name: arista-evpn-fabric mgmt: network: evpn-mgmt ipv4-subnet: 172.16.0.0/24 ipv4-gw: 172.16.0.254 topology: kinds: arista_ceos: image: ceos:4.35.0F nodes: # Spine Switches spine1: kind: arista_ceos mgmt-ipv4: 172.16.0.1 startup-config: configs/spine1.cfg spine2: kind: arista_ceos mgmt-ipv4: 172.16.0.2 startup-config: configs/spine2.cfg # Leaf Switches - VTEP1 (AS 65001) leaf1: kind: arista_ceos mgmt-ipv4: 172.16.0.25 startup-config: configs/leaf1.cfg leaf2: kind: arista_ceos mgmt-ipv4: 172.16.0.50 startup-config: configs/leaf2.cfg # Leaf Switches - VTEP2 (AS 65002) leaf3: kind: arista_ceos mgmt-ipv4: 172.16.0.27 startup-config: configs/leaf3.cfg leaf4: kind: arista_ceos mgmt-ipv4: 172.16.0.28 startup-config: configs/leaf4.cfg # Leaf Switches - VTEP3 (AS 65003) leaf5: kind: arista_ceos mgmt-ipv4: 172.16.0.29 startup-config: configs/leaf5.cfg leaf6: kind: arista_ceos mgmt-ipv4: 172.16.0.30 startup-config: configs/leaf6.cfg # Leaf Switches - VTEP4 (AS 65004) leaf7: kind: arista_ceos mgmt-ipv4: 172.16.0.31 startup-config: configs/leaf7.cfg leaf8: kind: arista_ceos mgmt-ipv4: 172.16.0.32 startup-config: configs/leaf8.cfg # Access Switches - L2 only access1: kind: arista_ceos mgmt-ipv4: 172.16.0.41 startup-config: configs/access1.cfg access2: kind: arista_ceos mgmt-ipv4: 172.16.0.42 startup-config: configs/access2.cfg access3: kind: arista_ceos mgmt-ipv4: 172.16.0.43 startup-config: configs/access3.cfg access4: kind: arista_ceos mgmt-ipv4: 172.16.0.44 startup-config: configs/access4.cfg # Host devices - DUAL-HOMED with LACP bonding to access switches host1: kind: linux mgmt-ipv4: 172.16.0.101 image: ghcr.io/hellt/network-multitool cap-add: - NET_ADMIN binds: - hosts/freeradius/wpa_supplicant_host1.conf:/etc/wpa_supplicant/wpa_supplicant.conf exec: - ip link add bond0 type bond mode 802.3ad - ip link set dev bond0 type bond xmit_hash_policy layer3+4 - ip link set dev eth1 down - ip link set dev eth2 down - ip link set eth1 master bond0 - ip link set eth2 master bond0 - ip link set dev eth1 up - ip link set dev eth2 up - ip link set dev bond0 type bond lacp_rate fast - ip link set dev bond0 up - ip addr add 10.40.40.101/24 dev bond0 - apk add --no-cache wpa_supplicant - wpa_supplicant -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B - wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B host2: kind: linux mgmt-ipv4: 172.16.0.102 image: ghcr.io/hellt/network-multitool cap-add: - NET_ADMIN binds: - hosts/freeradius/wpa_supplicant_host2.conf:/etc/wpa_supplicant/wpa_supplicant.conf exec: - ip link add bond0 type bond mode 802.3ad - ip link set dev bond0 type bond xmit_hash_policy layer3+4 - ip link set dev eth1 down - ip link set dev eth2 down - ip link set eth1 master bond0 - ip link set eth2 master bond0 - ip link set dev eth1 up - ip link set dev eth2 up - ip link set dev bond0 type bond lacp_rate fast - ip link set dev bond0 up - ip addr add 10.34.34.102/24 dev bond0 - ip route add 10.78.78.0/24 via 10.34.34.1 - apk add --no-cache wpa_supplicant - wpa_supplicant -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B - wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B host3: kind: linux mgmt-ipv4: 172.16.0.103 image: ghcr.io/hellt/network-multitool cap-add: - NET_ADMIN binds: - hosts/freeradius/wpa_supplicant_host3.conf:/etc/wpa_supplicant/wpa_supplicant.conf exec: - ip link add bond0 type bond mode 802.3ad - ip link set dev bond0 type bond xmit_hash_policy layer3+4 - ip link set dev eth1 down - ip link set dev eth2 down - ip link set eth1 master bond0 - ip link set eth2 master bond0 - ip link set dev eth1 up - ip link set dev eth2 up - ip link set dev bond0 type bond lacp_rate fast - ip link set dev bond0 up - ip addr add 10.40.40.103/24 dev bond0 - apk add --no-cache wpa_supplicant - wpa_supplicant -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B - wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B host4: kind: linux mgmt-ipv4: 172.16.0.104 image: ghcr.io/hellt/network-multitool cap-add: - NET_ADMIN binds: - hosts/host4_interfaces:/etc/network/interfaces - hosts/freeradius/wpa_supplicant_host4.conf:/etc/wpa_supplicant/wpa_supplicant.conf exec: - ip link add bond0 type bond mode 802.3ad - ip link set dev bond0 type bond xmit_hash_policy layer3+4 - ip link set dev eth1 down - ip link set dev eth2 down - ip link set eth1 master bond0 - ip link set eth2 master bond0 - ip link set dev eth1 up - ip link set dev eth2 up - ip link set dev bond0 type bond lacp_rate fast - ip link set dev bond0 up - ip addr add 10.78.78.104/24 dev bond0 - ip route add 10.34.34.0/24 via 10.78.78.1 - apk add --no-cache wpa_supplicant - wpa_supplicant -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B - wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -B # FreeRADIUS server for dynamic VLAN assignment freeradius: kind: linux mgmt-ipv4: 172.16.0.200 image: freeradius/freeradius-server:latest binds: - hosts/freeradius/clients.conf:/etc/raddb/clients.conf - hosts/freeradius/authorize:/etc/raddb/mods-config/files/authorize links: # Spine1 to Leaf connections (underlay fabric) - endpoints: ["spine1:eth1", "leaf1:eth11"] - endpoints: ["spine1:eth2", "leaf2:eth11"] - endpoints: ["spine1:eth3", "leaf3:eth11"] - endpoints: ["spine1:eth4", "leaf4:eth11"] - endpoints: ["spine1:eth5", "leaf5:eth11"] - endpoints: ["spine1:eth6", "leaf6:eth11"] - endpoints: ["spine1:eth7", "leaf7:eth11"] - endpoints: ["spine1:eth8", "leaf8:eth11"] # Spine2 to Leaf connections (underlay fabric) - endpoints: ["spine2:eth1", "leaf1:eth12"] - endpoints: ["spine2:eth2", "leaf2:eth12"] - endpoints: ["spine2:eth3", "leaf3:eth12"] - endpoints: ["spine2:eth4", "leaf4:eth12"] - endpoints: ["spine2:eth5", "leaf5:eth12"] - endpoints: ["spine2:eth6", "leaf6:eth12"] - endpoints: ["spine2:eth7", "leaf7:eth12"] - endpoints: ["spine2:eth8", "leaf8:eth12"] # MLAG Peer Links (leaf pairs) - endpoints: ["leaf1:eth10", "leaf2:eth10"] - endpoints: ["leaf3:eth10", "leaf4:eth10"] - endpoints: ["leaf5:eth10", "leaf6:eth10"] - endpoints: ["leaf7:eth10", "leaf8:eth10"] # Access switch uplinks to leaf MLAG pairs (dual-homed via LACP) # access1 dual-homed to leaf1 + leaf2 - endpoints: ["leaf1:eth1", "access1:eth1"] - endpoints: ["leaf2:eth1", "access1:eth2"] # access2 dual-homed to leaf3 + leaf4 - endpoints: ["leaf3:eth1", "access2:eth1"] - endpoints: ["leaf4:eth1", "access2:eth2"] # access3 dual-homed to leaf5 + leaf6 - endpoints: ["leaf5:eth1", "access3:eth1"] - endpoints: ["leaf6:eth1", "access3:eth2"] # access4 dual-homed to leaf7 + leaf8 - endpoints: ["leaf7:eth1", "access4:eth1"] - endpoints: ["leaf8:eth1", "access4:eth2"] # Host connections to access switches (dual-homed via LACP) # host1 dual-homed to access1 - endpoints: ["access1:eth3", "host1:eth1"] - endpoints: ["access1:eth4", "host1:eth2"] # host2 dual-homed to access2 - endpoints: ["access2:eth3", "host2:eth1"] - endpoints: ["access2:eth4", "host2:eth2"] # host3 dual-homed to access3 - endpoints: ["access3:eth3", "host3:eth1"] - endpoints: ["access3:eth4", "host3:eth2"] # host4 dual-homed to access4 - endpoints: ["access4:eth3", "host4:eth1"] - endpoints: ["access4:eth4", "host4:eth2"]