From 8efcd245eacb0d3381d2358b8ad5ee2beae95b47 Mon Sep 17 00:00:00 2001 From: Mitch Vaughan Date: Wed, 4 Sep 2024 21:51:22 +0000 Subject: [PATCH] autovpn dg clab --- .../clab/clab-wan-autovpn-dg.yml | 54 +++++++++++++------ .../clab/configs/DC1-BORDER1.cfg | 27 +++++++++- .../clab/configs/DC1-BORDER2.cfg | 21 +++++++- .../zbackend-infra/clab/configs/DC1-LEAF.cfg | 33 +++++++++++- .../zbackend-infra/clab/configs/DC1-R1.cfg | 23 ++++++-- .../zbackend-infra/clab/configs/DC1-R2.cfg | 22 ++++++-- .../clab/configs/DC2-BORDER1.cfg | 40 ++++++++++---- .../clab/configs/DC2-BORDER2.cfg | 40 ++++++++++---- .../zbackend-infra/clab/configs/DC2-LEAF.cfg | 47 ++++++++++++---- .../zbackend-infra/clab/configs/DC2-R1.cfg | 23 ++++++-- .../zbackend-infra/clab/configs/DC2-R2.cfg | 22 ++++++-- .../zbackend-infra/clab/configs/S1-R1.cfg | 21 +++++++- .../zbackend-infra/clab/configs/S1-R2.cfg | 20 ++++++- .../zbackend-infra/clab/configs/S1-SW1.cfg | 20 +++---- .../zbackend-infra/clab/configs/S2-R1.cfg | 15 +++++- .../zbackend-infra/clab/configs/S2-SW1.cfg | 12 ++--- 16 files changed, 357 insertions(+), 83 deletions(-) diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml index 402cd595..af88f750 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml @@ -121,6 +121,15 @@ topology: exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.20.20.101/24 -i6 2001:db8:20:20::101/64 -g 10.20.20.1 + HostA3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.203 + ports: + - '22203:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + ########################### ##### DC2 ########################### @@ -198,20 +207,29 @@ topology: HostB1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.203 + mgmt-ipv4: 172.100.100.204 ports: - - '22203:22' + - '22204:22' exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.10.10.102/24 -i6 2001:db8:10:10::102/64 -g 10.10.10.1 HostB2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.204 + mgmt-ipv4: 172.100.100.205 ports: - - '22204:22' + - '22205:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::101/64 -g 10.40.40.1 + + HostB3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.206 + ports: + - '22206:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 ########################### ##### SITE1 @@ -263,20 +281,20 @@ topology: HostC1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.205 + mgmt-ipv4: 172.100.100.207 ports: - - '22205:22' + - '22207:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::102/64 -g 10.40.40.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 HostC2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.206 + mgmt-ipv4: 172.100.100.208 ports: - - '22206:22' + - '22208:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 ########################### ##### SITE2 @@ -311,20 +329,20 @@ topology: HostD1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.207 + mgmt-ipv4: 172.100.100.209 ports: - - '22207:22' + - '22209:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.80.80.101/24 -i6 2001:db8:80:80::102/64 -g 10.80.80.1 HostD2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.208 + mgmt-ipv4: 172.100.100.210 ports: - - '22208:22' + - '22210:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.90.90.101/24 -i6 2001:db8:90:90::101/64 -g 10.90.90.1 ########################### ##### INTERNET @@ -363,6 +381,7 @@ topology: - endpoints: ["DC1-SPINE:et5", "DC1-BORDER2:et1"] - endpoints: ["DC1-LEAF:et2", "HostA1:eth1"] - endpoints: ["DC1-LEAF:et3", "HostA2:eth1"] + - endpoints: ["DC1-LEAF:et4", "HostA3:eth1"] ##################### ### DC1 2 ##################### @@ -373,6 +392,7 @@ topology: - endpoints: ["DC2-SPINE:et5", "DC2-BORDER2:et1"] - endpoints: ["DC2-LEAF:et2", "HostB1:eth1"] - endpoints: ["DC2-LEAF:et3", "HostB2:eth1"] + - endpoints: ["DC2-LEAF:et4", "HostB3:eth1"] ##################### ### Site1 ##################### diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg index a6ce597c..43f62b4f 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -80,11 +85,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -141,6 +153,11 @@ router bgp 65102 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.4:10030 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -152,7 +169,13 @@ router bgp 65102 rd 10.0.1.4:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.1.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! + router multicast ipv4 software-forwarding kernel @@ -164,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg index c87447e4..069038de 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -80,11 +85,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -152,6 +164,11 @@ router bgp 65103 rd 10.0.1.5:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.1.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -164,4 +181,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg index 2215ac93..879c7152 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -66,6 +71,12 @@ interface Ethernet3 switchport spanning-tree portfast ! +interface Ethernet4 + description HostA3 + switchport access vlan 30 + switchport + spanning-tree portfast +! interface Loopback0 description Globally Unique Address ip address 10.0.1.1/32 @@ -88,11 +99,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -101,6 +118,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -149,6 +167,11 @@ router bgp 65101 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.1:10023 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -161,6 +184,12 @@ router bgp 65101 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! router multicast ipv4 @@ -173,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index 1ef1d8bc..28a1eead 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -130,6 +136,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -137,6 +144,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +194,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,6 +216,15 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.2:52 + rd evpn domain remote 10.0.1.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun client @@ -217,4 +234,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index 4d8edfe2..b954302e 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -42,6 +42,9 @@ router adaptive-virtual-topology vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 ! vrf default avt policy DEFAULT-AVT-POLICY @@ -73,6 +76,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -121,6 +126,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -128,6 +134,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,9 +186,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -201,9 +208,18 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.3:52 + rd evpn domain remote 10.0.1.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg index 990b377e..f5dfda1b 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg @@ -40,13 +40,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -63,7 +68,7 @@ interface Loopback0 ip address 10.0.2.4/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.4/32 ! interface Management0 @@ -75,16 +80,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -136,9 +148,14 @@ router bgp 65202 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.4:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.4:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.4:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -152,6 +169,11 @@ router bgp 65202 rd 10.0.2.4:51 route-target import evpn 51:51 route-target export evpn 51:51 +! + vrf DEV + rd 10.0.2.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -164,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg index 3661110a..fd30f933 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg @@ -41,13 +41,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -64,7 +69,7 @@ interface Loopback0 ip address 10.0.2.5/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.5/32 ! interface Management0 @@ -76,16 +81,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -94,6 +105,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -137,9 +149,14 @@ router bgp 65203 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.5:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.5:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.5:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -153,6 +170,11 @@ router bgp 65203 rd 10.0.2.5:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.2.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -165,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg index 8c4890bd..ea746c7d 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg @@ -40,13 +40,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -62,7 +67,13 @@ interface Ethernet2 ! interface Ethernet3 description HostB2 - switchport access vlan 30 + switchport access vlan 40 + switchport + spanning-tree portfast +! +interface Ethernet4 + description HostB3 + switchport access vlan 50 switchport spanning-tree portfast ! @@ -83,16 +94,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -101,6 +118,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -144,9 +162,14 @@ router bgp 65201 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.1:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.1:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.1:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -161,6 +184,12 @@ router bgp 65201 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.2.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! router multicast ipv4 @@ -173,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index fd7a8c94..40aecbb3 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -130,6 +136,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -137,6 +144,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +194,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,6 +216,15 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected +! + vrf DEV + rd 10.0.2.2:52 + rd evpn domain remote 10.0.2.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun client @@ -217,4 +234,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 0a55fe67..191546f8 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -73,6 +77,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -121,6 +127,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -128,6 +135,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,9 +187,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -200,9 +208,17 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected +! + vrf DEV + rd evpn domain all 10.0.2.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 8f43d021..39c6d448 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -132,6 +138,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -139,6 +146,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.17 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -164,7 +172,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -181,6 +189,15 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.1 activate + ! + vrf DEV + rd 10.0.3.1:52 + rd evpn domain remote 10.0.3.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! + address-family ipv4 ! stun client @@ -190,4 +207,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index 2925b121..22b6dabf 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -133,6 +139,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -140,6 +147,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.21 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -160,7 +168,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -176,6 +184,14 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.5 activate + ! + vrf DEV + rd 10.0.3.2:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! + address-family ipv4 ! stun client @@ -185,4 +201,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg index 546aee49..802f11f7 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg @@ -32,10 +32,10 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 40 +vlan 60 name Purple ! -vlan 50 +vlan 70 name Red ! vrf instance DEV @@ -74,12 +74,14 @@ interface Ethernet2.102 ! interface Ethernet3 description HostC1 - switchport access vlan 40 + switchport access vlan 50 + spanning-tree portfast switchport ! interface Ethernet4 description HostC2 - switchport access vlan 50 + switchport access vlan 60 + spanning-tree portfast switchport ! interface Loopback0 @@ -94,13 +96,13 @@ interface Management0 vrf MGMT ip address 172.100.100.114/24 ! -interface Vlan40 +interface Vlan60 vrf PROD - ip address 10.40.40.1/24 + ip address 10.60.60.1/24 ! -interface Vlan50 +interface Vlan70 vrf DEV - ip address 10.50.50.1/24 + ip address 10.70.70.1/24 ! ip routing ip routing vrf DEV @@ -133,4 +135,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index b1442ff1..9213e796 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -140,6 +144,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -168,7 +173,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -180,6 +185,12 @@ router bgp 65000 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.4.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! stun client @@ -189,4 +200,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg index b0bc7cb7..48990543 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg @@ -32,11 +32,11 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 60 +vlan 80 name Brown ! -vlan 70 - name Pink +vlan 90 + name Gray ! vrf instance MGMT ! @@ -49,13 +49,13 @@ interface Ethernet1 ! interface Ethernet2 description HostD1 - switchport access vlan 60 + switchport access vlan 80 switchport spanning-tree portfast ! interface Ethernet3 description HostD2 - switchport access vlan 70 + switchport access vlan 90 switchport spanning-tree portfast ! @@ -82,4 +82,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end