@ -55,7 +59,7 @@ topology:
mgmt-ipv4: 172.16.0.30
startup-config: configs/leaf6.cfg
# Leaf Switches - VTEP4 (AS 65004)
# DC Leaf Switches - VTEP4 (AS 65004)
leaf7:
kind: arista_ceos
mgmt-ipv4: 172.16.0.31
@@ -66,7 +70,18 @@ topology:
mgmt-ipv4: 172.16.0.32
startup-config: configs/leaf8.cfg
# Access Switches - L2 only
# DC Border Leafs - MLAG pair (AS 65005)
border-leaf-dc1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.3
startup-config: configs/border-leaf-dc1.cfg
border-leaf-dc2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.4
startup-config: configs/border-leaf-dc2.cfg
# DC Access Switches - L2 only
access1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.41
@@ -87,7 +102,7 @@ topology:
mgmt-ipv4: 172.16.0.44
startup-config: configs/access4.cfg
# Host devices - DUAL-HOMED with LACP bonding to access switches
# DC Host devices - dual-homed with LACP bonding
host1:
kind: linux
mgmt-ipv4: 172.16.0.101
@@ -130,6 +145,7 @@ topology:
- ip link set bond0.34 up
- ip addr add 10.34.34.102/24 dev bond0.34
- ip route add 10.78.78.0/24 via 10.34.34.1
- ip route add 10.60.0.0/16 via 10.34.34.1
host3:
kind: linux
@@ -175,9 +191,143 @@ topology:
- ip link set bond0.78 up
- ip addr add 10.78.78.104/24 dev bond0.78
- ip route add 10.34.34.0/24 via 10.78.78.1
- ip route add 10.60.0.0/16 via 10.78.78.1
# =====================================================
# CORE L3 (inter-fabric transit)
# =====================================================
# Core routers (AS 65500, iBGP between them)
core1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.10
startup-config: configs/core1.cfg
core2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.11
startup-config: configs/core2.cfg
# =====================================================
# CAMPUS FABRIC
# =====================================================
# Campus Spines (AS 66000)
campus-spine1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.20
startup-config: configs/campus-spine1.cfg
campus-spine2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.21
startup-config: configs/campus-spine2.cfg
# Campus Border Leafs - MLAG pair (AS 66005)
border-leaf-campus1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.22
startup-config: configs/border-leaf-campus1.cfg
border-leaf-campus2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.23
startup-config: configs/border-leaf-campus2.cfg
# Campus Leafs - VTEP1 (AS 66001)
campus-leaf1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.51
startup-config: configs/campus-leaf1.cfg
campus-leaf2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.52
startup-config: configs/campus-leaf2.cfg
# Campus Leafs - VTEP2 (AS 66002)
campus-leaf3:
kind: arista_ceos
mgmt-ipv4: 172.16.0.53
startup-config: configs/campus-leaf3.cfg
campus-leaf4:
kind: arista_ceos
mgmt-ipv4: 172.16.0.54
startup-config: configs/campus-leaf4.cfg
# Campus Access switches - L2 only
campus-access1:
kind: arista_ceos
mgmt-ipv4: 172.16.0.61
startup-config: configs/campus-access1.cfg
campus-access2:
kind: arista_ceos
mgmt-ipv4: 172.16.0.62
startup-config: configs/campus-access2.cfg
# Campus Hosts - dual-homed with LACP bonding
campus-host1:
kind: linux
mgmt-ipv4: 172.16.0.105
image: ghcr.io/hellt/network-multitool
cap-add:
- NET_ADMIN
exec:
- ip link add bond0 type bond mode 802.3ad
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
- ip link set dev eth1 down
- ip link set dev eth2 down
- ip link set eth1 master bond0
- ip link set eth2 master bond0
- ip link set dev eth1 up
- ip link set dev eth2 up
- ip link set dev bond0 type bond lacp_rate fast
- ip link set dev bond0 up
- ip link add link bond0 name bond0.50 type vlan id 50
- ip link set bond0.50 up
- ip addr add 10.50.50.101/24 dev bond0.50
- ip link add link bond0 name bond0.60 type vlan id 60
- ip link set bond0.60 up
- ip addr add 10.60.60.101/24 dev bond0.60
- ip route add 10.60.70.0/24 via 10.60.60.1
- ip route add 10.34.34.0/24 via 10.60.60.1
- ip route add 10.78.78.0/24 via 10.60.60.1
campus-host2:
kind: linux
mgmt-ipv4: 172.16.0.106
image: ghcr.io/hellt/network-multitool
cap-add:
- NET_ADMIN
exec:
- ip link add bond0 type bond mode 802.3ad
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
- ip link set dev eth1 down
- ip link set dev eth2 down
- ip link set eth1 master bond0
- ip link set eth2 master bond0
- ip link set dev eth1 up
- ip link set dev eth2 up
- ip link set dev bond0 type bond lacp_rate fast
- ip link set dev bond0 up
- ip link add link bond0 name bond0.50 type vlan id 50
- ip link set bond0.50 up
- ip addr add 10.50.50.102/24 dev bond0.50
- ip link add link bond0 name bond0.70 type vlan id 70
- ip link set bond0.70 up
- ip addr add 10.60.70.102/24 dev bond0.70
- ip route add 10.60.60.0/24 via 10.60.70.1
- ip route add 10.34.34.0/24 via 10.60.70.1
- ip route add 10.78.78.0/24 via 10.60.70.1
links:
# Spine1 to Leaf connections (underlay fabric)
# =====================================================
# DATACENTER FABRIC LINKS
# =====================================================
# Spine1 to Leaf/Border-Leaf connections (underlay)
- endpoints: ["spine1:eth1", "leaf1:eth11"]
- endpoints: ["spine1:eth2", "leaf2:eth11"]
- endpoints: ["spine1:eth3", "leaf3:eth11"]
@@ -186,8 +336,10 @@ topology:
- endpoints: ["spine1:eth6", "leaf6:eth11"]
- endpoints: ["spine1:eth7", "leaf7:eth11"]
- endpoints: ["spine1:eth8", "leaf8:eth11"]
- endpoints: ["spine1:eth9", "border-leaf-dc1:eth11"]
- endpoints: ["spine1:eth10", "border-leaf-dc2:eth11"]
# Spine2 to Leaf connections (underlay fabric)
# Spine2 to Leaf/Border-Leaf connections (underlay)
- endpoints: ["spine2:eth1", "leaf1:eth12"]
- endpoints: ["spine2:eth2", "leaf2:eth12"]
- endpoints: ["spine2:eth3", "leaf3:eth12"]
@@ -196,43 +348,88 @@ topology:
- endpoints: ["spine2:eth6", "leaf6:eth12"]
- endpoints: ["spine2:eth7", "leaf7:eth12"]
- endpoints: ["spine2:eth8", "leaf8:eth12"]
- endpoints: ["spine2:eth9", "border-leaf-dc1:eth12"]
- endpoints: ["spine2:eth10", "border-leaf-dc2:eth12"]
# MLAG Peer Links (leaf pairs)
# DC MLAG Peer Links (leaf pairs + border-leaf pair)
- endpoints: ["leaf1:eth10", "leaf2:eth10"]
- endpoints: ["leaf3:eth10", "leaf4:eth10"]
- endpoints: ["leaf5:eth10", "leaf6:eth10"]
- endpoints: ["leaf7:eth10", "leaf8:eth10"]
- endpoints: ["border-leaf-dc1:eth10", "border-leaf-dc2:eth10"]
# Access switch uplinks to leaf MLAG pairs (dual-homed via LACP)
# access1 dual-homed to leaf1 + leaf2
# DC Access switch uplinks to leaf MLAG pairs (dual-homed via LACP)
- endpoints: ["leaf1:eth1", "access1:eth1"]
- endpoints: ["leaf2:eth1", "access1:eth2"]
# access2 dual-homed to leaf3 + leaf4
- endpoints: ["leaf3:eth1", "access2:eth1"]
- endpoints: ["leaf4:eth1", "access2:eth2"]
# access3 dual-homed to leaf5 + leaf6
- endpoints: ["leaf5:eth1", "access3:eth1"]
- endpoints: ["leaf6:eth1", "access3:eth2"]
# access4 dual-homed to leaf7 + leaf8
- endpoints: ["leaf7:eth1", "access4:eth1"]
- endpoints: ["leaf8:eth1", "access4:eth2"]
# Host connections to access switches (dual-homed via LACP)
# host1 dual-homed to access1
# DC Host connections to access switches (dual-homed via LACP)
- endpoints: ["access1:eth3", "host1:eth1"]
- endpoints: ["access1:eth4", "host1:eth2"]
# host2 dual-homed to access2
- endpoints: ["access2:eth3", "host2:eth1"]
- endpoints: ["access2:eth4", "host2:eth2"]
# host3 dual-homed to access3
- endpoints: ["access3:eth3", "host3:eth1"]
- endpoints: ["access3:eth4", "host3:eth2"]
# host4 dual-homed to access4
- endpoints: ["access4:eth3", "host4:eth1"]
- endpoints: ["access4:eth4", "host4:eth2"]
# =====================================================
# CORE INTERCONNECT (DC Border Leafs <-> Core <-> Campus Border Leafs)
# =====================================================
# DC Border Leafs to Core routers (4 links)
- endpoints: ["border-leaf-dc1:eth13", "core1:eth1"]
- endpoints: ["border-leaf-dc1:eth14", "core2:eth1"]
- endpoints: ["border-leaf-dc2:eth13", "core1:eth2"]
- endpoints: ["border-leaf-dc2:eth14", "core2:eth2"]
# Campus Border Leafs to Core routers (4 links)
- endpoints: ["border-leaf-campus1:eth13", "core1:eth3"]
- endpoints: ["border-leaf-campus1:eth14", "core2:eth3"]
- endpoints: ["border-leaf-campus2:eth13", "core1:eth4"]
- endpoints: ["border-leaf-campus2:eth14", "core2:eth4"]
# Core routers interconnect
- endpoints: ["core1:eth5", "core2:eth5"]
# =====================================================
# CAMPUS FABRIC LINKS
# =====================================================
# Campus Spine1 to Leafs/Border-Leafs (underlay)
- endpoints: ["campus-spine1:eth1", "campus-leaf1:eth11"]
- endpoints: ["campus-spine1:eth2", "campus-leaf2:eth11"]
- endpoints: ["campus-spine1:eth3", "campus-leaf3:eth11"]
- endpoints: ["campus-spine1:eth4", "campus-leaf4:eth11"]
- endpoints: ["campus-spine1:eth5", "border-leaf-campus1:eth11"]
- endpoints: ["campus-spine1:eth6", "border-leaf-campus2:eth11"]
# Campus Spine2 to Leafs/Border-Leafs (underlay)
- endpoints: ["campus-spine2:eth1", "campus-leaf1:eth12"]
- endpoints: ["campus-spine2:eth2", "campus-leaf2:eth12"]
- endpoints: ["campus-spine2:eth3", "campus-leaf3:eth12"]
- endpoints: ["campus-spine2:eth4", "campus-leaf4:eth12"]
- endpoints: ["campus-spine2:eth5", "border-leaf-campus1:eth12"]
- endpoints: ["campus-spine2:eth6", "border-leaf-campus2:eth12"]
# Campus MLAG Peer Links (leaf pairs + border-leaf pair)
- endpoints: ["campus-leaf1:eth10", "campus-leaf2:eth10"]
- endpoints: ["campus-leaf3:eth10", "campus-leaf4:eth10"]
- endpoints: ["border-leaf-campus1:eth10", "border-leaf-campus2:eth10"]
# Campus Access switch uplinks to leaf MLAG pairs (dual-homed via LACP)
- endpoints: ["campus-leaf1:eth1", "campus-access1:eth1"]
- endpoints: ["campus-leaf2:eth1", "campus-access1:eth2"]
- endpoints: ["campus-leaf3:eth1", "campus-access2:eth1"]
- endpoints: ["campus-leaf4:eth1", "campus-access2:eth2"]
# Campus Host connections to access switches (dual-homed via LACP)
- endpoints: ["campus-access1:eth3", "campus-host1:eth1"]
- endpoints: ["campus-access1:eth4", "campus-host1:eth2"]
- endpoints: ["campus-access2:eth3", "campus-host2:eth1"]
- endpoints: ["campus-access2:eth4", "campus-host2:eth2"]

195
evpn-lab.clab.yml.annotations.json
View File

@@ -1,136 +1,77 @@
{
"freeTextAnnotations": [],
"freeTextAnnotations": [
{
"id": "label-campus",
"position": { "x": -100, "y": 60 },
"text": "CAMPUS FABRIC (AS 66000 / 66001 / 66002 / 66005)",
"fontSize": 16,
"color": "#2563eb"
},
{
"id": "label-core",
"position": { "x": 1100, "y": 60 },
"text": "CORE (AS 65500)",
"fontSize": 16,
"color": "#ea580c"
},
{
"id": "label-dc",
"position": { "x": 1600, "y": 60 },
"text": "DATA CENTER FABRIC (AS 65000 / 65001-4 / 65005)",
"fontSize": 16,
"color": "#16a34a"
}
],
"freeShapeAnnotations": [],
"trafficRateAnnotations": [],
"groupStyleAnnotations": [],
"networkNodeAnnotations": [],
"nodeAnnotations": [
{
"id": "spine1",
"position": {
"x": 260,
"y": 160
}
},
{
"id": "spine2",
"position": {
"x": 740,
"y": 160
}
},
{
"id": "leaf1",
"position": {
"x": -60,
"y": 420
}
},
{
"id": "leaf2",
"position": {
"x": 100,
"y": 420
}
},
{
"id": "leaf3",
"position": {
"x": 260,
"y": 420
}
},
{
"id": "leaf4",
"position": {
"x": 420,
"y": 420
}
},
{
"id": "leaf5",
"position": {
"x": 580,
"y": 420
}
},
{
"id": "leaf6",
"position": {
"x": 740,
"y": 420
}
},
{
"id": "leaf7",
"position": {
"x": 920,
"y": 420
}
},
{
"id": "leaf8",
"position": {
"x": 1080,
"y": 420
}
},
{
"id": "host1",
"position": {
"x": 20,
"y": 680
}
},
{
"id": "host2",
"position": {
"x": 340,
"y": 680
}
},
{
"id": "host3",
"position": {
"x": 660,
"y": 680
}
},
{
"id": "host4",
"position": {
"x": 1000,
"y": 680
}
},
{
"id": "access4",
"position": {
"x": 1000,
"y": 540
}
},
{
"id": "access3",
"position": {
"x": 660,
"y": 520
}
},
{
"id": "access2",
"position": {
"x": 340,
"y": 520
}
},
{
"id": "access1",
"position": {
"x": 20,
"y": 520
}
}
{ "id": "campus-spine1", "position": { "x": 120, "y": 160 } },
{ "id": "campus-spine2", "position": { "x": 420, "y": 160 } },
{ "id": "campus-leaf1", "position": { "x": -60, "y": 400 } },
{ "id": "campus-leaf2", "position": { "x": 80, "y": 400 } },
{ "id": "campus-leaf3", "position": { "x": 240, "y": 400 } },
{ "id": "campus-leaf4", "position": { "x": 380, "y": 400 } },
{ "id": "border-leaf-campus1", "position": { "x": 540, "y": 400 } },
{ "id": "border-leaf-campus2", "position": { "x": 680, "y": 400 } },
{ "id": "campus-access1", "position": { "x": 40, "y": 540 } },
{ "id": "campus-access2", "position": { "x": 320, "y": 540 } },
{ "id": "campus-host1", "position": { "x": 40, "y": 680 } },
{ "id": "campus-host2", "position": { "x": 320, "y": 680 } },
{ "id": "core1", "position": { "x": 960, "y": 300 } },
{ "id": "core2", "position": { "x": 1180, "y": 300 } },
{ "id": "border-leaf-dc1", "position": { "x": 1380, "y": 400 } },
{ "id": "border-leaf-dc2", "position": { "x": 1520, "y": 400 } },
{ "id": "spine1", "position": { "x": 1800, "y": 160 } },
{ "id": "spine2", "position": { "x": 2280, "y": 160 } },
{ "id": "leaf1", "position": { "x": 1660, "y": 400 } },
{ "id": "leaf2", "position": { "x": 1800, "y": 400 } },
{ "id": "leaf3", "position": { "x": 1940, "y": 400 } },
{ "id": "leaf4", "position": { "x": 2080, "y": 400 } },
{ "id": "leaf5", "position": { "x": 2220, "y": 400 } },
{ "id": "leaf6", "position": { "x": 2360, "y": 400 } },
{ "id": "leaf7", "position": { "x": 2500, "y": 400 } },
{ "id": "leaf8", "position": { "x": 2640, "y": 400 } },
{ "id": "access1", "position": { "x": 1720, "y": 540 } },
{ "id": "access2", "position": { "x": 2000, "y": 540 } },
{ "id": "access3", "position": { "x": 2280, "y": 540 } },
{ "id": "access4", "position": { "x": 2560, "y": 540 } },
{ "id": "host1", "position": { "x": 1720, "y": 680 } },
{ "id": "host2", "position": { "x": 2000, "y": 680 } },
{ "id": "host3", "position": { "x": 2280, "y": 680 } },
{ "id": "host4", "position": { "x": 2560, "y": 680 } }
],
"edgeAnnotations": [],
"aliasEndpointAnnotations": [],

7
hosts/README.md
View File

@@ -4,11 +4,18 @@ This directory contains network interface configuration files for Alpine Linux h
## Files
### DC hosts
- `host1_interfaces` - Configuration for host1 (VLAN 40, IP 10.40.40.101)
- `host2_interfaces` - Configuration for host2 (VLAN 34, IP 10.34.34.102)
- `host3_interfaces` - Configuration for host3 (VLAN 40, IP 10.40.40.103)
- `host4_interfaces` - Configuration for host4 (VLAN 78, IP 10.78.78.104)
### Campus hosts
- `campus-host1_interfaces` - Configuration for campus-host1 (VLAN 50 stretched L2 10.50.50.101, VLAN 60 VRF gold 10.60.60.101)
- `campus-host2_interfaces` - Configuration for campus-host2 (VLAN 50 stretched L2 10.50.50.102, VLAN 70 VRF gold 10.60.70.102)
## Usage
Each file is mounted to `/etc/network/interfaces` in its respective host container via ContainerLab's `binds` feature:

26
hosts/campus-host1_interfaces Normal file
View File

@@ -0,0 +1,26 @@
auto lo
iface lo inet loopback
auto bond0
iface bond0 inet manual
use bond
bond-slaves eth1 eth2
bond-mode 802.3ad
bond-miimon 100
bond-lacp-rate fast
up ip link set $IFACE up
auto bond0.50
iface bond0.50 inet static
address 10.50.50.101
netmask 255.255.255.0
vlan-raw-device bond0
up ip link set $IFACE up
auto bond0.60
iface bond0.60 inet static
address 10.60.60.101
netmask 255.255.255.0
gateway 10.60.60.1
vlan-raw-device bond0
up ip link set $IFACE up

26
hosts/campus-host2_interfaces Normal file
View File

@@ -0,0 +1,26 @@
auto lo
iface lo inet loopback
auto bond0
iface bond0 inet manual
use bond
bond-slaves eth1 eth2
bond-mode 802.3ad
bond-miimon 100
bond-lacp-rate fast
up ip link set $IFACE up
auto bond0.50
iface bond0.50 inet static
address 10.50.50.102
netmask 255.255.255.0
vlan-raw-device bond0
up ip link set $IFACE up
auto bond0.70
iface bond0.70 inet static
address 10.60.70.102
netmask 255.255.255.0
gateway 10.60.70.1
vlan-raw-device bond0
up ip link set $IFACE up