Complete IP Address Plan - Arista L5 Dual DC
🎯 Design Philosophy
Avoiding 192.168.x.x to prevent conflicts with LAN subnet (192.168.1.0/24)
We'll use RFC 1918 private address space strategically:
- Management:
10.255.0.0/24(out-of-band) - DC1 Underlay:
10.1.x.x/16range - DC2 Underlay:
10.2.x.x/16range - DCI:
10.253.x.xrange - Host/Tenant Networks:
172.16.x.x/16range
📊 IP Address Summary Table
| Network Purpose | Subnet | Size | Usage |
|---|---|---|---|
| Management (OOB) | 10.255.0.0/24 | 254 hosts | ContainerLab mgmt |
| DC1 Loopback0 | 10.1.0.0/24 | 254 hosts | Router IDs |
| DC1 Loopback1 | 10.1.1.0/24 | 254 hosts | VTEP addresses |
| DC1 P2P Links | 10.1.10.0/24 | 127 /31s | Spine-Leaf links |
| DC1 MLAG Peer | 10.1.255.0/30 | Per pair | MLAG peer links |
| DC2 Loopback0 | 10.2.0.0/24 | 254 hosts | Router IDs |
| DC2 Loopback1 | 10.2.1.0/24 | 254 hosts | VTEP addresses |
| DC2 P2P Links | 10.2.10.0/24 | 127 /31s | Spine-Leaf links |
| DC2 MLAG Peer | 10.2.255.0/30 | Per pair | MLAG peer links |
| DCI Loopback | 10.253.0.1/32 | 1 host | DCI router ID |
| DCI P2P Links | 10.253.254.0/24 | 127 /31s | Border-DCI links |
| Tenant VLANs | 172.16.x.0/24 | Per VLAN | Host networks |
🔌 Management Network (Out-of-Band)
Subnet: 10.255.0.0/24
DC1 Management IPs
Device | Management IP | Purpose
--------------------|----------------|------------------
spine1-DC1 | 10.255.0.11 | SSH/API access
spine2-DC1 | 10.255.0.12 | SSH/API access
spine3-DC1 | 10.255.0.13 | SSH/API access
leaf1-DC1 | 10.255.0.21 | SSH/API access
leaf2-DC1 | 10.255.0.22 | SSH/API access
leaf3-DC1 | 10.255.0.23 | SSH/API access
leaf4-DC1 | 10.255.0.24 | SSH/API access
borderleaf1-DC1 | 10.255.0.31 | SSH/API access
borderleaf2-DC1 | 10.255.0.32 | SSH/API access
DC2 Management IPs
Device | Management IP | Purpose
--------------------|----------------|------------------
spine1-DC2 | 10.255.0.41 | SSH/API access
spine2-DC2 | 10.255.0.42 | SSH/API access
spine3-DC2 | 10.255.0.43 | SSH/API access
leaf1-DC2 | 10.255.0.51 | SSH/API access
leaf2-DC2 | 10.255.0.52 | SSH/API access
leaf3-DC2 | 10.255.0.53 | SSH/API access
leaf4-DC2 | 10.255.0.54 | SSH/API access
borderleaf1-DC2 | 10.255.0.61 | SSH/API access
borderleaf2-DC2 | 10.255.0.62 | SSH/API access
DCI Management IP
Device | Management IP | Purpose
--------------------|----------------|------------------
DCI | 10.255.0.100 | SSH/API access
Host Management IPs
Device | Management IP | Purpose
--------------------|----------------|------------------
host1-DC1 | 10.255.0.201 | SSH access
host2-DC1 | 10.255.0.202 | SSH access
host1-DC2 | 10.255.0.211 | SSH access
host2-DC2 | 10.255.0.212 | SSH access
🏢 DC1 - Data Center 1 IP Plan
Loopback0 Addresses (Router IDs)
Subnet: 10.1.0.0/24
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
spine1-DC1 | 10.1.0.11 | /32 | 10.1.0.11
spine2-DC1 | 10.1.0.12 | /32 | 10.1.0.12
spine3-DC1 | 10.1.0.13 | /32 | 10.1.0.13
leaf1-DC1 | 10.1.0.21 | /32 | 10.1.0.21
leaf2-DC1 | 10.1.0.22 | /32 | 10.1.0.22
leaf3-DC1 | 10.1.0.23 | /32 | 10.1.0.23
leaf4-DC1 | 10.1.0.24 | /32 | 10.1.0.24
borderleaf1-DC1 | 10.1.0.31 | /32 | 10.1.0.31
borderleaf2-DC1 | 10.1.0.32 | /32 | 10.1.0.32
Loopback1 Addresses (VTEP)
Subnet: 10.1.1.0/24
Device | Loopback1 | Mask | Notes
--------------------|----------------|------|------------------------
leaf1-DC1 | 10.1.1.21 | /32 | Shared with leaf2
leaf2-DC1 | 10.1.1.21 | /32 | Shared with leaf1 (MLAG)
leaf3-DC1 | 10.1.1.23 | /32 | Shared with leaf4
leaf4-DC1 | 10.1.1.23 | /32 | Shared with leaf3 (MLAG)
borderleaf1-DC1 | 10.1.1.31 | /32 | Shared with borderleaf2
borderleaf2-DC1 | 10.1.1.31 | /32 | Shared with borderleaf1 (MLAG)
Note: Spines don't need Loopback1 (not VTEPs)
Point-to-Point Links (Spine-Leaf)
Subnet: 10.1.10.0/24 (using /31 subnets)
Spine1-DC1 Links
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth3 - spine1-DC1:eth2 | 10.1.10.0 | 10.1.10.1 | /31
leaf2-DC1:eth3 - spine1-DC1:eth3 | 10.1.10.2 | 10.1.10.3 | /31
leaf3-DC1:eth3 - spine1-DC1:eth4 | 10.1.10.4 | 10.1.10.5 | /31
leaf4-DC1:eth3 - spine1-DC1:eth5 | 10.1.10.6 | 10.1.10.7 | /31
border1-DC1:eth3 - spine1-DC1:eth6| 10.1.10.8 | 10.1.10.9 | /31
border2-DC1:eth3 - spine1-DC1:eth7| 10.1.10.10 | 10.1.10.11 | /31
Spine2-DC1 Links
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth4 - spine2-DC1:eth2 | 10.1.10.12 | 10.1.10.13 | /31
leaf2-DC1:eth4 - spine2-DC1:eth3 | 10.1.10.14 | 10.1.10.15 | /31
leaf3-DC1:eth4 - spine2-DC1:eth4 | 10.1.10.16 | 10.1.10.17 | /31
leaf4-DC1:eth4 - spine2-DC1:eth5 | 10.1.10.18 | 10.1.10.19 | /31
border1-DC1:eth4 - spine2-DC1:eth6| 10.1.10.20 | 10.1.10.21 | /31
border2-DC1:eth4 - spine2-DC1:eth7| 10.1.10.22 | 10.1.10.23 | /31
Spine3-DC1 Links
Link | Leaf Side | Spine Side | Subnet
----------------------------------|--------------|--------------|--------
leaf1-DC1:eth5 - spine3-DC1:eth2 | 10.1.10.24 | 10.1.10.25 | /31
leaf2-DC1:eth5 - spine3-DC1:eth3 | 10.1.10.26 | 10.1.10.27 | /31
leaf3-DC1:eth5 - spine3-DC1:eth4 | 10.1.10.28 | 10.1.10.29 | /31
leaf4-DC1:eth5 - spine3-DC1:eth5 | 10.1.10.30 | 10.1.10.31 | /31
border1-DC1:eth5 - spine3-DC1:eth6| 10.1.10.32 | 10.1.10.33 | /31
border2-DC1:eth5 - spine3-DC1:eth7| 10.1.10.34 | 10.1.10.35 | /31
MLAG Peer Links (VLAN 4094)
Subnet: 10.1.255.0/24 (using /30 subnets)
MLAG Pair | Device | VLAN 4094 IP | Subnet
--------------------|-----------------|--------------|--------
Leaf Pair 1 | leaf1-DC1 | 10.1.255.1 | /30
| leaf2-DC1 | 10.1.255.2 | /30
Leaf Pair 2 | leaf3-DC1 | 10.1.255.5 | /30
| leaf4-DC1 | 10.1.255.6 | /30
Border Leaf Pair | borderleaf1-DC1 | 10.1.255.9 | /30
| borderleaf2-DC1 | 10.1.255.10 | /30
🏢 DC2 - Data Center 2 IP Plan
Loopback0 Addresses (Router IDs)
Subnet: 10.2.0.0/24
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
spine1-DC2 | 10.2.0.11 | /32 | 10.2.0.11
spine2-DC2 | 10.2.0.12 | /32 | 10.2.0.12
spine3-DC2 | 10.2.0.13 | /32 | 10.2.0.13
leaf1-DC2 | 10.2.0.21 | /32 | 10.2.0.21
leaf2-DC2 | 10.2.0.22 | /32 | 10.2.0.22
leaf3-DC2 | 10.2.0.23 | /32 | 10.2.0.23
leaf4-DC2 | 10.2.0.24 | /32 | 10.2.0.24
borderleaf1-DC2 | 10.2.0.31 | /32 | 10.2.0.31
borderleaf2-DC2 | 10.2.0.32 | /32 | 10.2.0.32
Loopback1 Addresses (VTEP)
Subnet: 10.2.1.0/24
Device | Loopback1 | Mask | Notes
--------------------|----------------|------|------------------------
leaf1-DC2 | 10.2.1.21 | /32 | Shared with leaf2
leaf2-DC2 | 10.2.1.21 | /32 | Shared with leaf1 (MLAG)
leaf3-DC2 | 10.2.1.23 | /32 | Shared with leaf4
leaf4-DC2 | 10.2.1.23 | /32 | Shared with leaf3 (MLAG)
borderleaf1-DC2 | 10.2.1.31 | /32 | Shared with borderleaf2
borderleaf2-DC2 | 10.2.1.31 | /32 | Shared with borderleaf1 (MLAG)
Point-to-Point Links (Spine-Leaf)
Subnet: 10.2.10.0/24 (using /31 subnets)
Same pattern as DC1, but using 10.2.10.x range:
- Spine1 links: 10.2.10.0 - 10.2.10.11
- Spine2 links: 10.2.10.12 - 10.2.10.23
- Spine3 links: 10.2.10.24 - 10.2.10.35
MLAG Peer Links (VLAN 4094)
Subnet: 10.2.255.0/24 (using /30 subnets)
MLAG Pair | Device | VLAN 4094 IP | Subnet
--------------------|-----------------|--------------|--------
Leaf Pair 1 | leaf1-DC2 | 10.2.255.1 | /30
| leaf2-DC2 | 10.2.255.2 | /30
Leaf Pair 2 | leaf3-DC2 | 10.2.255.5 | /30
| leaf4-DC2 | 10.2.255.6 | /30
Border Leaf Pair | borderleaf1-DC2 | 10.2.255.9 | /30
| borderleaf2-DC2 | 10.2.255.10 | /30
🌐 DCI (Data Center Interconnect) IP Plan
DCI Loopback
Device | Loopback0 | Mask | Router ID
--------------------|----------------|------|----------
DCI | 10.253.0.1 | /32 | 10.253.0.1
DCI Point-to-Point Links
Subnet: 10.253.254.0/24 (using /31 subnets)
Link | Borderleaf Side | DCI Side | Subnet
------------------------------------|-----------------|--------------|--------
borderleaf1-DC1:eth12 - DCI:eth1 | 10.253.254.0 | 10.253.254.1 | /31
borderleaf2-DC1:eth12 - DCI:eth2 | 10.253.254.2 | 10.253.254.3 | /31
borderleaf1-DC2:eth12 - DCI:eth3 | 10.253.254.4 | 10.253.254.5 | /31
borderleaf2-DC2:eth12 - DCI:eth4 | 10.253.254.6 | 10.253.254.7 | /31
🖥️ Tenant/Host Networks
VLAN Allocation
Subnet: 172.16.x.0/24 (one /24 per VLAN)
VLAN ID | VLAN Name | Subnet | Gateway | Purpose
--------|--------------|-----------------|--------------|------------------
100 | TENANT-A | 172.16.100.0/24 | 172.16.100.1 | Tenant A workloads
200 | TENANT-B | 172.16.200.0/24 | 172.16.200.1 | Tenant B workloads
300 | DMZ | 172.16.300.0/24 | 172.16.300.1 | DMZ services
4094 | MLAG-PEER | (see above) | N/A | MLAG peer link
Host IP Assignments
Host Device | VLAN | IP Address | Gateway | Bond Interface
---------------|------|-----------------|--------------|---------------
host1-DC1 | 100 | 172.16.100.10/24| 172.16.100.1 | bond0
host2-DC1 | 200 | 172.16.200.10/24| 172.16.200.1 | bond0
host1-DC2 | 100 | 172.16.100.20/24| 172.16.100.1 | bond0
host2-DC2 | 200 | 172.16.200.20/24| 172.16.200.1 | bond0
📋 BGP ASN Allocation
DC1 ASNs
Device Type | Devices | ASN
--------------------|------------------------------|--------
Spines | spine1-3 DC1 | 65100
Leaf Pair 1 | leaf1-DC1, leaf2-DC1 | 65101
Leaf Pair 2 | leaf3-DC1, leaf4-DC1 | 65102
Border Leaf Pair | borderleaf1-2 DC1 | 65103
DC2 ASNs
Device Type | Devices | ASN
--------------------|------------------------------|--------
Spines | spine1-3 DC2 | 65200
Leaf Pair 1 | leaf1-DC2, leaf2-DC2 | 65201
Leaf Pair 2 | leaf3-DC2, leaf4-DC2 | 65202
Border Leaf Pair | borderleaf1-2 DC2 | 65203
DCI ASN
Device | ASN | Purpose
--------------------|-------|--------------------------------
DCI | 65000 | Neutral AS for inter-DC routing
🔍 IP Address Validation
No Conflicts With Your LAN ✅
Your LAN: 192.168.1.0/24
Our Plan: 10.x.x.x and 172.16.x.x
Conflict Risk: NONE ✅
Subnets Summary
Purpose | Subnet Range | Total IPs
---------------------|-------------------|----------
Management | 10.255.0.0/24 | 254
DC1 Infrastructure | 10.1.0.0/16 | 65,534
DC2 Infrastructure | 10.2.0.0/16 | 65,534
DCI | 10.253.0.0/16 | 65,534
Tenant Networks | 172.16.0.0/16 | 65,534
🚀 Quick Reference Commands
Test Management Connectivity
# DC1 Spines
ping 10.255.0.11
ping 10.255.0.12
ping 10.255.0.13
# DC1 Leafs
ping 10.255.0.21
ping 10.255.0.22
# DCI
ping 10.255.0.50
SSH Access
# Access spine1-DC1
ssh admin@10.255.0.11
# Access leaf1-DC1
ssh admin@10.255.0.21
# Access DCI
ssh admin@10.255.0.50
Verify Underlay from any leaf
# Check loopback reachability (should reach all loopbacks)
ping 10.1.0.11 source 10.1.0.21
# Check BGP neighbors
show ip bgp summary
# Verify ECMP paths
show ip route 10.1.1.23
💡 Design Highlights
- Clean Separation: Each DC has its own /16 (10.1.x.x and 10.2.x.x)
- Consistent Numbering: Same pattern in both DCs
- Easy Troubleshooting: IP tells you the location/role
.0.x= Loopback0 (router-id).1.x= Loopback1 (VTEP).10.x= P2P links.255.x= MLAG peer links
- Scalable: Room for growth in each range
- No LAN Conflicts: Completely avoids 192.168.x.x space
This addressing plan is production-ready and automation-friendly! 🎯