darnodo
61a792df52
- Updated comments for clarity on leaf and border leaf layers - Added access layer switches for both DC1 and DC2 with management IPs - Established connections between access switches and their respective leaf switches - Defined host devices for both DC1 and DC2, connected to local access switches - Removed redundant host connection definitions and streamlined link configurations
Complete IP Address Plan - Arista L5 Dual DC with Access Layer
🎯 Design Philosophy
4-Tier Data Center Architecture:
- Spine Layer: Core routing (L3)
- Leaf Layer: Aggregation/Distribution (L3 + VXLAN VTEPs)
- Access Layer: Rack/Bay switches (L2/L3 - per bay/rack)
- Host Layer: End servers/workloads
IP Strategy:
- Management:
10.255.0.0/24(out-of-band) - DC1 Underlay:
10.1.x.x/16range - DC2 Underlay:
10.2.x.x/16range - DCI:
10.253.x.xrange - Host/Tenant Networks:
172.16.x.x/16range
📊 IP Address Summary Table
| Network Purpose | Subnet | Size | Usage |
|---|---|---|---|
| Management (OOB) | 10.255.0.0/24 | 254 hosts | ContainerLab mgmt |
| DC1 Loopback0 | 10.1.0.0/24 | 254 hosts | Router IDs (Spine+Leaf only) |
| DC1 Loopback1 | 10.1.1.0/24 | 254 hosts | VTEP addresses (Leaf only) |
| DC1 Spine-Leaf P2P | 10.1.10.0/24 | 127 /31s | Underlay links |
| DC1 Leaf-Access P2P | 10.1.20.0/24 | 127 /31s | Access uplinks |
| DC1 MLAG Peer | 10.1.255.0/30 | Per pair | MLAG peer links |
| DC2 Loopback0 | 10.2.0.0/24 | 254 hosts | Router IDs (Spine+Leaf only) |
| DC2 Loopback1 | 10.2.1.0/24 | 254 hosts | VTEP addresses (Leaf only) |
| DC2 Spine-Leaf P2P | 10.2.10.0/24 | 127 /31s | Underlay links |
| DC2 Leaf-Access P2P | 10.2.20.0/24 | 127 /31s | Access uplinks |
| DC2 MLAG Peer | 10.2.255.0/30 | Per pair | MLAG peer links |
| DCI Loopback | 10.253.0.1/32 | 1 host | DCI router ID |
| DCI P2P Links | 10.253.254.0/24 | 127 /31s | Border-DCI links |
| Tenant VLANs | 172.16.x.0/24 | Per VLAN | Host networks |
🔌 Management Network (Out-of-Band)
Subnet: 10.255.0.0/24
DC1 Management IPs
| Device | Management IP | Layer | Purpose |
| --------------- | ------------- | ----------- | -------------- |
| spine1-DC1 | 10.255.0.11 | Spine | SSH/API access |
| spine2-DC1 | 10.255.0.12 | Spine | SSH/API access |
| spine3-DC1 | 10.255.0.13 | Spine | SSH/API access |
| leaf1-DC1 | 10.255.0.21 | Leaf/Agg | SSH/API access |
| leaf2-DC1 | 10.255.0.22 | Leaf/Agg | SSH/API access |
| leaf3-DC1 | 10.255.0.23 | Leaf/Agg | SSH/API access |
| leaf4-DC1 | 10.255.0.24 | Leaf/Agg | SSH/API access |
| borderleaf1-DC1 | 10.255.0.31 | Border/DCI | SSH/API access |
| borderleaf2-DC1 | 10.255.0.32 | Border/DCI | SSH/API access |
| access1-DC1 | 10.255.0.71 | Access/Rack | SSH/API access |
| access2-DC1 | 10.255.0.72 | Access/Rack | SSH/API access |
DC2 Management IPs
| Device | Management IP | Layer | Purpose |
| --------------- | ------------- | ----------- | -------------- |
| spine1-DC2 | 10.255.0.41 | Spine | SSH/API access |
| spine2-DC2 | 10.255.0.42 | Spine | SSH/API access |
| spine3-DC2 | 10.255.0.43 | Spine | SSH/API access |
| leaf1-DC2 | 10.255.0.51 | Leaf/Agg | SSH/API access |
| leaf2-DC2 | 10.255.0.52 | Leaf/Agg | SSH/API access |
| leaf3-DC2 | 10.255.0.53 | Leaf/Agg | SSH/API access |
| leaf4-DC2 | 10.255.0.54 | Leaf/Agg | SSH/API access |
| borderleaf1-DC2 | 10.255.0.61 | Border/DCI | SSH/API access |
| borderleaf2-DC2 | 10.255.0.62 | Border/DCI | SSH/API access |
| access1-DC2 | 10.255.0.81 | Access/Rack | SSH/API access |
| access2-DC2 | 10.255.0.82 | Access/Rack | SSH/API access |
DCI Management IP
| Device | Management IP | Purpose |
| ------ | ------------- | -------------- |
| DCI | 10.255.0.100 | SSH/API access |
Host Management IPs
| Device | Management IP | Rack/Bay | Purpose |
| --------- | ------------- | -------- | ---------- |
| host1-DC1 | 10.255.0.201 | Bay 1 | SSH access |
| host2-DC1 | 10.255.0.202 | Bay 2 | SSH access |
| host1-DC2 | 10.255.0.211 | Bay 1 | SSH access |
| host2-DC2 | 10.255.0.212 | Bay 2 | SSH access |
🏢 DC1 - Data Center 1 IP Plan
Loopback0 Addresses (Router IDs - Spine & Leaf Only)
Subnet: 10.1.0.0/24
| Device | Loopback0 | Mask | Role | Router ID |
| --------------- | --------- | ---- | ---------- | --------- |
| spine1-DC1 | 10.1.0.11 | /32 | Spine | 10.1.0.11 |
| spine2-DC1 | 10.1.0.12 | /32 | Spine | 10.1.0.12 |
| spine3-DC1 | 10.1.0.13 | /32 | Spine | 10.1.0.13 |
| leaf1-DC1 | 10.1.0.21 | /32 | Leaf/Agg | 10.1.0.21 |
| leaf2-DC1 | 10.1.0.22 | /32 | Leaf/Agg | 10.1.0.22 |
| leaf3-DC1 | 10.1.0.23 | /32 | Leaf/Agg | 10.1.0.23 |
| leaf4-DC1 | 10.1.0.24 | /32 | Leaf/Agg | 10.1.0.24 |
| borderleaf1-DC1 | 10.1.0.31 | /32 | Border/DCI | 10.1.0.31 |
| borderleaf2-DC1 | 10.1.0.32 | /32 | Border/DCI | 10.1.0.32 |
Note: Access switches are Layer 2 only - no loopbacks needed
Loopback1 Addresses (VTEP - Leaf Layer Only)
Subnet: 10.1.1.0/24
| Device | Loopback1 | Mask | Notes |
| --------------- | --------- | ---- | ------------------------------ |
| leaf1-DC1 | 10.1.1.21 | /32 | Shared with leaf2 |
| leaf2-DC1 | 10.1.1.21 | /32 | Shared with leaf1 (MLAG) |
| leaf3-DC1 | 10.1.1.23 | /32 | Shared with leaf4 |
| leaf4-DC1 | 10.1.1.23 | /32 | Shared with leaf3 (MLAG) |
| borderleaf1-DC1 | 10.1.1.31 | /32 | Shared with borderleaf2 |
| borderleaf2-DC1 | 10.1.1.31 | /32 | Shared with borderleaf1 (MLAG) |
Note:
- Spines don't need Loopback1 (not VTEPs)
- Access switches don't need Loopback1 (L2 only)
Point-to-Point Links - Spine to Leaf (Underlay)
Subnet: 10.1.10.0/24 (using /31 subnets)
Spine1-DC1 Links
| Link | Leaf Side | Spine Side | Subnet |
| ---------------------------------- | ---------- | ---------- | ------ |
| leaf1-DC1:eth3 - spine1-DC1:eth2 | 10.1.10.0 | 10.1.10.1 | /31 |
| leaf2-DC1:eth3 - spine1-DC1:eth3 | 10.1.10.2 | 10.1.10.3 | /31 |
| leaf3-DC1:eth3 - spine1-DC1:eth4 | 10.1.10.4 | 10.1.10.5 | /31 |
| leaf4-DC1:eth3 - spine1-DC1:eth5 | 10.1.10.6 | 10.1.10.7 | /31 |
| border1-DC1:eth3 - spine1-DC1:eth6 | 10.1.10.8 | 10.1.10.9 | /31 |
| border2-DC1:eth3 - spine1-DC1:eth7 | 10.1.10.10 | 10.1.10.11 | /31 |
Spine2-DC1 Links
| Link | Leaf Side | Spine Side | Subnet |
| ---------------------------------- | ---------- | ---------- | ------ |
| leaf1-DC1:eth4 - spine2-DC1:eth2 | 10.1.10.12 | 10.1.10.13 | /31 |
| leaf2-DC1:eth4 - spine2-DC1:eth3 | 10.1.10.14 | 10.1.10.15 | /31 |
| leaf3-DC1:eth4 - spine2-DC1:eth4 | 10.1.10.16 | 10.1.10.17 | /31 |
| leaf4-DC1:eth4 - spine2-DC1:eth5 | 10.1.10.18 | 10.1.10.19 | /31 |
| border1-DC1:eth4 - spine2-DC1:eth6 | 10.1.10.20 | 10.1.10.21 | /31 |
| border2-DC1:eth4 - spine2-DC1:eth7 | 10.1.10.22 | 10.1.10.23 | /31 |
Spine3-DC1 Links
| Link | Leaf Side | Spine Side | Subnet |
| ---------------------------------- | ---------- | ---------- | ------ |
| leaf1-DC1:eth5 - spine3-DC1:eth2 | 10.1.10.24 | 10.1.10.25 | /31 |
| leaf2-DC1:eth5 - spine3-DC1:eth3 | 10.1.10.26 | 10.1.10.27 | /31 |
| leaf3-DC1:eth5 - spine3-DC1:eth4 | 10.1.10.28 | 10.1.10.29 | /31 |
| leaf4-DC1:eth5 - spine3-DC1:eth5 | 10.1.10.30 | 10.1.10.31 | /31 |
| border1-DC1:eth5 - spine3-DC1:eth6 | 10.1.10.32 | 10.1.10.33 | /31 |
| border2-DC1:eth5 - spine3-DC1:eth7 | 10.1.10.34 | 10.1.10.35 | /31 |
Point-to-Point Links - Leaf to Access (L3 Uplinks)
Subnet: 10.1.20.0/24 (using /31 subnets)
| Link | Access Side | Leaf Side | Subnet | VLAN |
| --------------------------------- | ----------- | --------- | ------ | ---- |
| access1-DC1:eth1 - leaf1-DC1:eth7 | 10.1.20.0 | 10.1.20.1 | /31 | N/A |
| access1-DC1:eth2 - leaf2-DC1:eth7 | 10.1.20.2 | 10.1.20.3 | /31 | N/A |
| access2-DC1:eth1 - leaf3-DC1:eth7 | 10.1.20.4 | 10.1.20.5 | /31 | N/A |
| access2-DC1:eth2 - leaf4-DC1:eth7 | 10.1.20.6 | 10.1.20.7 | /31 | N/A |
Note: These can be L3 (routed) or L2 (trunk) depending on design choice
MLAG Peer Links (VLAN 4094)
Subnet: 10.1.255.0/24 (using /30 subnets)
| MLAG Pair | Device | VLAN 4094 IP | Subnet |
| ---------------- | --------------- | ------------ | ------ |
| Leaf Pair 1 | leaf1-DC1 | 10.1.255.1 | /30 |
| leaf2-DC1 | 10.1.255.2 | /30 |
| Leaf Pair 2 | leaf3-DC1 | 10.1.255.5 | /30 |
| leaf4-DC1 | 10.1.255.6 | /30 |
| Border Leaf Pair | borderleaf1-DC1 | 10.1.255.9 | /30 |
| borderleaf2-DC1 | 10.1.255.10 | /30 |
Note: Access switches don't need MLAG (single ToR per bay)
🏢 DC2 - Data Center 2 IP Plan
Loopback0 Addresses (Router IDs - Spine & Leaf Only)
Subnet: 10.2.0.0/24
| Device | Loopback0 | Mask | Role | Router ID |
| --------------- | --------- | ---- | ---------- | --------- |
| spine1-DC2 | 10.2.0.11 | /32 | Spine | 10.2.0.11 |
| spine2-DC2 | 10.2.0.12 | /32 | Spine | 10.2.0.12 |
| spine3-DC2 | 10.2.0.13 | /32 | Spine | 10.2.0.13 |
| leaf1-DC2 | 10.2.0.21 | /32 | Leaf/Agg | 10.2.0.21 |
| leaf2-DC2 | 10.2.0.22 | /32 | Leaf/Agg | 10.2.0.22 |
| leaf3-DC2 | 10.2.0.23 | /32 | Leaf/Agg | 10.2.0.23 |
| leaf4-DC2 | 10.2.0.24 | /32 | Leaf/Agg | 10.2.0.24 |
| borderleaf1-DC2 | 10.2.0.31 | /32 | Border/DCI | 10.2.0.31 |
| borderleaf2-DC2 | 10.2.0.32 | /32 | Border/DCI | 10.2.0.32 |
Loopback1 Addresses (VTEP - Leaf Layer Only)
Subnet: 10.2.1.0/24
| Device | Loopback1 | Mask | Notes |
| --------------- | --------- | ---- | ------------------------------ |
| leaf1-DC2 | 10.2.1.21 | /32 | Shared with leaf2 |
| leaf2-DC2 | 10.2.1.21 | /32 | Shared with leaf1 (MLAG) |
| leaf3-DC2 | 10.2.1.23 | /32 | Shared with leaf4 |
| leaf4-DC2 | 10.2.1.23 | /32 | Shared with leaf3 (MLAG) |
| borderleaf1-DC2 | 10.2.1.31 | /32 | Shared with borderleaf2 |
| borderleaf2-DC2 | 10.2.1.31 | /32 | Shared with borderleaf1 (MLAG) |
Point-to-Point Links - Spine to Leaf (Underlay)
Subnet: 10.2.10.0/24 (using /31 subnets)
Same pattern as DC1, but using 10.2.10.x range:
- Spine1 links: 10.2.10.0 - 10.2.10.11
- Spine2 links: 10.2.10.12 - 10.2.10.23
- Spine3 links: 10.2.10.24 - 10.2.10.35
Point-to-Point Links - Leaf to Access (L3 Uplinks)
Subnet: 10.2.20.0/24 (using /31 subnets)
| Link | Access Side | Leaf Side | Subnet |
| --------------------------------- | ----------- | --------- | ------ |
| access1-DC2:eth1 - leaf1-DC2:eth7 | 10.2.20.0 | 10.2.20.1 | /31 |
| access1-DC2:eth2 - leaf2-DC2:eth7 | 10.2.20.2 | 10.2.20.3 | /31 |
| access2-DC2:eth1 - leaf3-DC2:eth7 | 10.2.20.4 | 10.2.20.5 | /31 |
| access2-DC2:eth2 - leaf4-DC2:eth7 | 10.2.20.6 | 10.2.20.7 | /31 |
MLAG Peer Links (VLAN 4094)
Subnet: 10.2.255.0/24 (using /30 subnets)
| MLAG Pair | Device | VLAN 4094 IP | Subnet |
| ---------------- | --------------- | ------------ | ------ |
| Leaf Pair 1 | leaf1-DC2 | 10.2.255.1 | /30 |
| leaf2-DC2 | 10.2.255.2 | /30 |
| Leaf Pair 2 | leaf3-DC2 | 10.2.255.5 | /30 |
| leaf4-DC2 | 10.2.255.6 | /30 |
| Border Leaf Pair | borderleaf1-DC2 | 10.2.255.9 | /30 |
| borderleaf2-DC2 | 10.2.255.10 | /30 |
🌐 DCI (Data Center Interconnect) IP Plan
DCI Loopback
| Device | Loopback0 | Mask | Router ID |
| ------ | ---------- | ---- | ---------- |
| DCI | 10.253.0.1 | /32 | 10.253.0.1 |
DCI Point-to-Point Links
Subnet: 10.253.254.0/24 (using /31 subnets)
| Link | Borderleaf Side | DCI Side | Subnet |
| -------------------------------- | --------------- | ------------ | ------ |
| borderleaf1-DC1:eth12 - DCI:eth1 | 10.253.254.0 | 10.253.254.1 | /31 |
| borderleaf2-DC1:eth12 - DCI:eth2 | 10.253.254.2 | 10.253.254.3 | /31 |
| borderleaf1-DC2:eth12 - DCI:eth3 | 10.253.254.4 | 10.253.254.5 | /31 |
| borderleaf2-DC2:eth12 - DCI:eth4 | 10.253.254.6 | 10.253.254.7 | /31 |
🖥️ Tenant/Host Networks
VLAN Allocation
Subnet: 172.16.x.0/24 (one /24 per VLAN)
| VLAN ID | VLAN Name | Subnet | Gateway | Purpose |
| ------- | --------- | --------------- | ------------ | ------------------ |
| 100 | TENANT-A | 172.16.100.0/24 | 172.16.100.1 | Tenant A workloads |
| 200 | TENANT-B | 172.16.200.0/24 | 172.16.200.1 | Tenant B workloads |
| 300 | DMZ | 172.16.300.0/24 | 172.16.300.1 | DMZ services |
| 4094 | MLAG-PEER | (see above) | N/A | MLAG peer link |
Host IP Assignments
| Host Device | Bay | VLAN | IP Address | Gateway | Access Switch |
| ----------- | --- | ---- | ---------------- | ------------ | ------------- |
| host1-DC1 | 1 | 100 | 172.16.100.10/24 | 172.16.100.1 | access1-DC1 |
| host2-DC1 | 2 | 200 | 172.16.200.10/24 | 172.16.200.1 | access2-DC1 |
| host1-DC2 | 1 | 100 | 172.16.100.20/24 | 172.16.100.1 | access1-DC2 |
| host2-DC2 | 2 | 200 | 172.16.200.20/24 | 172.16.200.1 | access2-DC2 |
📋 BGP ASN Allocation
DC1 ASNs
| Device Type | ASN | Devices | BGP Role |
| ---------------- | ----- | ----------------- | ------------------ |
| Spines | 65100 | spine1-3 DC1 | eBGP to leafs |
| Leaf Pair 1 | 65101 | leaf1-2 DC1 | eBGP to spines |
| Leaf Pair 2 | 65102 | leaf3-4 DC1 | eBGP to spines |
| Border Leaf Pair | 65103 | borderleaf1-2 DC1 | eBGP to spines+DCI |
| Access Switches | N/A | access1-2 DC1 | L2 only (no BGP) |
DC2 ASNs
| Device Type | ASN | Devices | BGP Role |
| ---------------- | ----- | ----------------- | ------------------ |
| Spines | 65200 | spine1-3 DC2 | eBGP to leafs |
| Leaf Pair 1 | 65201 | leaf1-2 DC2 | eBGP to spines |
| Leaf Pair 2 | 65202 | leaf3-4 DC2 | eBGP to spines |
| Border Leaf Pair | 65203 | borderleaf1-2 DC2 | eBGP to spines+DCI |
| Access Switches | N/A | access1-2 DC2 | L2 only (no BGP) |
DCI ASN
| Device | ASN | Purpose |
| ------ | ----- | ------------------------------- |
| DCI | 65000 | Neutral AS for inter-DC routing |
🏗️ Architecture Benefits
Why Access Layer?
-
Scalability: Each bay/rack gets its own switch
- Easy to add more bays: just add another access switch
- Leaf ports don't run out (48 port switch = 24 racks possible)
-
Simplified Cabling:
- Hosts only need 1 cable (to local access switch)
- Access switch dual-homes to MLAG leaf pair
- Reduces cross-rack cabling complexity
-
Automation-Friendly:
- Access switches are identical (same config template)
- Only variables: hostname, bay number, VLANs
- Easy to generate configs from data model
-
Cost-Effective:
- Access switches can be cheaper models (L2/L3 basic)
- Leafs reserved for VXLAN/EVPN (more expensive)
-
Failure Domain Isolation:
- Bay/rack failure contained to access switch
- Doesn't affect underlay routing
Automation Implications
For Infrahub Data Model:
Site (DC1)
├── Pod (Fabric-1)
│ ├── Spine Layer
│ │ ├── spine1-DC1
│ │ ├── spine2-DC1
│ │ └── spine3-DC1
│ ├── Leaf Layer
│ │ ├── MLAG Pair 1 (leaf1-2)
│ │ └── MLAG Pair 2 (leaf3-4)
│ └── Access Layer
│ ├── Bay 1 → access1-DC1
│ └── Bay 2 → access2-DC1
Templating Strategy:
- Spine: 1 template (all identical except IPs)
- Leaf: 2 templates (odd/even for MLAG)
- Access: 1 template (all identical except bay# and VLANs)
- Variables: Site, bay_number, VLANs, uplink_ips
🚀 Quick Reference Commands
Test Management Connectivity
# DC1 Infrastructure
ping 10.255.0.11 # spine1-DC1
ping 10.255.0.21 # leaf1-DC1
ping 10.255.0.71 # access1-DC1
# DC2 Infrastructure
ping 10.255.0.41 # spine1-DC2
ping 10.255.0.51 # leaf1-DC2
ping 10.255.0.81 # access1-DC2
# DCI
ping 10.255.0.100
# Hosts
ping 10.255.0.201 # host1-DC1
Verify Underlay from Leaf
# Check loopback reachability
ping 10.1.0.11 source 10.1.0.21
# Check BGP neighbors
show ip bgp summary
# Verify ECMP paths
show ip route 10.1.1.23
# Check VXLAN tunnels
show vxlan vtep
show vxlan address-table
Verify Access Layer Connectivity
# From access switch
show lldp neighbors
show port-channel summary
# From leaf (check access uplinks)
show interfaces ethernet 7 status
show interfaces ethernet 7 description
💡 Design Highlights
- 4-Tier Architecture: Spine → Leaf → Access → Host
- Clean Separation: Each layer has distinct role
- MLAG at Leaf Layer: Access switches dual-home to leaf pairs
- Access Layer is L2: Simplifies config, VLANs stretched via VXLAN
- One Access Per Bay: Realistic rack/bay topology
- Automation-Ready: Consistent patterns, easy templating
- Scalable: Add bays by adding access switches
This design is production-ready and automation-optimized! 🎯