Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
428ce8e80f7d5474ce2f0e77dc5d05650de19ed8
arista-evpn-vxlan-clab/END_TO_END_TESTING.md

338 lines
9.1 KiB
Markdown
Raw Blame History

# End-to-End Connectivity Testing Guide
## Overview
This document provides a step-by-step guide to test the EVPN VXLAN fabric after deploying the updated topology with proper VLAN tagging on hosts.
## Recent Changes
### Fixed Issues
1. **Host VLAN Tagging**
- Hosts now create VLAN subinterfaces on top of bonded interfaces
- Host1 & Host3: VLAN 40 tagged (L2 VXLAN test)
- Host2: VLAN 34 tagged (L3 VXLAN test)
- Host4: VLAN 78 tagged (L3 VXLAN test)
2. **Leaf Port-Channel Configuration**
- All leaf Port-Channel1 interfaces are in **access mode**
- Properly mapped to their respective VLANs
- MLAG enabled for dual-active forwarding
## Pre-Test Verification
### 1. Check MLAG Status on All Leaf Pairs
```bash
# Leaf Pair 1 (leaf1 & leaf2)
ssh admin@clab-arista-evpn-fabric-leaf1 "show mlag detail"
ssh admin@clab-arista-evpn-fabric-leaf2 "show mlag detail"
# Leaf Pair 2 (leaf3 & leaf4)
ssh admin@clab-arista-evpn-fabric-leaf3 "show mlag detail"
ssh admin@clab-arista-evpn-fabric-leaf4 "show mlag detail"
# Leaf Pair 3 (leaf5 & leaf6)
ssh admin@clab-arista-evpn-fabric-leaf5 "show mlag detail"
ssh admin@clab-arista-evpn-fabric-leaf6 "show mlag detail"
# Leaf Pair 4 (leaf7 & leaf8)
ssh admin@clab-arista-evpn-fabric-leaf7 "show mlag detail"
ssh admin@clab-arista-evpn-fabric-leaf8 "show mlag detail"
```
### 2. Check BGP Underlay Status
```bash
# On Spines
ssh admin@clab-arista-evpn-fabric-spine1 "show bgp ipv4 unicast summary"
ssh admin@clab-arista-evpn-fabric-spine2 "show bgp ipv4 unicast summary"
# Expected: All leaf neighbors should be in ESTABLISHED state
```
### 3. Check BGP EVPN Status
```bash
# On any leaf
ssh admin@clab-arista-evpn-fabric-leaf1 "show bgp evpn summary"
# Expected: Both spine neighbors should be ESTABLISHED
```
## L2 VXLAN Testing (VLAN 40)
### Hosts Involved
- **Host1** (10.40.40.101) - Connected to Leaf1/Leaf2 (VTEP1)
- **Host3** (10.40.40.103) - Connected to Leaf5/Leaf6 (VTEP3)
### Test Sequence
#### Step 1: Verify Host Network Interfaces
```bash
# Check host1 VLAN interface
docker exec clab-arista-evpn-fabric-host1 ip -d link show bond0.40
docker exec clab-arista-evpn-fabric-host1 ip addr show bond0.40
# Check host3 VLAN interface
docker exec clab-arista-evpn-fabric-host3 ip -d link show bond0.40
docker exec clab-arista-evpn-fabric-host3 ip addr show bond0.40
```
#### Step 2: Verify Leaf Port-Channel Configuration
```bash
# Leaf1 Port-Channel1
ssh admin@clab-arista-evpn-fabric-leaf1 "show interface Port-Channel1 switchport"
# Expected output:
# Switchport Mode: access
# Access Mode VLAN: 40
# Spanning Tree Portfast: enabled
```
#### Step 3: Test L2 Connectivity (Ping Test)
```bash
echo "=== L2 VXLAN Ping Test (Host1 → Host3) ==="
timeout 10 docker exec clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
```
#### Step 4: Verify MAC Learning
```bash
# On Leaf1 - check local MAC learning
ssh admin@clab-arista-evpn-fabric-leaf1 "show mac address-table vlan 40"
# Expected: MAC from host1 should appear on Port-Channel1
# On Leaf5 - check MAC learning
ssh admin@clab-arista-evpn-fabric-leaf5 "show mac address-table vlan 40"
# Expected: MAC from host3 should appear on Port-Channel1
```
#### Step 5: Verify VXLAN Learning
```bash
# Check remote VXLAN endpoints
ssh admin@clab-arista-evpn-fabric-leaf1 "show vxlan vtep"
# Expected: Should show VTEP3 (10.0.255.13)
# Check VXLAN address table
ssh admin@clab-arista-evpn-fabric-leaf1 "show vxlan address-table"
# Expected: Should show MACs learned via Vxlan1 interface
```
#### Step 6: Verify EVPN Type-2 Routes
```bash
# Check BGP EVPN routes on Leaf1
ssh admin@clab-arista-evpn-fabric-leaf1 "show bgp evpn route-type mac-ip"
# Expected:
# - Local MAC (host1) with RD 65001:110040
# - Remote MAC (host3) with RD 65003:110040 pointing to VTEP 10.0.255.13
```
## L3 VXLAN Testing (VRF gold)
### Hosts Involved
- **Host2** (10.34.34.102) - Connected to Leaf3/Leaf4 (VTEP2) in VRF gold VLAN 34
- **Host4** (10.78.78.104) - Connected to Leaf7/Leaf8 (VTEP4) in VRF gold VLAN 78
### Test Sequence
#### Step 1: Verify Host Network Interfaces
```bash
# Check host2 VLAN interface
docker exec clab-arista-evpn-fabric-host2 ip -d link show bond0.34
docker exec clab-arista-evpn-fabric-host2 ip addr show bond0.34
# Check host4 VLAN interface
docker exec clab-arista-evpn-fabric-host4 ip -d link show bond0.78
docker exec clab-arista-evpn-fabric-host4 ip addr show bond0.78
```
#### Step 2: Verify Leaf VRF VLAN Configuration
```bash
# On Leaf3
ssh admin@clab-arista-evpn-fabric-leaf3 "show vlan 34"
ssh admin@clab-arista-evpn-fabric-leaf3 "show interface Vlan34"
# Expected:
# - VLAN 34 exists
# - Vlan34 interface is in VRF gold with IP 10.34.34.2/24
# - Virtual router address 10.34.34.1 is configured
```
#### Step 3: Test L3 Connectivity (Ping Test)
```bash
echo "=== L3 VXLAN Ping Test (Host2 → Host4) ==="
timeout 10 docker exec clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
```
#### Step 4: Verify VRF Routing Tables
```bash
# On Leaf3 - check routes in VRF gold
ssh admin@clab-arista-evpn-fabric-leaf3 "show ip route vrf gold"
# Expected: Should include routes to 10.34.34.0/24 and 10.78.78.0/24
# On Leaf4
ssh admin@clab-arista-evpn-fabric-leaf4 "show ip route vrf gold"
```
#### Step 5: Verify EVPN Type-5 Routes
```bash
# Check BGP EVPN routes on Leaf3
ssh admin@clab-arista-evpn-fabric-leaf3 "show bgp evpn route-type ip-prefix ipv4"
# Expected:
# - Local subnets (10.34.34.0/24 from Leaf3/Leaf4)
# - Remote subnets (10.78.78.0/24 from Leaf7/Leaf8)
```
## Complete End-to-End Test Script
```bash
#!/bin/bash
echo "======================================"
echo "EVPN VXLAN Fabric Testing"
echo "======================================"
# 1. Underlay connectivity
echo ""
echo "=== Testing Underlay BGP ==="
ssh admin@clab-arista-evpn-fabric-spine1 "show bgp ipv4 unicast summary" | tail -20
# 2. EVPN overlay connectivity
echo ""
echo "=== Testing EVPN Overlay ==="
ssh admin@clab-arista-evpn-fabric-leaf1 "show bgp evpn summary" | tail -5
# 3. L2 VXLAN connectivity
echo ""
echo "=== Testing L2 VXLAN (Host1 → Host3) ==="
timeout 10 docker exec clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
echo "Status: $?"
# 4. L3 VXLAN connectivity
echo ""
echo "=== Testing L3 VXLAN (Host2 → Host4) ==="
timeout 10 docker exec clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
echo "Status: $?"
# 5. MAC learning verification
echo ""
echo "=== Verifying MAC Learning ==="
echo "Leaf1 VLAN 40:"
ssh admin@clab-arista-evpn-fabric-leaf1 "show mac address-table vlan 40"
echo ""
echo "Leaf5 VLAN 40:"
ssh admin@clab-arista-evpn-fabric-leaf5 "show mac address-table vlan 40"
# 6. VRF routing verification
echo ""
echo "=== Verifying VRF Routing ==="
echo "Leaf3 VRF gold routes:"
ssh admin@clab-arista-evpn-fabric-leaf3 "show ip route vrf gold"
```
## Troubleshooting
### Ping fails - Hosts can't reach each other
1. **Check host connectivity to leaf:**
```bash
docker exec clab-arista-evpn-fabric-host1 ip route
# Should show default route via VLAN gateway
docker exec clab-arista-evpn-fabric-host1 ping -c 2 10.40.40.1
# Should reach the virtual router gateway
```
2. **Check leaf port-channel status:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show interface Port-Channel1"
# Should show "up, up"
```
3. **Check VXLAN interface status:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show interface Vxlan1"
# Should show "up, up"
```
4. **Check MLAG status:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show mlag detail"
# Should show "mlag is active"
```
### Empty MAC table on leafs
1. **Verify host is sending traffic:**
```bash
docker exec clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.1
# Generate some ARP/ICMP traffic
```
2. **Check for spanning-tree blocking:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show spanning-tree detail vlan 40"
```
### No EVPN routes exchanged
1. **Check BGP EVPN session state:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show bgp evpn summary"
# Must show ESTABLISHED, not Connect or Active
```
2. **Check EVPN configuration:**
```bash
ssh admin@clab-arista-evpn-fabric-leaf1 "show bgp evpn"
# Look for rd and route-target configuration
```
## Expected Results
| Test | Expected Outcome | Status |
|------|------------------|--------|
| Spine BGP | All leaves established | ✓ Expected |
| Leaf BGP | All spines established | ✓ Expected |
| EVPN neighbors | Established with spines | ✓ Expected |
| L2 ping (Host1→Host3) | 4/4 packets successful | ✓ Expected |
| L3 ping (Host2→Host4) | 4/4 packets successful | ✓ Expected |
| MAC learning | MACs learned on Vxlan1 | ✓ Expected |
| EVPN Type-2 | Routes learned for MACs | ✓ Expected |
| EVPN Type-5 | Routes learned for subnets | ✓ Expected |
---
## Lab Deployment Steps
To deploy the lab with the fixes:
```bash
cd ~/arista-evpn-vxlan-clab
git checkout fix-bgp-and-mlag
sudo containerlab destroy -t evpn-lab.clab.yml
sudo containerlab deploy -t evpn-lab.clab.yml
```
The lab should now have:
- Proper VLAN tagging on all hosts
- Correct VXLAN VTEP configuration
- Working BGP EVPN overlay
- End-to-end connectivity between remote VTEPs
Reference in New Issue View Git Blame Copy Permalink