! Border-Leaf-DC2 Configuration
! DC Border Leaf - AS 65005 (MLAG pair with border-leaf-dc1)
! Provides egress from DC EVPN-VXLAN fabric to Core L3 network
!
hostname border-leaf-dc2
!
! LLDP Management0
lldp management-address Management0
!
! enable gNMI API
management api gnmi
   transport grpc default
   provider eos-native
!
! admin/admin for ssh access
username admin privilege 15 role network-admin secret sha512 $6$xQktFrbdeqEhVzLM$.1wOJB25nw2fqYaSXDu6y4mo6AP9hngMCFe2vGDl84hWoz00Q.4unoEBqspNI0HEoRz.OZhdBHqQv12KABf0B0
!
! Enable IP routing
ip routing
!
! Enable routing protocols
service routing protocols model multi-agent
!
! VRF Definition
vrf instance gold
!
! VLANs
vlan 4090
   name mlag-peer
   trunk group mlag-peer
!
vlan 4091
   name mlag-ibgp
   trunk group mlag-peer
!
! Management interface
interface Management0
   ip address 172.16.0.4/24
!
! MLAG Peer-link SVI
interface Vlan4090
   description MLAG Peer-Link
   ip address 10.0.199.247/31
   no autostate
!
! iBGP Peering SVI
interface Vlan4091
   description MLAG iBGP Peering
   ip address 10.0.3.9/31
   mtu 9214
!
! Loopbacks
interface Loopback0
   description Router-ID
   ip address 10.0.250.22/32
!
interface Loopback1
   description VTEP
   ip address 10.0.255.15/32
!
interface Loopback2
   description VRF-Gold-health
   vrf gold
   ip address 10.0.250.222/32
!
! MLAG Peer-link
interface Ethernet10
   description mlag peer link
   channel-group 999 mode active
!
interface Port-Channel999
   description MLAG Peer
   switchport mode trunk
   switchport trunk group mlag-peer
   spanning-tree link-type point-to-point
!
! Underlay P2P interfaces to Spines
interface Ethernet11
   description spine1
   no switchport
   ip address 10.0.1.19/31
   mtu 9214
!
interface Ethernet12
   description spine2
   no switchport
   ip address 10.0.2.19/31
   mtu 9214
!
! Uplink to Core1 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet13
   description core1
   no switchport
   mtu 9214
!
interface Ethernet13.100
   description core1-underlay
   encapsulation dot1q vlan 100
   ip address 10.0.4.3/31
   mtu 9214
!
interface Ethernet13.200
   description core1-vrf-gold
   encapsulation dot1q vlan 200
   vrf gold
   ip address 10.0.14.3/31
   mtu 9214
!
! Uplink to Core2 (subinterfaced: .100 default VRF, .200 VRF gold)
interface Ethernet14
   description core2
   no switchport
   mtu 9214
!
interface Ethernet14.100
   description core2-underlay
   encapsulation dot1q vlan 100
   ip address 10.0.4.7/31
   mtu 9214
!
interface Ethernet14.200
   description core2-vrf-gold
   encapsulation dot1q vlan 200
   vrf gold
   ip address 10.0.14.7/31
   mtu 9214
!
! Spanning-tree
no spanning-tree vlan 4090
no spanning-tree vlan 4091
!
! Virtual MAC for Anycast Gateway
ip virtual-router mac-address c001.cafe.babe
!
! MLAG Configuration
mlag configuration
   domain-id border-leafs-dc
   local-interface Vlan4090
   peer-address 10.0.199.246
   peer-link Port-Channel999
   dual-primary detection delay 10 action errdisable all-interfaces
   peer-address heartbeat 172.16.0.3 vrf mgmt
!
! VXLAN Interface
interface Vxlan1
   vxlan source-interface Loopback1
   vxlan udp-port 4789
   vxlan learn-restrict any
   vxlan vrf gold vni 100001
!
! IP Routing
ip routing
ip routing vrf gold
ip route 100.64.0.0/10 172.16.0.254
!
! OSPF for loopback reachability with Core (default VRF)
router ospf 1
   router-id 10.0.250.22
   passive-interface default
   no passive-interface Ethernet13.100
   no passive-interface Ethernet14.100
   network 10.0.250.22/32 area 0
   network 10.0.4.2/31 area 0
   network 10.0.4.6/31 area 0
   max-lsa 12000
!
! BGP Configuration
router bgp 65005
   router-id 10.0.250.22
   no bgp default ipv4-unicast
   bgp log-neighbor-changes
   distance bgp 20 200 200
   maximum-paths 4 ecmp 64
   !
   ! Underlay peer-group (to DC spines)
   neighbor underlay peer group
   neighbor underlay remote-as 65000
   neighbor underlay maximum-routes 12000 warning-only
   neighbor 10.0.1.18 peer group underlay
   neighbor 10.0.2.18 peer group underlay
   !
   ! iBGP peer-group (to MLAG peer)
   neighbor underlay_ibgp peer group
   neighbor underlay_ibgp remote-as 65005
   neighbor underlay_ibgp maximum-routes 12000 warning-only
   neighbor underlay_ibgp next-hop-self
   neighbor 10.0.3.8 peer group underlay_ibgp
   !
   ! EVPN peer-group (to DC spines)
   neighbor evpn peer group
   neighbor evpn remote-as 65000
   neighbor evpn update-source Loopback0
   neighbor evpn ebgp-multihop 3
   neighbor evpn send-community extended
   neighbor evpn maximum-routes 12000 warning-only
   neighbor 10.0.250.1 peer group evpn
   neighbor 10.0.250.2 peer group evpn
   !
   ! eBGP to Core routers (default VRF)
   neighbor core peer group
   neighbor core remote-as 65500
   neighbor core send-community extended
   neighbor core maximum-routes 12000 warning-only
   neighbor 10.0.4.2 peer group core
   neighbor 10.0.4.6 peer group core
   !
   ! IPv4 address family
   address-family ipv4
      neighbor underlay activate
      neighbor underlay_ibgp activate
      neighbor core activate
      network 10.0.250.22/32
      network 10.0.255.15/32
   !
   ! EVPN address family
   address-family evpn
      neighbor evpn activate
   !
   ! VRF Gold configuration
   vrf gold
      rd 10.0.250.22:1
      route-target import evpn 1:100001
      route-target export evpn 1:100001
      router-id 10.0.250.22
      neighbor 10.0.14.2 remote-as 65500
      neighbor 10.0.14.2 send-community extended
      neighbor 10.0.14.2 maximum-routes 12000 warning-only
      neighbor 10.0.14.6 remote-as 65500
      neighbor 10.0.14.6 send-community extended
      neighbor 10.0.14.6 maximum-routes 12000 warning-only
      redistribute connected
      redistribute learned
!
end