autovpn clab config updates

aristanetworks · Sep 4, 2024 · a2f9e0c · a2f9e0c
1 parent 8efcd24
commit a2f9e0c
Show file tree

Hide file tree

Showing 16 changed files with 239 additions and 199 deletions.
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg
@@ -46,12 +46,12 @@ vlan 20
 vlan 30
    name Pink
 !
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
 !
-vrf instance DEV
-!
 aaa authorization exec default local
 !
 interface Ethernet1
@@ -94,17 +94,17 @@ interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
    vxlan vlan 10,20,30 vni 10010,10020,10030
-   vxlan vrf PROD vni 51
    vxlan vrf DEV vni 52
+   vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
-ip routing vrf DEV
 !
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
@@ -165,17 +165,16 @@ router bgp 65102
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
-   vrf PROD
-      rd 10.0.1.4:51
-      route-target import evpn 51:51
-      route-target export evpn 51:51
-   !
    vrf DEV
       rd 10.0.1.4:52
       route-target import evpn 52:52
       route-target export evpn 52:52
+   !
+   vrf PROD
+      rd 10.0.1.4:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
 !
-
 router multicast
    ipv4
       software-forwarding kernel
@@ -187,4 +186,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg
@@ -46,12 +46,12 @@ vlan 20
 vlan 30
    name Pink
 !
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
 !
-vrf instance DEV
-!
 aaa authorization exec default local
 !
 interface Ethernet1
@@ -94,17 +94,17 @@ interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
    vxlan vlan 10,20,30 vni 10010,10020,10030
-   vxlan vrf PROD vni 51
    vxlan vrf DEV vni 52
+   vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
-ip routing vrf DEV
 !
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
@@ -160,15 +160,15 @@ router bgp 65103
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
-   vrf PROD
-      rd 10.0.1.5:51
-      route-target import evpn 51:51
-      route-target export evpn 51:51
-   !
    vrf DEV
       rd 10.0.1.5:52
       route-target import evpn 52:52
       route-target export evpn 52:52
+   !
+   vrf PROD
+      rd 10.0.1.5:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
 !
 router multicast
    ipv4
@@ -181,4 +181,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg
@@ -46,12 +46,12 @@ vlan 20
 vlan 30
    name Pink
 !
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
 !
-vrf instance DEV
-!
 aaa authorization exec default local
 !
 interface Ethernet1
@@ -108,17 +108,17 @@ interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
    vxlan vlan 10,20,30 vni 10010,10020,10030
-   vxlan vrf PROD vni 51
    vxlan vrf DEV vni 52
+   vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
-ip routing vrf DEV
 !
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
@@ -179,17 +179,17 @@ router bgp 65101
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
-   vrf PROD
-      rd 10.0.1.1:51
-      route-target import evpn 51:51
-      route-target export evpn 51:51
-      redistribute connected
-   !
    vrf DEV
       rd 10.0.1.1:52
       route-target import evpn 52:52
       route-target export evpn 52:52
       redistribute connected
+   !
+   vrf PROD
+      rd 10.0.1.1:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      redistribute connected
 !
 router multicast
    ipv4
@@ -202,4 +202,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end
diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg
@@ -39,11 +39,11 @@ router adaptive-virtual-topology
    profile DEFAULT-AVT-PROFILE
       path-selection load-balance DEFAULT-LB-POLICY
    !
-   vrf PROD
+   vrf DEV
       avt policy DEFAULT-AVT-POLICY
       avt profile DEFAULT-AVT-PROFILE id 1
    !
-   vrf DEV
+   vrf PROD
       avt policy DEFAULT-AVT-POLICY
       avt profile DEFAULT-AVT-PROFILE id 1
    !
@@ -58,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
       !
       peer dynamic
       !
@@ -79,12 +79,12 @@ system l1
    unsupported speed action error
    unsupported error-correction action error
 !
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
 !
-vrf instance DEV
-!
 aaa authorization exec default local
 !
 ip security
@@ -128,23 +128,27 @@ interface Loopback101
    vrf PROD
    ip address 10.1.101.2/32
 !
+interface Loopback102
+   vrf DEV
+   ip address 10.1.102.2/32
+!
 interface Management1
    vrf MGMT
    ip address 172.100.100.102/24
 !
 interface Vxlan1
    vxlan source-interface Dps1
    vxlan udp-port 4789
-   vxlan vrf PROD vni 51
    vxlan vrf DEV vni 52
+   vxlan vrf PROD vni 51
    vxlan vrf default vni 50
 !
 mac address-table aging-time 1800
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
-ip routing vrf DEV
 !
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
@@ -194,9 +198,9 @@ router bgp 65000
    !
    address-family evpn
       neighbor DC1-EVPN-PEERS activate
-      neighbor DC1-EVPN-PEERS encapsulation vxlan
+      neighbor DC1-EVPN-PEERS encapsulation vxlan 
       neighbor WAN-OVERLAY-PEERS activate
-      neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
       neighbor WAN-OVERLAY-PEERS domain remote
       route import match-failure action discard
    !
@@ -208,15 +212,6 @@ router bgp 65000
       bgp additional-paths send any
       neighbor WAN-OVERLAY-PEERS activate
    !
-   vrf PROD
-      rd 10.0.1.2:51
-      rd evpn domain remote 10.0.1.2:51
-      route-target import evpn 51:51
-      route-target import evpn domain remote 51:51
-      route-target export evpn 51:51
-      route-target export evpn domain remote 51:51
-      redistribute connected
-   !
    vrf DEV
       rd 10.0.1.2:52
       rd evpn domain remote 10.0.1.2:52
@@ -225,6 +220,15 @@ router bgp 65000
       route-target export evpn 52:52
       route-target export evpn domain remote 52:52
       redistribute connected
+   !
+   vrf PROD
+      rd 10.0.1.2:51
+      rd evpn domain remote 10.0.1.2:51
+      route-target import evpn 51:51
+      route-target import evpn domain remote 51:51
+      route-target export evpn 51:51
+      route-target export evpn domain remote 51:51
+      redistribute connected
 !
 stun
    client
@@ -234,4 +238,4 @@ stun
       server-profile DC2-R2-Ethernet2
          ip address 192.0.2.14
 !
-end
+end