Damien/infra-clab-pipeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb3ba8f647353c4826d2e82d36aac9072f1ccc75
infra-clab-pipeline/README.md

392 lines
13 KiB
Markdown
Raw Blame History

# Complete IP Address Plan - Arista L5 Dual DC
## 🎯 Design Philosophy
**Avoiding 192.168.x.x to prevent conflicts with LAN subnet (192.168.1.0/24)**
We'll use **RFC 1918 private address space** strategically:
- **Management**: `10.255.0.0/24` (out-of-band)
- **DC1 Underlay**: `10.1.x.x/16` range
- **DC2 Underlay**: `10.2.x.x/16` range
- **DCI**: `10.253.x.x` range
- **Host/Tenant Networks**: `172.16.x.x/16` range
---
## 📊 IP Address Summary Table
| Network Purpose | Subnet | Size | Usage |
|----------------|--------|------|-------|
| Management (OOB) | 10.255.0.0/24 | 254 hosts | ContainerLab mgmt |
| DC1 Loopback0 | 10.1.0.0/24 | 254 hosts | Router IDs |
| DC1 Loopback1 | 10.1.1.0/24 | 254 hosts | VTEP addresses |
| DC1 P2P Links | 10.1.10.0/24 | 127 /31s | Spine-Leaf links |
| DC1 MLAG Peer | 10.1.255.0/30 | Per pair | MLAG peer links |
| DC2 Loopback0 | 10.2.0.0/24 | 254 hosts | Router IDs |
| DC2 Loopback1 | 10.2.1.0/24 | 254 hosts | VTEP addresses |
| DC2 P2P Links | 10.2.10.0/24 | 127 /31s | Spine-Leaf links |
| DC2 MLAG Peer | 10.2.255.0/30 | Per pair | MLAG peer links |
| DCI Loopback | 10.253.0.1/32 | 1 host | DCI router ID |
| DCI P2P Links | 10.253.254.0/24 | 127 /31s | Border-DCI links |
| Tenant VLANs | 172.16.x.0/24 | Per VLAN | Host networks |
---
## 🔌 Management Network (Out-of-Band)
**Subnet**: `10.255.0.0/24`
### DC1 Management IPs
```
Device | Management IP | Purpose
--------------------|----------------|------------------
spine1-DC1 | 10.255.0.11 | SSH/API access
spine2-DC1 | 10.255.0.12 | SSH/API access
spine3-DC1 | 10.255.0.13 | SSH/API access
leaf1-DC1 | 10.255.0.21 | SSH/API access
leaf2-DC1 | 10.255.0.22 | SSH/API access
leaf3-DC1 | 10.255.0.23 | SSH/API access
leaf4-DC1 | 10.255.0.24 | SSH/API access
borderleaf1-DC1 | 10.255.0.31 | SSH/API access
borderleaf2-DC1 | 10.255.0.32 | SSH/API access
```
### DC2 Management IPs
```
Device | Management IP | Purpose
--------------------|----------------|------------------
spine1-DC2 | 10.255.0.41 | SSH/API access
spine2-DC2 | 10.255.0.42 | SSH/API access
spine3-DC2 | 10.255.0.43 | SSH/API access
leaf1-DC2 | 10.255.0.51 | SSH/API access
leaf2-DC2 | 10.255.0.52 | SSH/API access
leaf3-DC2 | 10.255.0.53 | SSH/API access
leaf4-DC2 | 10.255.0.54 | SSH/API access
borderleaf1-DC2 | 10.255.0.61 | SSH/API access
borderleaf2-DC2 | 10.255.0.62 | SSH/API access
```
### DCI Management IP
```
Device | Management IP | Purpose
--------------------|----------------|------------------
DCI | 10.255.0.100 | SSH/API access
```
### Host Management IPs
```
Device | Management IP | Purpose
--------------------|----------------|------------------
host1-DC1 | 10.255.0.201 | SSH access
host2-DC1 | 10.255.0.202 | SSH access
host1-DC2 | 10.255.0.211 | SSH access
host2-DC2 | 10.255.0.212 | SSH access
```
---
## 🏢 DC1 - Data Center 1 IP Plan
### Loopback0 Addresses (Router IDs)
**Subnet**: `10.1.0.0/24`
```
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
spine1-DC1 | 10.1.0.11 | /32 | 10.1.0.11
spine2-DC1 | 10.1.0.12 | /32 | 10.1.0.12
spine3-DC1 | 10.1.0.13 | /32 | 10.1.0.13
leaf1-DC1 | 10.1.0.21 | /32 | 10.1.0.21
leaf2-DC1 | 10.1.0.22 | /32 | 10.1.0.22
leaf3-DC1 | 10.1.0.23 | /32 | 10.1.0.23
leaf4-DC1 | 10.1.0.24 | /32 | 10.1.0.24
borderleaf1-DC1 | 10.1.0.31 | /32 | 10.1.0.31
borderleaf2-DC1 | 10.1.0.32 | /32 | 10.1.0.32
```
### Loopback1 Addresses (VTEP)
**Subnet**: `10.1.1.0/24`
```
Device | Loopback1 | Mask | Notes
--------------------|----------------|------|------------------------
leaf1-DC1 | 10.1.1.21 | /32 | Shared with leaf2
leaf2-DC1 | 10.1.1.21 | /32 | Shared with leaf1 (MLAG)
leaf3-DC1 | 10.1.1.23 | /32 | Shared with leaf4
leaf4-DC1 | 10.1.1.23 | /32 | Shared with leaf3 (MLAG)
borderleaf1-DC1 | 10.1.1.31 | /32 | Shared with borderleaf2
borderleaf2-DC1 | 10.1.1.31 | /32 | Shared with borderleaf1 (MLAG)
```
**Note**: Spines don't need Loopback1 (not VTEPs)
### Point-to-Point Links (Spine-Leaf)
**Subnet**: `10.1.10.0/24` (using /31 subnets)
#### Spine1-DC1 Links
```
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth3 - spine1-DC1:eth2 | 10.1.10.0 | 10.1.10.1 | /31
leaf2-DC1:eth3 - spine1-DC1:eth3 | 10.1.10.2 | 10.1.10.3 | /31
leaf3-DC1:eth3 - spine1-DC1:eth4 | 10.1.10.4 | 10.1.10.5 | /31
leaf4-DC1:eth3 - spine1-DC1:eth5 | 10.1.10.6 | 10.1.10.7 | /31
border1-DC1:eth3 - spine1-DC1:eth6| 10.1.10.8 | 10.1.10.9 | /31
border2-DC1:eth3 - spine1-DC1:eth7| 10.1.10.10 | 10.1.10.11 | /31
```
#### Spine2-DC1 Links
```
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth4 - spine2-DC1:eth2 | 10.1.10.12 | 10.1.10.13 | /31
leaf2-DC1:eth4 - spine2-DC1:eth3 | 10.1.10.14 | 10.1.10.15 | /31
leaf3-DC1:eth4 - spine2-DC1:eth4 | 10.1.10.16 | 10.1.10.17 | /31
leaf4-DC1:eth4 - spine2-DC1:eth5 | 10.1.10.18 | 10.1.10.19 | /31
border1-DC1:eth4 - spine2-DC1:eth6| 10.1.10.20 | 10.1.10.21 | /31
border2-DC1:eth4 - spine2-DC1:eth7| 10.1.10.22 | 10.1.10.23 | /31
```
#### Spine3-DC1 Links
```
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth5 - spine3-DC1:eth2 | 10.1.10.24 | 10.1.10.25 | /31
leaf2-DC1:eth5 - spine3-DC1:eth3 | 10.1.10.26 | 10.1.10.27 | /31
leaf3-DC1:eth5 - spine3-DC1:eth4 | 10.1.10.28 | 10.1.10.29 | /31
leaf4-DC1:eth5 - spine3-DC1:eth5 | 10.1.10.30 | 10.1.10.31 | /31
border1-DC1:eth5 - spine3-DC1:eth6| 10.1.10.32 | 10.1.10.33 | /31
border2-DC1:eth5 - spine3-DC1:eth7| 10.1.10.34 | 10.1.10.35 | /31
```
### MLAG Peer Links (VLAN 4094)
**Subnet**: `10.1.255.0/24` (using /30 subnets)
```
MLAG Pair | Device | VLAN 4094 IP | Subnet
--------------------|-----------------|--------------|--------
Leaf Pair 1 | leaf1-DC1 | 10.1.255.1 | /30
| leaf2-DC1 | 10.1.255.2 | /30
Leaf Pair 2 | leaf3-DC1 | 10.1.255.5 | /30
| leaf4-DC1 | 10.1.255.6 | /30
Border Leaf Pair | borderleaf1-DC1 | 10.1.255.9 | /30
| borderleaf2-DC1 | 10.1.255.10 | /30
```
---
## 🏢 DC2 - Data Center 2 IP Plan
### Loopback0 Addresses (Router IDs)
**Subnet**: `10.2.0.0/24`
```
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
spine1-DC2 | 10.2.0.11 | /32 | 10.2.0.11
spine2-DC2 | 10.2.0.12 | /32 | 10.2.0.12
spine3-DC2 | 10.2.0.13 | /32 | 10.2.0.13
leaf1-DC2 | 10.2.0.21 | /32 | 10.2.0.21
leaf2-DC2 | 10.2.0.22 | /32 | 10.2.0.22
leaf3-DC2 | 10.2.0.23 | /32 | 10.2.0.23
leaf4-DC2 | 10.2.0.24 | /32 | 10.2.0.24
borderleaf1-DC2 | 10.2.0.31 | /32 | 10.2.0.31
borderleaf2-DC2 | 10.2.0.32 | /32 | 10.2.0.32
```
### Loopback1 Addresses (VTEP)
**Subnet**: `10.2.1.0/24`
```
Device | Loopback1 | Mask | Notes
--------------------|----------------|------|------------------------
leaf1-DC2 | 10.2.1.21 | /32 | Shared with leaf2
leaf2-DC2 | 10.2.1.21 | /32 | Shared with leaf1 (MLAG)
leaf3-DC2 | 10.2.1.23 | /32 | Shared with leaf4
leaf4-DC2 | 10.2.1.23 | /32 | Shared with leaf3 (MLAG)
borderleaf1-DC2 | 10.2.1.31 | /32 | Shared with borderleaf2
borderleaf2-DC2 | 10.2.1.31 | /32 | Shared with borderleaf1 (MLAG)
```
### Point-to-Point Links (Spine-Leaf)
**Subnet**: `10.2.10.0/24` (using /31 subnets)
**Same pattern as DC1**, but using `10.2.10.x` range:
- Spine1 links: 10.2.10.0 - 10.2.10.11
- Spine2 links: 10.2.10.12 - 10.2.10.23
- Spine3 links: 10.2.10.24 - 10.2.10.35
### MLAG Peer Links (VLAN 4094)
**Subnet**: `10.2.255.0/24` (using /30 subnets)
```
MLAG Pair | Device | VLAN 4094 IP | Subnet
--------------------|-----------------|--------------|--------
Leaf Pair 1 | leaf1-DC2 | 10.2.255.1 | /30
| leaf2-DC2 | 10.2.255.2 | /30
Leaf Pair 2 | leaf3-DC2 | 10.2.255.5 | /30
| leaf4-DC2 | 10.2.255.6 | /30
Border Leaf Pair | borderleaf1-DC2 | 10.2.255.9 | /30
| borderleaf2-DC2 | 10.2.255.10 | /30
```
---
## 🌐 DCI (Data Center Interconnect) IP Plan
### DCI Loopback
```
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
DCI | 10.253.0.1 | /32 | 10.253.0.1
```
### DCI Point-to-Point Links
**Subnet**: `10.253.254.0/24` (using /31 subnets)
```
Link | Borderleaf Side | DCI Side | Subnet
------------------------------------|-----------------|--------------|--------
borderleaf1-DC1:eth12 - DCI:eth1 | 10.253.254.0 | 10.253.254.1 | /31
borderleaf2-DC1:eth12 - DCI:eth2 | 10.253.254.2 | 10.253.254.3 | /31
borderleaf1-DC2:eth12 - DCI:eth3 | 10.253.254.4 | 10.253.254.5 | /31
borderleaf2-DC2:eth12 - DCI:eth4 | 10.253.254.6 | 10.253.254.7 | /31
```
---
## 🖥️ Tenant/Host Networks
### VLAN Allocation
**Subnet**: `172.16.x.0/24` (one /24 per VLAN)
```
VLAN ID | VLAN Name | Subnet | Gateway | Purpose
--------|--------------|-----------------|--------------|------------------
100 | TENANT-A | 172.16.100.0/24 | 172.16.100.1 | Tenant A workloads
200 | TENANT-B | 172.16.200.0/24 | 172.16.200.1 | Tenant B workloads
300 | DMZ | 172.16.300.0/24 | 172.16.300.1 | DMZ services
4094 | MLAG-PEER | (see above) | N/A | MLAG peer link
```
### Host IP Assignments
```
Host Device | VLAN | IP Address | Gateway | Bond Interface
---------------|------|-----------------|--------------|---------------
host1-DC1 | 100 | 172.16.100.10/24| 172.16.100.1 | bond0
host2-DC1 | 200 | 172.16.200.10/24| 172.16.200.1 | bond0
host1-DC2 | 100 | 172.16.100.20/24| 172.16.100.1 | bond0
host2-DC2 | 200 | 172.16.200.20/24| 172.16.200.1 | bond0
```
---
## 📋 BGP ASN Allocation
### DC1 ASNs
```
Device Type | Devices | ASN
--------------------|------------------------------|--------
Spines | spine1-3 DC1 | 65100
Leaf Pair 1 | leaf1-DC1, leaf2-DC1 | 65101
Leaf Pair 2 | leaf3-DC1, leaf4-DC1 | 65102
Border Leaf Pair | borderleaf1-2 DC1 | 65103
```
### DC2 ASNs
```
Device Type | Devices | ASN
--------------------|------------------------------|--------
Spines | spine1-3 DC2 | 65200
Leaf Pair 1 | leaf1-DC2, leaf2-DC2 | 65201
Leaf Pair 2 | leaf3-DC2, leaf4-DC2 | 65202
Border Leaf Pair | borderleaf1-2 DC2 | 65203
```
### DCI ASN
```
Device | ASN | Purpose
--------------------|-------|--------------------------------
DCI | 65000 | Neutral AS for inter-DC routing
```
---
## 🔍 IP Address Validation
### No Conflicts With Your LAN ✅
```
Your LAN: 192.168.1.0/24
Our Plan: 10.x.x.x and 172.16.x.x
Conflict Risk: NONE ✅
```
### Subnets Summary
```
Purpose | Subnet Range | Total IPs
---------------------|-------------------|----------
Management | 10.255.0.0/24 | 254
DC1 Infrastructure | 10.1.0.0/16 | 65,534
DC2 Infrastructure | 10.2.0.0/16 | 65,534
DCI | 10.253.0.0/16 | 65,534
Tenant Networks | 172.16.0.0/16 | 65,534
```
---
## 🚀 Quick Reference Commands
### Test Management Connectivity
```bash
# DC1 Spines
ping 10.255.0.11
ping 10.255.0.12
ping 10.255.0.13
# DC1 Leafs
ping 10.255.0.21
ping 10.255.0.22
# DCI
ping 10.255.0.50
```
### SSH Access
```bash
# Access spine1-DC1
ssh admin@10.255.0.11
# Access leaf1-DC1
ssh admin@10.255.0.21
# Access DCI
ssh admin@10.255.0.50
```
### Verify Underlay from any leaf
```bash
# Check loopback reachability (should reach all loopbacks)
ping 10.1.0.11 source 10.1.0.21
# Check BGP neighbors
show ip bgp summary
# Verify ECMP paths
show ip route 10.1.1.23
```
---
## 💡 Design Highlights
1. **Clean Separation**: Each DC has its own /16 (10.1.x.x and 10.2.x.x)
2. **Consistent Numbering**: Same pattern in both DCs
3. **Easy Troubleshooting**: IP tells you the location/role
- `.0.x` = Loopback0 (router-id)
- `.1.x` = Loopback1 (VTEP)
- `.10.x` = P2P links
- `.255.x` = MLAG peer links
4. **Scalable**: Room for growth in each range
5. **No LAN Conflicts**: Completely avoids 192.168.x.x space
This addressing plan is production-ready and automation-friendly! 🎯
Reference in New Issue View Git Blame Copy Permalink