# Arista EVPN-VXLAN ContainerLab A production-ready Arista BGP EVPN-VXLAN data center fabric topology using ContainerLab and cEOS. ## ๐ŸŽฏ Overview This lab demonstrates a complete EVPN-VXLAN data center fabric with: - **2 Spine switches** (BGP Route Reflectors) - **8 Leaf switches** forming 4 VTEPs (MLAG pairs) - **BGP EVPN overlay** with L2/L3 VXLAN - **MLAG configuration** for high availability - **Test hosts** for validation ## ๐Ÿ“ Topology ![Topology](assets/topology.svg) ## ๐Ÿš€ Quick Start ### Prerequisites - ContainerLab installed - Docker installed - Arista cEOS image: `ceos:4.35.0` ### Deploy the Lab ```bash # Clone the repository git clone https://gitea.arnodo.fr/Damien/arista-evpn-vxlan-clab.git cd arista-evpn-vxlan-clab # Deploy the topology sudo containerlab deploy -t evpn-lab.clab.yml # Check status sudo containerlab inspect -t evpn-lab.clab.yml ``` ### Access Devices ```bash # SSH to any device (password: admin) ssh admin@clab-arista-evpn-fabric-leaf1 # Or use docker exec docker exec -it clab-arista-evpn-fabric-leaf1 Cli ``` ## ๐Ÿ“‹ Configuration Details ### AS Numbers - **Spine**: AS 65000 - **VTEP1 (Leaf1/2)**: AS 65001 - **VTEP2 (Leaf3/4)**: AS 65002 - **VTEP3 (Leaf5/6)**: AS 65003 - **VTEP4 (Leaf7/8)**: AS 65004 ### IP Addressing #### Management Network - Subnet: `172.16.0.0/24` - Spine1: `172.16.0.1` - Spine2: `172.16.0.2` - Leaf1-8: `172.16.0.25-32` #### Loopback Interfaces - **Router-ID Loopbacks (Lo0)**: `10.0.250.0/24` - Spine1: `10.0.250.1/32` - Spine2: `10.0.250.2/32` - Leaf1-8: `10.0.250.11-18/32` - **VTEP Loopbacks (Lo1)**: `10.0.255.0/24` - VTEP1: `10.0.255.11/32` - VTEP2: `10.0.255.12/32` - VTEP3: `10.0.255.13/32` - VTEP4: `10.0.255.14/32` #### Underlay P2P Links - Spine1 to Leafs: `10.0.1.0/31`, `10.0.1.2/31`, ... `10.0.1.14/31` - Spine2 to Leafs: `10.0.2.0/31`, `10.0.2.2/31`, ... `10.0.2.14/31` - MLAG iBGP peering: `10.0.3.0/31`, `10.0.3.2/31`, `10.0.3.4/31`, `10.0.3.6/31` #### Host Network Addressing | Host | VLAN | VRF | IP Address | Gateway | Type | | ----- | ---- | ------- | --------------- | ---------- | -------- | | host1 | 40 | default | 10.40.40.101/24 | - | L2 VXLAN | | host2 | 34 | gold | 10.34.34.102/24 | 10.34.34.1 | L3 VXLAN | | host3 | 40 | default | 10.40.40.103/24 | - | L2 VXLAN | | host4 | 78 | gold | 10.78.78.104/24 | 10.78.78.1 | L3 VXLAN | **Notes:** - Host1 and Host3 are in VLAN 40 (L2 VXLAN only) and can communicate at Layer 2 - Host2 and Host4 are in VRF "gold" with different subnets, communicating via EVPN Type-5 routes (L3 VXLAN) - All hosts use LACP bonding (802.3ad) with dual-homing to MLAG leaf pairs ### VXLAN Network Identifiers (VNI) #### L2 VNI (VLAN to VNI Mapping) | VLAN | Description | VNI | VTEPs | Route Target | Route Distinguisher | | ---- | ------------- | ------ | ------------------------------- | ------------ | -------------------------- | | 40 | test-l2-vxlan | 110040 | VTEP1, VTEP3 (Leaf1/2, Leaf5/6) | 40:110040 | 65001:110040, 65003:110040 | **L2 VNI Details:** - VLAN 40 is stretched across VTEP1 (Leaf1/2) and VTEP3 (Leaf5/6) for pure Layer 2 connectivity - Hosts in VLAN 40 (host1 and host3) communicate at Layer 2 across the EVPN fabric - EVPN Type-2 (MAC/IP) routes are used for MAC address learning and distribution #### L3 VNI (VRF to VNI Mapping) | VRF | Description | VNI | VTEPs | Route Target | VLANs | | ---- | ------------------------------- | ------ | ------------------------------- | ------------ | ------ | | gold | L3 VRF for inter-subnet routing | 100001 | VTEP2, VTEP4 (Leaf3/4, Leaf7/8) | 1:100001 | 34, 78 | **L3 VNI Details:** - VRF "gold" uses VNI 100001 for Layer 3 VXLAN routing between different subnets - VLAN 34 (10.34.34.0/24) on VTEP2 and VLAN 78 (10.78.78.0/24) on VTEP4 are both in VRF gold - EVPN Type-5 (IP Prefix) routes are used for inter-subnet routing - Each VTEP advertises its local subnets via EVPN, enabling routed connectivity between host2 and host4 #### VNI Summary | VNI Type | VNI | Purpose | EVPN Route Type | | -------- | ------ | ----------------------------- | ------------------ | | L2 VNI | 110040 | Layer 2 extension for VLAN 40 | Type-2 (MAC/IP) | | L3 VNI | 100001 | Layer 3 routing for VRF gold | Type-5 (IP Prefix) | ### Features Implemented โœ… **Underlay** - BGP IPv4 Unicast - ECMP with 4 paths - eBGP between Spine-Leaf - iBGP between MLAG pairs โœ… **Overlay** - BGP EVPN address family - VXLAN data plane - EVPN Type-2 (MAC/IP routes) - EVPN Type-5 (IP Prefix routes) โœ… **High Availability** - MLAG dual-homing - Dual-active detection - Anycast VTEP gateway ## ๐Ÿงช Testing & Validation ### Verify BGP EVPN Neighbors ```bash # On any spine show bgp evpn summary # On any leaf show bgp evpn summary ``` ### Verify VXLAN ```bash # Check VXLAN interface show interface vxlan1 # Check remote VTEPs show vxlan vtep # Check VXLAN address table show vxlan address-table ``` ### Verify MLAG ```bash # Check MLAG status show mlag # Check MLAG interfaces show mlag interfaces ``` ### Test Connectivity #### L2 VXLAN Testing (VLAN 40) Test Layer 2 connectivity between host1 and host3 across the EVPN fabric: ```bash # From host1 to host3 (same VLAN 40, different VTEPs) docker exec -it clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103 # Check host1 interface docker exec -it clab-arista-evpn-fabric-host1 ip addr show bond0 # From host3 to host1 docker exec -it clab-arista-evpn-fabric-host3 ping -c 4 10.40.40.101 ``` #### L3 VXLAN Testing (VRF gold) Test Layer 3 connectivity between host2 and host4 in VRF "gold": ```bash # From host2 to host4 (different subnets via EVPN Type-5) docker exec -it clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104 # From host4 to host2 docker exec -it clab-arista-evpn-fabric-host4 ping -c 4 10.34.34.102 # Check routing table on hosts docker exec -it clab-arista-evpn-fabric-host2 ip route docker exec -it clab-arista-evpn-fabric-host4 ip route ``` #### Verify EVPN Routes on Switches ```bash # Check EVPN Type-2 routes (MAC/IP) - for VLAN 40 ssh admin@clab-arista-evpn-fabric-leaf1 show bgp evpn route-type mac-ip # Check EVPN Type-5 routes (IP Prefix) - for VRF gold ssh admin@clab-arista-evpn-fabric-leaf3 show bgp evpn route-type ip-prefix ipv4 # Verify VXLAN learned MACs show vxlan address-table # Check MAC addresses learned via EVPN show mac address-table ``` ## ๐Ÿ“ Repository Structure ``` arista-evpn-vxlan-clab/ โ”œโ”€โ”€ README.md # This file โ”œโ”€โ”€ TROUBLESHOOTING.md # Troubleshooting guide โ”œโ”€โ”€ END_TO_END_TESTING.md # Testing procedures โ”œโ”€โ”€ evpn-lab.clab.yml # ContainerLab topology โ”œโ”€โ”€ configs/ # Device configurations โ”‚ โ”œโ”€โ”€ spine1.cfg โ”‚ โ”œโ”€โ”€ spine2.cfg โ”‚ โ”œโ”€โ”€ leaf1.cfg โ”‚ โ”œโ”€โ”€ leaf2.cfg โ”‚ โ”œโ”€โ”€ leaf3.cfg โ”‚ โ”œโ”€โ”€ leaf4.cfg โ”‚ โ”œโ”€โ”€ leaf5.cfg โ”‚ โ”œโ”€โ”€ leaf6.cfg โ”‚ โ”œโ”€โ”€ leaf7.cfg โ”‚ โ””โ”€โ”€ leaf8.cfg โ””โ”€โ”€ hosts/ # Host interface configurations โ”œโ”€โ”€ README.md โ”œโ”€โ”€ host1_interfaces โ”œโ”€โ”€ host2_interfaces โ”œโ”€โ”€ host3_interfaces โ””โ”€โ”€ host4_interfaces ``` ## ๐Ÿ—‘๏ธ Cleanup ```bash # Destroy the lab sudo containerlab destroy -t evpn-lab.clab.yml # Remove all related containers and networks sudo containerlab destroy -t evpn-lab.clab.yml --cleanup ``` ## ๐Ÿ“š References - [Original Configuration Guide](https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/) - [Arista EOS Documentation](https://www.arista.com/en/support/product-documentation) - [ContainerLab Documentation](https://containerlab.dev/) - [RFC 7432 - BGP MPLS-Based Ethernet VPN](https://tools.ietf.org/html/rfc7432) - [RFC 8365 - A Network Virtualization Overlay Solution Using EVPN](https://tools.ietf.org/html/rfc8365)