diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg index 43f62b4f..8d2cd7d1 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -165,17 +165,16 @@ router bgp 65102 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.4:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.1.4:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.1.4:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! - router multicast ipv4 software-forwarding kernel @@ -187,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg index 069038de..af0d23c2 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -160,15 +160,15 @@ router bgp 65103 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.5:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.1.5:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.1.5:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -181,4 +181,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg index 879c7152..b0061bd3 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -108,17 +108,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,17 +179,17 @@ router bgp 65101 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! router multicast ipv4 @@ -202,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index 28a1eead..d12cdbd9 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -58,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 + stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 ! peer dynamic ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -128,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.102/24 @@ -135,16 +139,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -194,9 +198,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,15 +212,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.2:51 - rd evpn domain remote 10.0.1.2:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.2:52 rd evpn domain remote 10.0.1.2:52 @@ -225,6 +220,15 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.2:51 + rd evpn domain remote 10.0.1.2:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun client @@ -234,4 +238,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index b954302e..2d04202c 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -39,10 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 - vrf DEV + ! + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -72,12 +73,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -118,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.103/24 @@ -125,16 +130,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +191,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -200,15 +205,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.3:51 - rd evpn domain remote 10.0.1.3:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.3:52 rd evpn domain remote 10.0.1.3:52 @@ -217,9 +213,18 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.3:51 + rd evpn domain remote 10.0.1.3:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun server local-interface Ethernet2 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg index f5dfda1b..4bdb462c 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg @@ -46,12 +46,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -165,15 +165,15 @@ router bgp 65202 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.4:51 - route-target import evpn 51:51 - route-target export evpn 51:51 -! vrf DEV rd 10.0.2.4:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.2.4:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -186,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg index fd30f933..0d8fd678 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg @@ -47,12 +47,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -95,17 +95,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -166,15 +166,15 @@ router bgp 65203 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.5:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.2.5:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.2.5:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -187,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg index ea746c7d..828e1c73 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg @@ -46,12 +46,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -108,17 +108,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,17 +179,17 @@ router bgp 65201 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.2.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.2.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! router multicast ipv4 @@ -202,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index 40aecbb3..f6edf899 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -128,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.108/24 @@ -135,16 +139,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -194,9 +198,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,15 +212,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.2:51 - rd evpn domain remote 10.0.2.2:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected -! vrf DEV rd 10.0.2.2:52 rd evpn domain remote 10.0.2.2:52 @@ -225,6 +220,15 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.2.2:51 + rd evpn domain remote 10.0.2.2:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun client @@ -234,4 +238,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 191546f8..73788d98 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -73,12 +73,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -119,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.109/24 @@ -126,16 +130,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -187,9 +191,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -201,14 +205,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd evpn domain all 10.0.2.3:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected -! vrf DEV rd evpn domain all 10.0.2.3:52 route-target import evpn 52:52 @@ -216,9 +212,17 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd evpn domain all 10.0.2.3:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun server local-interface Ethernet2 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 39c6d448..90edefef 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -58,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 + stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 ! peer dynamic ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -118,6 +118,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.0/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.2/31 +! interface Ethernet2 no switchport ip address 192.0.2.18/30 @@ -130,6 +135,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.1/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.1/32 +! interface Management1 vrf MGMT ip address 172.100.100.112/24 @@ -137,16 +146,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.17 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -172,13 +181,24 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.1:52 + rd evpn domain remote 10.0.3.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.3 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.3 activate + ! vrf PROD rd 10.0.3.1:51 rd evpn domain remote 10.0.3.1:51 @@ -189,15 +209,6 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.1 activate - ! - vrf DEV - rd 10.0.3.1:52 - rd evpn domain remote 10.0.3.1:52 - route-target import evpn 52:52 - route-target export evpn 52:52 - redistribute connected - ! - address-family ipv4 ! stun client @@ -207,4 +218,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index 22b6dabf..8d7e8343 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -119,6 +119,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.4/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.6/31 +! interface Ethernet2 no switchport ip address 192.0.2.22/30 @@ -131,6 +136,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.113/24 @@ -138,16 +147,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.21 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -168,13 +177,23 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.2:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.7 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.7 activate + ! vrf PROD rd 10.0.3.2:51 route-target import evpn 51:51 @@ -184,14 +203,6 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.5 activate - ! - vrf DEV - rd 10.0.3.2:52 - route-target import evpn 52:52 - route-target export evpn 52:52 - redistribute connected - ! - address-family ipv4 ! stun client @@ -201,4 +212,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg index 802f11f7..838b9749 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg @@ -74,15 +74,15 @@ interface Ethernet2.102 ! interface Ethernet3 description HostC1 - switchport access vlan 50 - spanning-tree portfast + switchport access vlan 60 switchport + spanning-tree portfast ! interface Ethernet4 description HostC2 - switchport access vlan 60 - spanning-tree portfast + switchport access vlan 70 switchport + spanning-tree portfast ! interface Loopback0 description Globally Unique Address @@ -135,4 +135,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index 9213e796..a0901756 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -113,15 +113,15 @@ interface Dps1 interface Ethernet1 no switchport ! -interface Ethernet1.60 - encapsulation dot1q vlan 60 +interface Ethernet1.80 + encapsulation dot1q vlan 80 vrf PROD - ip address 10.60.60.1/24 + ip address 10.80.80.1/24 ! -interface Ethernet1.70 - encapsulation dot1q vlan 70 +interface Ethernet1.90 + encapsulation dot1q vlan 90 vrf DEV - ip address 10.70.70.1/24 + ip address 10.90.90.1/24 ! interface Ethernet2 description INET @@ -133,8 +133,10 @@ interface Loopback0 ip address 10.0.4.1/32 ! interface Loopback101 - vrf PROD - ip address 10.101.4.1/32 + vrf DEV + ip address 10.102.4.1/32 +! +interface Loopback102 ! interface Management1 vrf MGMT @@ -143,8 +145,8 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -173,24 +175,24 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.4.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.4.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.4.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! stun client @@ -200,4 +202,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg index 48990543..5fed35b7 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg @@ -82,4 +82,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml index 33fd2339..dc204e28 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml @@ -8,11 +8,11 @@ tasks: - - name: Copy license file to {{ inventory_hostname }} - ansible.netcommon.net_put: - src: ./ipsec-license.json - protocol: sftp - dest: /mnt/flash/ipsec-license.json + # - name: Copy license file to {{ inventory_hostname }} + # ansible.netcommon.net_put: + # src: ./ipsec-license.json + # protocol: sftp + # dest: /mnt/flash/ipsec-license.json - name: Install license eos_command: