Arista EVPN-VXLAN ContainerLab
A production-ready Arista BGP EVPN-VXLAN data center fabric topology using ContainerLab and cEOS.
🎯 Overview
This lab demonstrates a complete EVPN-VXLAN data center fabric with:
- 2 Spine switches (BGP Route Reflectors)
- 8 Leaf switches forming 4 VTEPs (MLAG pairs)
- BGP EVPN overlay with L2/L3 VXLAN
- MLAG configuration for high availability
- Test hosts for validation
📐 Topology
┌─────────┐ ┌─────────┐
│ Spine1 │ │ Spine2 │
│ AS65000 │ │ AS65000 │
└────┬────┘ └────┬────┘
│ │
┌───────────────┼────────────┼───────────────┐
│ │ │ │
┌────┴────┐ ┌────┴────┐ ┌────┴────┐ ┌────┴────┐
│ Leaf1/2 │ │ Leaf3/4 │ │ Leaf5/6 │ │ Leaf7/8 │
│ AS65001 │ │ AS65002 │ │ AS65003 │ │ AS65004 │
│ VTEP1 │ │ VTEP2 │ │ VTEP3 │ │ VTEP4 │
└────┬────┘ └────┬────┘ └────┬────┘ └────┬────┘
│ │ │ │
Host1 Host2 Host3 Host4
🚀 Quick Start
Prerequisites
- ContainerLab installed
- Docker installed
- Arista cEOS image:
ceos:4.35.0
Deploy the Lab
# Clone the repository
git clone https://gitea.arnodo.fr/Damien/arista-evpn-vxlan-clab.git
cd arista-evpn-vxlan-clab
# Deploy the topology
sudo containerlab deploy -t evpn-lab.clab.yml
# Check status
sudo containerlab inspect -t evpn-lab.clab.yml
Access Devices
# SSH to any device (password: admin)
ssh admin@clab-arista-evpn-fabric-leaf1
# Or use docker exec
docker exec -it clab-arista-evpn-fabric-leaf1 Cli
📋 Configuration Details
AS Numbers
- Spine: AS 65000
- VTEP1 (Leaf1/2): AS 65001
- VTEP2 (Leaf3/4): AS 65002
- VTEP3 (Leaf5/6): AS 65003
- VTEP4 (Leaf7/8): AS 65004
IP Addressing
Management Network
- Subnet:
172.16.0.0/24 - Spine1:
172.16.0.1 - Spine2:
172.16.0.2 - Leaf1-8:
172.16.0.25-32
Loopback Interfaces
-
Router-ID Loopbacks (Lo0):
10.0.250.0/24- Spine1:
10.0.250.1/32 - Spine2:
10.0.250.2/32 - Leaf1-8:
10.0.250.11-18/32
- Spine1:
-
VTEP Loopbacks (Lo1):
10.0.255.0/24- VTEP1:
10.0.255.11/32 - VTEP2:
10.0.255.12/32 - VTEP3:
10.0.255.13/32 - VTEP4:
10.0.255.14/32
- VTEP1:
Underlay P2P Links
- Spine1 to Leafs:
10.0.1.0/31,10.0.1.2/31, ...10.0.1.14/31 - Spine2 to Leafs:
10.0.2.0/31,10.0.2.2/31, ...10.0.2.14/31 - MLAG iBGP peering:
10.0.3.0/31,10.0.3.2/31,10.0.3.4/31,10.0.3.6/31
Host Network Addressing
| Host | VLAN | VRF | IP Address | Gateway | Type |
|---|---|---|---|---|---|
| host1 | 40 | default | 10.40.40.101/24 | - | L2 VXLAN |
| host2 | 34 | gold | 10.34.34.102/24 | 10.34.34.1 | L3 VXLAN |
| host3 | 40 | default | 10.40.40.103/24 | - | L2 VXLAN |
| host4 | 78 | gold | 10.78.78.104/24 | 10.78.78.1 | L3 VXLAN |
Notes:
- Host1 and Host3 are in VLAN 40 (L2 VXLAN only) and can communicate at Layer 2
- Host2 and Host4 are in VRF "gold" with different subnets, communicating via EVPN Type-5 routes (L3 VXLAN)
- All hosts use LACP bonding (802.3ad) with dual-homing to MLAG leaf pairs
Features Implemented
✅ Underlay
- BGP IPv4 Unicast
- ECMP with 4 paths
- eBGP between Spine-Leaf
- iBGP between MLAG pairs
✅ Overlay
- BGP EVPN address family
- VXLAN data plane
- EVPN Type-2 (MAC/IP routes)
- EVPN Type-5 (IP Prefix routes)
✅ High Availability
- MLAG dual-homing
- Dual-active detection
- Anycast VTEP gateway
🧪 Testing & Validation
Verify BGP EVPN Neighbors
# On any spine
show bgp evpn summary
# On any leaf
show bgp evpn summary
Verify VXLAN
# Check VXLAN interface
show interface vxlan1
# Check remote VTEPs
show vxlan vtep
# Check VXLAN address table
show vxlan address-table
Verify MLAG
# Check MLAG status
show mlag
# Check MLAG interfaces
show mlag interfaces
Test Connectivity
L2 VXLAN Testing (VLAN 40)
Test Layer 2 connectivity between host1 and host3 across the EVPN fabric:
# From host1 to host3 (same VLAN 40, different VTEPs)
docker exec -it clab-arista-evpn-fabric-host1 ping -c 4 10.40.40.103
# Check host1 interface
docker exec -it clab-arista-evpn-fabric-host1 ip addr show bond0
# From host3 to host1
docker exec -it clab-arista-evpn-fabric-host3 ping -c 4 10.40.40.101
L3 VXLAN Testing (VRF gold)
Test Layer 3 connectivity between host2 and host4 in VRF "gold":
# From host2 to host4 (different subnets via EVPN Type-5)
docker exec -it clab-arista-evpn-fabric-host2 ping -c 4 10.78.78.104
# From host4 to host2
docker exec -it clab-arista-evpn-fabric-host4 ping -c 4 10.34.34.102
# Check routing table on hosts
docker exec -it clab-arista-evpn-fabric-host2 ip route
docker exec -it clab-arista-evpn-fabric-host4 ip route
Verify EVPN Routes on Switches
# Check EVPN Type-2 routes (MAC/IP) - for VLAN 40
ssh admin@clab-arista-evpn-fabric-leaf1
show bgp evpn route-type mac-ip
# Check EVPN Type-5 routes (IP Prefix) - for VRF gold
ssh admin@clab-arista-evpn-fabric-leaf3
show bgp evpn route-type ip-prefix ipv4
# Verify VXLAN learned MACs
show vxlan address-table
# Check MAC addresses learned via EVPN
show mac address-table
📁 Repository Structure
arista-evpn-vxlan-clab/
├── README.md # This file
├── evpn-lab.clab.yml # ContainerLab topology
├── configs/ # Device configurations
│ ├── spine1.cfg
│ ├── spine2.cfg
│ ├── leaf1.cfg
│ ├── leaf2.cfg
│ ├── leaf3.cfg
│ ├── leaf4.cfg
│ ├── leaf5.cfg
│ ├── leaf6.cfg
│ ├── leaf7.cfg
│ └── leaf8.cfg
├── docs/ # Documentation
│ ├── configuration-guide.md
│ ├── validation-commands.md
│ └── topology-diagram.png
└── scripts/ # Helper scripts
├── deploy.sh
├── test-connectivity.sh
└── cleanup.sh
🔧 Cleanup
# Destroy the lab
sudo containerlab destroy -t evpn-lab.clab.yml
# Remove all related containers and networks
sudo containerlab destroy --cleanup