Damien
97fbc1cebe
The 'ip route add default via <fabric-gw>' exec command silently failed on campus-host1 and campus-host2 because the management DHCP on eth0 had already installed a default via 172.16.0.254. As a result, traffic leaving the host for other fabric subnets was sent out the management interface instead of the EVPN fabric, breaking end-to-end ping. Switch to 'ip route replace' so the fabric gateway overrides whatever default is installed at container start.
406 lines
15 KiB
YAML
406 lines
15 KiB
YAML
name: arista-evpn-fabric
|
|
|
|
mgmt:
|
|
network: evpn-mgmt
|
|
ipv4-subnet: 172.16.0.0/24
|
|
ipv4-gw: 172.16.0.254
|
|
|
|
topology:
|
|
kinds:
|
|
arista_ceos:
|
|
image: gitea.arnodo.fr/damien/ceos:4.36.0F
|
|
|
|
nodes:
|
|
# =====================================================
|
|
# DATACENTER FABRIC
|
|
# =====================================================
|
|
|
|
# DC Spine Switches (AS 65000)
|
|
spine1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.1
|
|
startup-config: configs/spine1.cfg
|
|
|
|
spine2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.2
|
|
startup-config: configs/spine2.cfg
|
|
|
|
# DC Leaf Switches - VTEP1 (AS 65001)
|
|
leaf1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.25
|
|
startup-config: configs/leaf1.cfg
|
|
|
|
leaf2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.50
|
|
startup-config: configs/leaf2.cfg
|
|
|
|
# DC Leaf Switches - VTEP2 (AS 65002)
|
|
leaf3:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.27
|
|
startup-config: configs/leaf3.cfg
|
|
|
|
leaf4:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.28
|
|
startup-config: configs/leaf4.cfg
|
|
|
|
# DC Leaf Switches - VTEP3 (AS 65003)
|
|
leaf5:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.29
|
|
startup-config: configs/leaf5.cfg
|
|
|
|
leaf6:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.30
|
|
startup-config: configs/leaf6.cfg
|
|
|
|
# DC Leaf Switches - VTEP4 (AS 65004)
|
|
leaf7:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.31
|
|
startup-config: configs/leaf7.cfg
|
|
|
|
leaf8:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.32
|
|
startup-config: configs/leaf8.cfg
|
|
|
|
# DC Border Leafs - MLAG pair (AS 65005)
|
|
border-leaf-dc1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.3
|
|
startup-config: configs/border-leaf-dc1.cfg
|
|
|
|
border-leaf-dc2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.4
|
|
startup-config: configs/border-leaf-dc2.cfg
|
|
|
|
# DC Access Switches - L2 only
|
|
access1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.41
|
|
startup-config: configs/access1.cfg
|
|
|
|
access2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.42
|
|
startup-config: configs/access2.cfg
|
|
|
|
access3:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.43
|
|
startup-config: configs/access3.cfg
|
|
|
|
access4:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.44
|
|
startup-config: configs/access4.cfg
|
|
|
|
# DC Host devices - dual-homed with LACP bonding
|
|
host1:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.101
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.40 type vlan id 40
|
|
- ip link set bond0.40 up
|
|
- ip addr add 10.40.40.101/24 dev bond0.40
|
|
|
|
host2:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.102
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.34 type vlan id 34
|
|
- ip link set bond0.34 up
|
|
- ip addr add 10.34.34.102/24 dev bond0.34
|
|
- ip route add 10.78.78.0/24 via 10.34.34.1
|
|
- ip route add 10.60.0.0/16 via 10.34.34.1
|
|
|
|
host3:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.103
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.40 type vlan id 40
|
|
- ip link set bond0.40 up
|
|
- ip addr add 10.40.40.103/24 dev bond0.40
|
|
|
|
host4:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.104
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
binds:
|
|
- hosts/host4_interfaces:/etc/network/interfaces
|
|
exec:
|
|
- ip link add bond0 type bond mode 802.3ad
|
|
- ip link set dev bond0 type bond xmit_hash_policy layer3+4
|
|
- ip link set dev eth1 down
|
|
- ip link set dev eth2 down
|
|
- ip link set eth1 master bond0
|
|
- ip link set eth2 master bond0
|
|
- ip link set dev eth1 up
|
|
- ip link set dev eth2 up
|
|
- ip link set dev bond0 type bond lacp_rate fast
|
|
- ip link set dev bond0 up
|
|
- ip link add link bond0 name bond0.78 type vlan id 78
|
|
- ip link set bond0.78 up
|
|
- ip addr add 10.78.78.104/24 dev bond0.78
|
|
- ip route add 10.34.34.0/24 via 10.78.78.1
|
|
- ip route add 10.60.0.0/16 via 10.78.78.1
|
|
|
|
# =====================================================
|
|
# CORE L3 (inter-fabric transit)
|
|
# =====================================================
|
|
|
|
# Core routers (AS 65500, iBGP between them)
|
|
core1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.10
|
|
startup-config: configs/core1.cfg
|
|
|
|
core2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.11
|
|
startup-config: configs/core2.cfg
|
|
|
|
# =====================================================
|
|
# CAMPUS FABRIC
|
|
# =====================================================
|
|
|
|
# Campus Spines (AS 66000)
|
|
campus-spine1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.20
|
|
startup-config: configs/campus-spine1.cfg
|
|
|
|
campus-spine2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.21
|
|
startup-config: configs/campus-spine2.cfg
|
|
|
|
# Campus Border Leafs - MLAG pair (AS 66005)
|
|
border-leaf-campus1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.22
|
|
startup-config: configs/border-leaf-campus1.cfg
|
|
|
|
border-leaf-campus2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.23
|
|
startup-config: configs/border-leaf-campus2.cfg
|
|
|
|
# Campus Leafs - VTEP1 (AS 66001)
|
|
campus-leaf1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.51
|
|
startup-config: configs/campus-leaf1.cfg
|
|
|
|
campus-leaf2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.52
|
|
startup-config: configs/campus-leaf2.cfg
|
|
|
|
# Campus Leafs - VTEP2 (AS 66002)
|
|
campus-leaf3:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.53
|
|
startup-config: configs/campus-leaf3.cfg
|
|
|
|
campus-leaf4:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.54
|
|
startup-config: configs/campus-leaf4.cfg
|
|
|
|
# Campus Access switches - L2 only
|
|
campus-access1:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.61
|
|
startup-config: configs/campus-access1.cfg
|
|
|
|
campus-access2:
|
|
kind: arista_ceos
|
|
mgmt-ipv4: 172.16.0.62
|
|
startup-config: configs/campus-access2.cfg
|
|
|
|
# Campus Hosts - single-attached to access switch (enterprise user endpoint pattern)
|
|
campus-host1:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.105
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
binds:
|
|
- hosts/campus-host1_interfaces:/etc/network/interfaces
|
|
exec:
|
|
- ip link set dev eth1 up
|
|
- ip addr add 10.60.60.101/24 dev eth1
|
|
- ip route replace default via 10.60.60.1
|
|
|
|
campus-host2:
|
|
kind: linux
|
|
mgmt-ipv4: 172.16.0.106
|
|
image: ghcr.io/hellt/network-multitool
|
|
cap-add:
|
|
- NET_ADMIN
|
|
binds:
|
|
- hosts/campus-host2_interfaces:/etc/network/interfaces
|
|
exec:
|
|
- ip link set dev eth1 up
|
|
- ip addr add 10.60.70.102/24 dev eth1
|
|
- ip route replace default via 10.60.70.1
|
|
|
|
links:
|
|
# =====================================================
|
|
# DATACENTER FABRIC LINKS
|
|
# =====================================================
|
|
|
|
# Spine1 to Leaf/Border-Leaf connections (underlay)
|
|
- endpoints: ["spine1:eth1", "leaf1:eth11"]
|
|
- endpoints: ["spine1:eth2", "leaf2:eth11"]
|
|
- endpoints: ["spine1:eth3", "leaf3:eth11"]
|
|
- endpoints: ["spine1:eth4", "leaf4:eth11"]
|
|
- endpoints: ["spine1:eth5", "leaf5:eth11"]
|
|
- endpoints: ["spine1:eth6", "leaf6:eth11"]
|
|
- endpoints: ["spine1:eth7", "leaf7:eth11"]
|
|
- endpoints: ["spine1:eth8", "leaf8:eth11"]
|
|
- endpoints: ["spine1:eth9", "border-leaf-dc1:eth11"]
|
|
- endpoints: ["spine1:eth10", "border-leaf-dc2:eth11"]
|
|
|
|
# Spine2 to Leaf/Border-Leaf connections (underlay)
|
|
- endpoints: ["spine2:eth1", "leaf1:eth12"]
|
|
- endpoints: ["spine2:eth2", "leaf2:eth12"]
|
|
- endpoints: ["spine2:eth3", "leaf3:eth12"]
|
|
- endpoints: ["spine2:eth4", "leaf4:eth12"]
|
|
- endpoints: ["spine2:eth5", "leaf5:eth12"]
|
|
- endpoints: ["spine2:eth6", "leaf6:eth12"]
|
|
- endpoints: ["spine2:eth7", "leaf7:eth12"]
|
|
- endpoints: ["spine2:eth8", "leaf8:eth12"]
|
|
- endpoints: ["spine2:eth9", "border-leaf-dc1:eth12"]
|
|
- endpoints: ["spine2:eth10", "border-leaf-dc2:eth12"]
|
|
|
|
# DC MLAG Peer Links (leaf pairs + border-leaf pair)
|
|
- endpoints: ["leaf1:eth10", "leaf2:eth10"]
|
|
- endpoints: ["leaf3:eth10", "leaf4:eth10"]
|
|
- endpoints: ["leaf5:eth10", "leaf6:eth10"]
|
|
- endpoints: ["leaf7:eth10", "leaf8:eth10"]
|
|
- endpoints: ["border-leaf-dc1:eth10", "border-leaf-dc2:eth10"]
|
|
|
|
# DC Access switch uplinks to leaf MLAG pairs (dual-homed via LACP)
|
|
- endpoints: ["leaf1:eth1", "access1:eth1"]
|
|
- endpoints: ["leaf2:eth1", "access1:eth2"]
|
|
- endpoints: ["leaf3:eth1", "access2:eth1"]
|
|
- endpoints: ["leaf4:eth1", "access2:eth2"]
|
|
- endpoints: ["leaf5:eth1", "access3:eth1"]
|
|
- endpoints: ["leaf6:eth1", "access3:eth2"]
|
|
- endpoints: ["leaf7:eth1", "access4:eth1"]
|
|
- endpoints: ["leaf8:eth1", "access4:eth2"]
|
|
|
|
# DC Host connections to access switches (dual-homed via LACP)
|
|
- endpoints: ["access1:eth3", "host1:eth1"]
|
|
- endpoints: ["access1:eth4", "host1:eth2"]
|
|
- endpoints: ["access2:eth3", "host2:eth1"]
|
|
- endpoints: ["access2:eth4", "host2:eth2"]
|
|
- endpoints: ["access3:eth3", "host3:eth1"]
|
|
- endpoints: ["access3:eth4", "host3:eth2"]
|
|
- endpoints: ["access4:eth3", "host4:eth1"]
|
|
- endpoints: ["access4:eth4", "host4:eth2"]
|
|
|
|
# =====================================================
|
|
# CORE INTERCONNECT (DC Border Leafs <-> Core <-> Campus Border Leafs)
|
|
# =====================================================
|
|
|
|
# DC Border Leafs to Core routers (4 links)
|
|
- endpoints: ["border-leaf-dc1:eth13", "core1:eth1"]
|
|
- endpoints: ["border-leaf-dc1:eth14", "core2:eth1"]
|
|
- endpoints: ["border-leaf-dc2:eth13", "core1:eth2"]
|
|
- endpoints: ["border-leaf-dc2:eth14", "core2:eth2"]
|
|
|
|
# Campus Border Leafs to Core routers (4 links)
|
|
- endpoints: ["border-leaf-campus1:eth13", "core1:eth3"]
|
|
- endpoints: ["border-leaf-campus1:eth14", "core2:eth3"]
|
|
- endpoints: ["border-leaf-campus2:eth13", "core1:eth4"]
|
|
- endpoints: ["border-leaf-campus2:eth14", "core2:eth4"]
|
|
|
|
# Core routers interconnect
|
|
- endpoints: ["core1:eth5", "core2:eth5"]
|
|
|
|
# =====================================================
|
|
# CAMPUS FABRIC LINKS
|
|
# =====================================================
|
|
|
|
# Campus Spine1 to Leafs/Border-Leafs (underlay)
|
|
- endpoints: ["campus-spine1:eth1", "campus-leaf1:eth11"]
|
|
- endpoints: ["campus-spine1:eth2", "campus-leaf2:eth11"]
|
|
- endpoints: ["campus-spine1:eth3", "campus-leaf3:eth11"]
|
|
- endpoints: ["campus-spine1:eth4", "campus-leaf4:eth11"]
|
|
- endpoints: ["campus-spine1:eth5", "border-leaf-campus1:eth11"]
|
|
- endpoints: ["campus-spine1:eth6", "border-leaf-campus2:eth11"]
|
|
|
|
# Campus Spine2 to Leafs/Border-Leafs (underlay)
|
|
- endpoints: ["campus-spine2:eth1", "campus-leaf1:eth12"]
|
|
- endpoints: ["campus-spine2:eth2", "campus-leaf2:eth12"]
|
|
- endpoints: ["campus-spine2:eth3", "campus-leaf3:eth12"]
|
|
- endpoints: ["campus-spine2:eth4", "campus-leaf4:eth12"]
|
|
- endpoints: ["campus-spine2:eth5", "border-leaf-campus1:eth12"]
|
|
- endpoints: ["campus-spine2:eth6", "border-leaf-campus2:eth12"]
|
|
|
|
# Campus MLAG Peer Links (leaf pairs + border-leaf pair)
|
|
- endpoints: ["campus-leaf1:eth10", "campus-leaf2:eth10"]
|
|
- endpoints: ["campus-leaf3:eth10", "campus-leaf4:eth10"]
|
|
- endpoints: ["border-leaf-campus1:eth10", "border-leaf-campus2:eth10"]
|
|
|
|
# Campus Access switch uplinks to leaf MLAG pairs (dual-homed via LACP)
|
|
- endpoints: ["campus-leaf1:eth1", "campus-access1:eth1"]
|
|
- endpoints: ["campus-leaf2:eth1", "campus-access1:eth2"]
|
|
- endpoints: ["campus-leaf3:eth1", "campus-access2:eth1"]
|
|
- endpoints: ["campus-leaf4:eth1", "campus-access2:eth2"]
|
|
|
|
# Campus Host connections to access switches (single link, enterprise user endpoint)
|
|
- endpoints: ["campus-access1:eth3", "campus-host1:eth1"]
|
|
- endpoints: ["campus-access2:eth3", "campus-host2:eth1"]
|