Damien
1080bf07bb
## Summary This PR merges all fixes and improvements from the troubleshooting journey to make the Arista EVPN-VXLAN lab fully operational with both L2 and L3 VXLAN connectivity. ## What's Changed ### 🎯 Major Achievements - ✅ **L2 VXLAN fully operational** - host1 ↔ host3 connectivity verified - ✅ **L3 VXLAN fully operational** - host2 ↔ host4 connectivity verified (VRF gold) - ✅ **LACP bonding working** - dual-homed hosts with proper Port-Channel negotiation - ✅ **All BGP/EVPN sessions established** - complete underlay and overlay working ### 🔧 Infrastructure Fixes #### BGP & Routing - Added `ip routing` command to all spine and leaf switches - Fixed duplicate BGP network statements on leaf3, leaf4, leaf7, leaf8 - Activated EVPN neighbors on spine switches - Added loopback network advertisements to BGP #### MLAG Configuration - Configured MLAG peer-link in trunk mode (not access) for VLAN 4090/4091 - Added dual-active detection via management interface - Configured virtual router MAC for MLAG pairs #### Switch Port Configuration - Port-Channel1 configured in **trunk mode** on all leaf switches - Added `switchport trunk allowed vlan` for host VLANs (34, 40, 78) - Removed `no shutdown` from Port-Channel interfaces ### 🖥️ Host Networking - Complete Redesign #### Image Change - **Old:** `alpine:latest` (had bonding syntax issues) - **New:** `ghcr.io/hellt/network-multitool` (networking tools pre-installed) #### LACP Bonding Configuration Proper LACP setup following network-multitool best practices: ```yaml - ip link add bond0 type bond mode 802.3ad - ip link set dev bond0 type bond xmit_hash_policy layer3+4 - ip link set dev eth1 down - ip link set dev eth2 down - ip link set eth1 master bond0 - ip link set eth2 master bond0 - ip link set dev eth1 up - ip link set dev eth2 up - ip link set dev bond0 type bond lacp_rate fast - ip link set dev bond0 up ``` #### VLAN Configuration - **L2 VXLAN hosts (host1, host3):** VLAN 40 tagged on bond0 - **L3 VXLAN hosts (host2, host4):** VLANs 34 and 78 tagged on bond0 #### Routing Strategy - Kept management default route (172.16.0.254 via eth0) - Added **specific routes** for L3 VXLAN networks instead of default routes: - host2: `ip route add 10.78.78.0/24 via 10.34.34.1` - host4: `ip route add 10.34.34.0/24 via 10.78.78.1` ### 📁 Files Changed #### Switch Configurations (Updated) - `configs/spine1.cfg` - Added ip routing, EVPN activation - `configs/spine2.cfg` - Added ip routing, EVPN activation - `configs/leaf1.cfg` - Port-Channel trunk mode, VLAN config - `configs/leaf2.cfg` - Port-Channel trunk mode, VLAN config - `configs/leaf3.cfg` - Added ip routing, loopback ads, Port-Channel config - `configs/leaf4.cfg` - Added ip routing, loopback ads, Port-Channel config - `configs/leaf5.cfg` - Port-Channel trunk mode, VLAN config - `configs/leaf6.cfg` - Port-Channel trunk mode, VLAN config - `configs/leaf7.cfg` - Added ip routing, loopback ads, Port-Channel config - `configs/leaf8.cfg` - Added ip routing, loopback ads, Port-Channel config #### Topology (Updated) - `evpn-lab.clab.yml` - Updated all host configurations with network-multitool image and proper LACP/VLAN setup #### Documentation (New) - `hosts/README.md` - Host interface configuration guide - `hosts/host1_interfaces` - Interface file for host1 (not currently used, kept for reference) - `hosts/host2_interfaces` - Interface file for host2 (not currently used, kept for reference) - `hosts/host3_interfaces` - Interface file for host3 (not currently used, kept for reference) - `hosts/host4_interfaces` - Interface file for host4 (not currently used, kept for reference) ## Testing & Verification ### ✅ L2 VXLAN (VLAN 40) ``` host1 (10.40.40.101) → host3 (10.40.40.103) - Connectivity: VERIFIED ✓ - VXLAN tunnel: VTEP1 ↔ VTEP3 - MAC learning: Working via EVPN Type-2 ``` ### ✅ L3 VXLAN (VRF gold) ``` host2 (10.34.34.102) → host4 (10.78.78.104) - Connectivity: VERIFIED ✓ - Ping results: 0% packet loss, TTL=62 - Routing: Via EVPN Type-5 through fabric ``` ### ✅ Infrastructure Status - BGP Underlay: All sessions ESTAB - EVPN Overlay: All neighbors ESTAB - MLAG: All 4 pairs operational - Port-Channels: LACP negotiated on all hosts ## Related Issues Fixes #1 - Lab deployment and configuration fixes Fixes #2 - BGP EVPN neighbors stuck in Connect state Fixes #3 - Ready for deployment with EVPN activation Fixes #4 - Lab convergence in progress Fixes #5 - BGP EVPN neighbors stuck in Active state Fixes #11 - Host LACP bonding configuration Fixes #13 - L3 VXLAN default route issue ## Key Technical Learnings 1. **Arista EOS requires explicit `ip routing`** before BGP can function 2. **MLAG peer-link must be trunk mode** to allow VLAN 4090/4091 traversal 3. **VLAN tagging location matters** - hosts tag, switches use trunk mode 4. **network-multitool image** superior to Alpine for LACP bonding 5. **Specific routes better than default routes** when management network present 6. **LACP rate fast** ensures quick negotiation with Arista switches ## Deployment After merging, deploy with: ```bash cd ~/arista-evpn-vxlan-clab sudo containerlab destroy -t evpn-lab.clab.yml --cleanup sudo containerlab deploy -t evpn-lab.clab.yml ``` No manual post-deployment configuration needed - everything works from initial deployment! ## Breaking Changes ⚠️ **Host image changed** from `alpine:latest` to `ghcr.io/hellt/network-multitool` ⚠️ **Host configuration completely redesigned** - old exec commands replaced ## Reviewers @Damien - Please review and merge when ready --- **This PR represents the complete troubleshooting journey and brings the lab to production-ready status with full L2 and L3 VXLAN functionality.** 🚀 Reviewed-on: #14 Co-authored-by: Damien <damien@arnodo.fr> Co-committed-by: Damien <damien@arnodo.fr>
201 lines
7.1 KiB
YAML
201 lines
7.1 KiB
YAML
name: arista-evpn-fabric
|
|
|
|
mgmt:
|
|
network: evpn-mgmt
|
|
ipv4-subnet: 172.16.0.0/24
|
|
ipv4-gw: 172.16.0.254
|
|
|
|
topology:
|
|
kinds:
|
|
arista_ceos:
|
|
image: ceos:4.35.0F
|
|
|
|
nodes:
|
|
# Spine Switches
|
|
spine1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.1
|
|
startup-config: configs/spine1.cfg
|
|
|
|
spine2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.2
|
|
startup-config: configs/spine2.cfg
|
|
|
|
# Leaf Switches - VTEP1 (AS 65001)
|
|
leaf1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.25
|
|
startup-config: configs/leaf1.cfg
|
|
|
|
leaf2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.50
|
|
startup-config: configs/leaf2.cfg
|
|
|
|
# Leaf Switches - VTEP2 (AS 65002)
|
|
leaf3:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.27
|
|
startup-config: configs/leaf3.cfg
|
|
|
|
leaf4:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.28
|
|
startup-config: configs/leaf4.cfg
|
|
|
|
# Leaf Switches - VTEP3 (AS 65003)
|
|
leaf5:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.29
|
|
startup-config: configs/leaf5.cfg
|
|
|
|
leaf6:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.30
|
|
startup-config: configs/leaf6.cfg
|
|
|
|
# Leaf Switches - VTEP4 (AS 65004)
|
|
leaf7:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.31
|
|
startup-config: configs/leaf7.cfg
|
|
|
|
leaf8:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.32
|
|
startup-config: configs/leaf8.cfg
|
|
|
|
# Host devices - DUAL-HOMED with LACP bonding to MLAG pairs
|
|
host1:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.101
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.40 type vlan id 40
|
|
- ip link set bond0.40 up
|
|
- ip addr add 10.40.40.101/24 dev bond0.40
|
|
|
|
host2:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.102
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.34 type vlan id 34
|
|
- ip link set bond0.34 up
|
|
- ip addr add 10.34.34.102/24 dev bond0.34
|
|
- ip route add 10.78.78.0/24 via 10.34.34.1
|
|
|
|
host3:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.103
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.40 type vlan id 40
|
|
- ip link set bond0.40 up
|
|
- ip addr add 10.40.40.103/24 dev bond0.40
|
|
|
|
host4:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.104
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
binds:
|
|
- hosts/host4_interfaces:/etc/network/interfaces
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.78 type vlan id 78
|
|
- ip link set bond0.78 up
|
|
- ip addr add 10.78.78.104/24 dev bond0.78
|
|
- ip route add 10.34.34.0/24 via 10.78.78.1
|
|
|
|
links:
|
|
# Spine1 to Leaf connections (underlay fabric)
|
|
- endpoints: ["spine1:eth1", "leaf1:eth11"]
|
|
- endpoints: ["spine1:eth2", "leaf2:eth11"]
|
|
- endpoints: ["spine1:eth3", "leaf3:eth11"]
|
|
- endpoints: ["spine1:eth4", "leaf4:eth11"]
|
|
- endpoints: ["spine1:eth5", "leaf5:eth11"]
|
|
- endpoints: ["spine1:eth6", "leaf6:eth11"]
|
|
- endpoints: ["spine1:eth7", "leaf7:eth11"]
|
|
- endpoints: ["spine1:eth8", "leaf8:eth11"]
|
|
|
|
# Spine2 to Leaf connections (underlay fabric)
|
|
- endpoints: ["spine2:eth1", "leaf1:eth12"]
|
|
- endpoints: ["spine2:eth2", "leaf2:eth12"]
|
|
- endpoints: ["spine2:eth3", "leaf3:eth12"]
|
|
- endpoints: ["spine2:eth4", "leaf4:eth12"]
|
|
- endpoints: ["spine2:eth5", "leaf5:eth12"]
|
|
- endpoints: ["spine2:eth6", "leaf6:eth12"]
|
|
- endpoints: ["spine2:eth7", "leaf7:eth12"]
|
|
- endpoints: ["spine2:eth8", "leaf8:eth12"]
|
|
|
|
# MLAG Peer Links (leaf pairs)
|
|
- endpoints: ["leaf1:eth10", "leaf2:eth10"]
|
|
- endpoints: ["leaf3:eth10", "leaf4:eth10"]
|
|
- endpoints: ["leaf5:eth10", "leaf6:eth10"]
|
|
- endpoints: ["leaf7:eth10", "leaf8:eth10"]
|
|
|
|
# Host connections - DUAL-HOMED with LACP to MLAG pairs
|
|
# host1 dual-homed to leaf1 + leaf2
|
|
- endpoints: ["leaf1:eth1", "host1:eth1"]
|
|
- endpoints: ["leaf2:eth1", "host1:eth2"]
|
|
|
|
# host2 dual-homed to leaf3 + leaf4
|
|
- endpoints: ["leaf3:eth1", "host2:eth1"]
|
|
- endpoints: ["leaf4:eth1", "host2:eth2"]
|
|
|
|
# host3 dual-homed to leaf5 + leaf6
|
|
- endpoints: ["leaf5:eth1", "host3:eth1"]
|
|
- endpoints: ["leaf6:eth1", "host3:eth2"]
|
|
|
|
# host4 dual-homed to leaf7 + leaf8
|
|
- endpoints: ["leaf7:eth1", "host4:eth1"]
|
|
- endpoints: ["leaf8:eth1", "host4:eth2"]
|