Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1080bf07bbb82a00d1ef65dfb3d6905140f597dc
arista-evpn-vxlan-clab/docs/HOST_INTERFACE_CONFIGURATION.md
Damien 1080bf07bb Complete Lab Fixes - L2 and L3 VXLAN Fully Operational (#14) 
## Summary

This PR merges all fixes and improvements from the troubleshooting journey to make the Arista EVPN-VXLAN lab fully operational with both L2 and L3 VXLAN connectivity.

## What's Changed

### 🎯 Major Achievements
-  **L2 VXLAN fully operational** - host1 ↔ host3 connectivity verified
-  **L3 VXLAN fully operational** - host2 ↔ host4 connectivity verified (VRF gold)
-  **LACP bonding working** - dual-homed hosts with proper Port-Channel negotiation
-  **All BGP/EVPN sessions established** - complete underlay and overlay working

### 🔧 Infrastructure Fixes

#### BGP & Routing
- Added `ip routing` command to all spine and leaf switches
- Fixed duplicate BGP network statements on leaf3, leaf4, leaf7, leaf8
- Activated EVPN neighbors on spine switches
- Added loopback network advertisements to BGP

#### MLAG Configuration
- Configured MLAG peer-link in trunk mode (not access) for VLAN 4090/4091
- Added dual-active detection via management interface
- Configured virtual router MAC for MLAG pairs

#### Switch Port Configuration
- Port-Channel1 configured in **trunk mode** on all leaf switches
- Added `switchport trunk allowed vlan` for host VLANs (34, 40, 78)
- Removed `no shutdown` from Port-Channel interfaces

### 🖥️ Host Networking - Complete Redesign

#### Image Change
- **Old:** `alpine:latest` (had bonding syntax issues)
- **New:** `ghcr.io/hellt/network-multitool` (networking tools pre-installed)

#### LACP Bonding Configuration
Proper LACP setup following network-multitool best practices:
```yaml
- ip link add bond0 type bond mode 802.3ad
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
- ip link set dev eth1 down
- ip link set dev eth2 down
- ip link set eth1 master bond0
- ip link set eth2 master bond0
- ip link set dev eth1 up
- ip link set dev eth2 up
- ip link set dev bond0 type bond lacp_rate fast
- ip link set dev bond0 up
```

#### VLAN Configuration
- **L2 VXLAN hosts (host1, host3):** VLAN 40 tagged on bond0
- **L3 VXLAN hosts (host2, host4):** VLANs 34 and 78 tagged on bond0

#### Routing Strategy
- Kept management default route (172.16.0.254 via eth0)
- Added **specific routes** for L3 VXLAN networks instead of default routes:
  - host2: `ip route add 10.78.78.0/24 via 10.34.34.1`
  - host4: `ip route add 10.34.34.0/24 via 10.78.78.1`

### 📁 Files Changed

#### Switch Configurations (Updated)
- `configs/spine1.cfg` - Added ip routing, EVPN activation
- `configs/spine2.cfg` - Added ip routing, EVPN activation
- `configs/leaf1.cfg` - Port-Channel trunk mode, VLAN config
- `configs/leaf2.cfg` - Port-Channel trunk mode, VLAN config
- `configs/leaf3.cfg` - Added ip routing, loopback ads, Port-Channel config
- `configs/leaf4.cfg` - Added ip routing, loopback ads, Port-Channel config
- `configs/leaf5.cfg` - Port-Channel trunk mode, VLAN config
- `configs/leaf6.cfg` - Port-Channel trunk mode, VLAN config
- `configs/leaf7.cfg` - Added ip routing, loopback ads, Port-Channel config
- `configs/leaf8.cfg` - Added ip routing, loopback ads, Port-Channel config

#### Topology (Updated)
- `evpn-lab.clab.yml` - Updated all host configurations with network-multitool image and proper LACP/VLAN setup

#### Documentation (New)
- `hosts/README.md` - Host interface configuration guide
- `hosts/host1_interfaces` - Interface file for host1 (not currently used, kept for reference)
- `hosts/host2_interfaces` - Interface file for host2 (not currently used, kept for reference)
- `hosts/host3_interfaces` - Interface file for host3 (not currently used, kept for reference)
- `hosts/host4_interfaces` - Interface file for host4 (not currently used, kept for reference)

## Testing & Verification

###  L2 VXLAN (VLAN 40)
```
host1 (10.40.40.101) → host3 (10.40.40.103)
- Connectivity: VERIFIED ✓
- VXLAN tunnel: VTEP1 ↔ VTEP3
- MAC learning: Working via EVPN Type-2
```

###  L3 VXLAN (VRF gold)
```
host2 (10.34.34.102) → host4 (10.78.78.104)
- Connectivity: VERIFIED ✓
- Ping results: 0% packet loss, TTL=62
- Routing: Via EVPN Type-5 through fabric
```

###  Infrastructure Status
- BGP Underlay: All sessions ESTAB
- EVPN Overlay: All neighbors ESTAB
- MLAG: All 4 pairs operational
- Port-Channels: LACP negotiated on all hosts

## Related Issues

Fixes #1 - Lab deployment and configuration fixes
Fixes #2 - BGP EVPN neighbors stuck in Connect state
Fixes #3 - Ready for deployment with EVPN activation
Fixes #4 - Lab convergence in progress
Fixes #5 - BGP EVPN neighbors stuck in Active state
Fixes #11 - Host LACP bonding configuration
Fixes #13 - L3 VXLAN default route issue

## Key Technical Learnings

1. **Arista EOS requires explicit `ip routing`** before BGP can function
2. **MLAG peer-link must be trunk mode** to allow VLAN 4090/4091 traversal
3. **VLAN tagging location matters** - hosts tag, switches use trunk mode
4. **network-multitool image** superior to Alpine for LACP bonding
5. **Specific routes better than default routes** when management network present
6. **LACP rate fast** ensures quick negotiation with Arista switches

## Deployment

After merging, deploy with:
```bash
cd ~/arista-evpn-vxlan-clab
sudo containerlab destroy -t evpn-lab.clab.yml --cleanup
sudo containerlab deploy -t evpn-lab.clab.yml
```

No manual post-deployment configuration needed - everything works from initial deployment!

## Breaking Changes

⚠️ **Host image changed** from `alpine:latest` to `ghcr.io/hellt/network-multitool`
⚠️ **Host configuration completely redesigned** - old exec commands replaced

## Reviewers

@Damien - Please review and merge when ready

---

**This PR represents the complete troubleshooting journey and brings the lab to production-ready status with full L2 and L3 VXLAN functionality.** 🚀

Reviewed-on: #14
Co-authored-by: Damien <damien@arnodo.fr>
Co-committed-by: Damien <damien@arnodo.fr>
2025-11-30 10:24:29 +00:00

155 lines
4.4 KiB
Markdown
Raw Blame History

# Host Interface Configuration Guide
## Overview
All four hosts in the lab use **persistent interface configuration files** mounted via ContainerLab's `binds` feature. This approach provides cleaner, more maintainable configuration compared to using `exec` commands.
## Architecture
### Dual-Homing with LACP Bonding
Each host is dual-homed to an MLAG pair of leaf switches:
- **host1**: dual-homed to leaf1 + leaf2 (VTEP1)
- **host2**: dual-homed to leaf3 + leaf4 (VTEP2)
- **host3**: dual-homed to leaf5 + leaf6 (VTEP3)
- **host4**: dual-homed to leaf7 + leaf8 (VTEP4)
### VLAN Configuration
Hosts handle VLAN tagging using sub-interfaces on the bond:
| Host | VLAN | IP Address | Purpose | VRF |
|------|------|------------|---------|-----|
| host1 | 40 | 10.40.40.101/24 | L2 VXLAN test | default |
| host2 | 34 | 10.34.34.102/24 | L3 VXLAN test | gold |
| host3 | 40 | 10.40.40.103/24 | L2 VXLAN test | default |
| host4 | 78 | 10.78.78.104/24 | L3 VXLAN test | gold |
## Interface Files Structure
Each host has a configuration file in `hosts/` directory:
- `hosts/host1_interfaces` → mounted to `/etc/network/interfaces` in host1
- `hosts/host2_interfaces` → mounted to `/etc/network/interfaces` in host2
- `hosts/host3_interfaces` → mounted to `/etc/network/interfaces` in host3
- `hosts/host4_interfaces` → mounted to `/etc/network/interfaces` in host4
## Interface Configuration Format
### Example: host1_interfaces
```
auto lo
iface lo inet loopback
# Bond interface with LACP (802.3ad)
auto bond0
iface bond0 inet manual
bond-mode 4
bond-miimon 100
bond-lacp-rate 1
bond-slaves eth1 eth2
# VLAN 40 on bond0
auto bond0.40
iface bond0.40 inet static
address 10.40.40.101
netmask 255.255.255.0
vlan-raw-device bond0
```
### Key Parameters Explained
**Bond Configuration:**
- `bond-mode 4`: LACP (802.3ad) mode - requires LACP on switch side
- `bond-miimon 100`: Link monitoring interval (100ms)
- `bond-lacp-rate 1`: Fast LACP (1 second intervals)
- `bond-slaves eth1 eth2`: Physical interfaces in the bond
**VLAN Sub-interface:**
- `bond0.40`: VLAN interface notation (bond0.VLAN_ID)
- `vlan-raw-device bond0`: Parent interface for VLAN
- Static IP configuration with address/netmask
## Deployment Process
When ContainerLab starts a host:
1. **Mount interface file** via binds
2. **Install packages**: `apk add ifupdown bonding vlan`
3. **Load kernel modules**:
- `modprobe bonding` - enables LACP bonding
- `modprobe 8021q` - enables VLAN tagging
4. **Bring up interfaces**: `ifup -a` reads `/etc/network/interfaces`
## Switch Configuration Requirements
For proper LACP operation, leaf switches must have:
```
interface Port-Channel1
description host-X
switchport mode trunk
switchport trunk allowed vlan <vlan-id>
mlag 1
port-channel lacp fallback timeout 5
port-channel lacp fallback individual
no shutdown
interface Ethernet1
description host-X-link1
channel-group 1 mode active
lacp timer fast
no shutdown
```
**Critical settings:**
- `port-channel lacp fallback`: Required for ContainerLab timing
- `lacp timer fast`: Matches host's fast LACP rate
- `no shutdown`: Must explicitly enable Port-Channel interface
## Advantages of This Approach
1. **Persistence**: Configuration survives container restarts
2. **Clarity**: Single file shows complete network config
3. **Maintainability**: Easy to modify VLAN assignments
4. **Production-like**: Mirrors real-world dual-homing scenarios
5. **Clean deployment**: No manual post-deployment fixes needed
## Testing Connectivity
### L2 VXLAN (same VLAN)
```bash
# host1 (VLAN 40) → host3 (VLAN 40)
docker exec clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
```
### L3 VXLAN (inter-VRF)
```bash
# host2 (VLAN 34, VRF gold) → host4 (VLAN 78, VRF gold)
docker exec clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
```
## Troubleshooting
### Verify bond status on host
```bash
docker exec clab-arista-evpn-fabric-host1 cat /proc/net/bonding/bond0
```
### Check VLAN interface
```bash
docker exec clab-arista-evpn-fabric-host1 ip addr show bond0.40
```
### Verify LACP on switch
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show port-channel 1 detailed"
```
## References
- Alpine Linux ifupdown-ng documentation
- Linux bonding documentation: `/usr/src/linux/Documentation/networking/bonding.txt`
- Arista MLAG configuration guide
- srl-labs/srl-evpn-mh-lab (reference implementation)
Reference in New Issue View Git Blame Copy Permalink