diff --git a/.gitignore b/.gitignore index acd455e8..62899956 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,6 @@ **/intended/** **/reports/** **/config_backup/** -# ignore tl clab configs -**/tl-configs/** # ignore secrets **.tok** !**/servers/intended/** diff --git a/datacenter/backbone/group_vars/BACKBONE.yml b/datacenter/backbone/group_vars/BACKBONE.yml index 8a82d9e5..84cf8914 100644 --- a/datacenter/backbone/group_vars/BACKBONE.yml +++ b/datacenter/backbone/group_vars/BACKBONE.yml @@ -5,11 +5,18 @@ pod_name: pod-bb type: backbone +csc_prefix_lists: + - name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 30 + action: 'permit 1.1.0.0/16 eq 32' + backbone: defaults: platform: vEOS-lab loopback_ipv4_pool: 1.1.0.0/24 bgp_as: 65000 + bgp_cluster_id: 1.1.0.0 nodes: - name: BB1 diff --git a/datacenter/domain-a/group_vars/DOMAIN_A_EVPNGW.yml b/datacenter/domain-a/group_vars/DOMAIN_A_EVPNGW.yml index f8355b38..58bcdf52 100644 --- a/datacenter/domain-a/group_vars/DOMAIN_A_EVPNGW.yml +++ b/datacenter/domain-a/group_vars/DOMAIN_A_EVPNGW.yml @@ -4,6 +4,14 @@ type: l3leaf evpn_multicast: false underlay_multicast: false +csc_prefix_lists: + - name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 30 + action: 'permit 1.1.0.0/16 eq 32' + - sequence: 40 + action: 'permit 2.2.0.0/16 eq 32' + csc_router_bgp: bgp: bestpath: diff --git a/datacenter/domain-b/group_vars/DOMAIN_B.yml b/datacenter/domain-b/group_vars/DOMAIN_B.yml index 35c9153d..714bd01e 100644 --- a/datacenter/domain-b/group_vars/DOMAIN_B.yml +++ b/datacenter/domain-b/group_vars/DOMAIN_B.yml @@ -10,6 +10,7 @@ spine: loopback_ipv4_pool: 1.1.2.0/24 isis_system_id_prefix: '0000.0000' bgp_as: 65200 + bgp_cluster_id: 1.1.2.205 raw_eos_cli: | agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true' nodes: diff --git a/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml b/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml index f89e6c0c..157e0919 100644 --- a/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml +++ b/datacenter/domain-b/group_vars/DOMAIN_B_EVPNGW.yml @@ -41,13 +41,13 @@ router_general: } return true; } - function AS65400_OUT_EVPN() { + function AS65200_OUT_EVPN() { if PREFIX_ROUTE(){ community add {2:2}; } return true; } - function AS65400_IN_EVPN() { + function AS65200_IN_EVPN() { if PREFIX_ROUTE() and FROM_GW_PEER() { return false; } diff --git a/datacenter/domain-b/host_vars/B-LEAF7.yml b/datacenter/domain-b/host_vars/B-LEAF7.yml index f0fbc332..ed29d098 100644 --- a/datacenter/domain-b/host_vars/B-LEAF7.yml +++ b/datacenter/domain-b/host_vars/B-LEAF7.yml @@ -27,6 +27,8 @@ csc_router_bgp: bfd: true ebgp_multihop: 15 send_community: all + - name: EVPN-OVERLAY-PEERS + route_reflector_client: true neighbors: - ip_address: 172.16.2.0 peer_group: IPv4-REMOTE-UNDERLAY-PEERS @@ -62,9 +64,11 @@ csc_router_bgp: rcf_out: AS65000_OUT_IPV4() - name: EVPN-OVERLAY-CORE activate: false + redistribute_routes: + - source_protocol: "connected" -csc_ethernet_interfaces: - - name: Ethernet7 - mtu: 9214 - - name: Ethernet8 - mtu: 9214 +# csc_ethernet_interfaces: +# - name: Ethernet7 +# mtu: 9214 +# - name: Ethernet8 +# mtu: 9214 diff --git a/datacenter/domain-b/host_vars/B-LEAF8.yml b/datacenter/domain-b/host_vars/B-LEAF8.yml index 7226658f..6e2d925e 100644 --- a/datacenter/domain-b/host_vars/B-LEAF8.yml +++ b/datacenter/domain-b/host_vars/B-LEAF8.yml @@ -27,6 +27,8 @@ csc_router_bgp: bfd: true ebgp_multihop: 15 send_community: all + - name: EVPN-OVERLAY-PEERS + route_reflector_client: true neighbors: - ip_address: 172.16.2.2 peer_group: IPv4-REMOTE-UNDERLAY-PEERS @@ -62,6 +64,8 @@ csc_router_bgp: rcf_out: AS65000_OUT_IPV4() - name: EVPN-OVERLAY-CORE activate: false + redistribute_routes: + - source_protocol: "connected" csc_ethernet_interfaces: - name: Ethernet7 diff --git a/datacenter/domain-c/group_vars/DOMAIN_C_EVPNGW.yml b/datacenter/domain-c/group_vars/DOMAIN_C_EVPNGW.yml index b53b6229..e3cd24a8 100644 --- a/datacenter/domain-c/group_vars/DOMAIN_C_EVPNGW.yml +++ b/datacenter/domain-c/group_vars/DOMAIN_C_EVPNGW.yml @@ -8,13 +8,6 @@ csc_vlan_interfaces: - name: 'Vlan4094' mtu: 1500 -csc_router_bgp: - bgp: - bestpath: - d_path: true - address_family_evpn: - domain_identifier: "3:3" - csc_prefix_lists: - name: PL-GATEWAY-LOOP sequence_numbers: diff --git a/datacenter/domain-c/group_vars/FABRIC.yml b/datacenter/domain-c/group_vars/FABRIC.yml index 881834fe..4ac726be 100644 --- a/datacenter/domain-c/group_vars/FABRIC.yml +++ b/datacenter/domain-c/group_vars/FABRIC.yml @@ -4,7 +4,7 @@ fabric_name: FABRIC underlay_routing_protocol: ospf overlay_routing_protocol: ebgp -vtep_vvtep_ip: 10.3.3.255/32 +vtep_vvtep_ip: 2.2.3.255/32 underlay_multicast: true evpn_multicast: true diff --git a/datacenter/domain-c/host_vars/C-LEAF7.yml b/datacenter/domain-c/host_vars/C-LEAF7.yml index 10c50833..d1476be6 100644 --- a/datacenter/domain-c/host_vars/C-LEAF7.yml +++ b/datacenter/domain-c/host_vars/C-LEAF7.yml @@ -1,6 +1,12 @@ --- csc_router_bgp: + bgp: + bestpath: + d_path: true + peer_groups: + - name: IPv4-REMOTE-UNDERLAY-PEERS + route_map_out: RM-AS65000-IPV4-OUT neighbors: - ip_address: 172.16.3.0 peer_group: IPv4-REMOTE-UNDERLAY-PEERS @@ -16,3 +22,5 @@ csc_router_bgp: - prefix: "1.1.3.7/32" - prefix: "1.1.3.8/32" - prefix: "2.2.3.7/32" + address_family_evpn: + domain_identifier: "3:3" diff --git a/datacenter/domain-c/host_vars/C-LEAF8.yml b/datacenter/domain-c/host_vars/C-LEAF8.yml index 0245691b..c95c0cd8 100644 --- a/datacenter/domain-c/host_vars/C-LEAF8.yml +++ b/datacenter/domain-c/host_vars/C-LEAF8.yml @@ -1,6 +1,12 @@ --- csc_router_bgp: + bgp: + bestpath: + d_path: true + peer_groups: + - name: IPv4-REMOTE-UNDERLAY-PEERS + route_map_out: RM-AS65000-IPV4-OUT neighbors: - ip_address: 172.16.3.2 peer_group: IPv4-REMOTE-UNDERLAY-PEERS @@ -16,3 +22,5 @@ csc_router_bgp: - prefix: "1.1.3.7/32" - prefix: "1.1.3.8/32" - prefix: "2.2.3.7/32" + address_family_evpn: + domain_identifier: "3:3" diff --git a/datacenter/global_vars/fabric_defaults/routing-defaults.yml b/datacenter/global_vars/fabric_defaults/routing-defaults.yml index 6214775a..854313b4 100644 --- a/datacenter/global_vars/fabric_defaults/routing-defaults.yml +++ b/datacenter/global_vars/fabric_defaults/routing-defaults.yml @@ -14,3 +14,5 @@ evpn_import_pruning: true mlag_ibgp_peering_vrfs: base_vlan: 3000 + +p2p_uplinks_mtu: 1500 diff --git a/tech-library/data_center/evpnvxlan/README.md b/tech-library/data_center/evpnvxlan/README.md new file mode 100644 index 00000000..524e59f2 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/README.md @@ -0,0 +1,9 @@ +# Config Notes +## Domain A + +## Domain B + +## Domain C + +## Domain D +[] Fix config BGP AS #'s to match diagram diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF1.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF1.cfg new file mode 100644 index 00000000..2e3f6eb8 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF1.cfg @@ -0,0 +1,286 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 30 + name Orange +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostA + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostB + switchport access vlan 30 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.1/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.17/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.33/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.49/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.1/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.1/32 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.11/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.105/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 +! +interface Vlan30 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.30.30.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.0/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + pim ipv4 sparse-mode +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,30 vni 10010,10030 + vxlan vrf PROD vni 50001 + vxlan mlag source-interface Loopback1 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.10.101 encap 232.1.1.10 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65112 + router-id 1.1.1.1 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65112 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + neighbor 192.168.0.0 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.16 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.32 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.48 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 1.1.1.1:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 30 + rd 1.1.1.1:10030 + route-target both 10030:10030 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf PROD + rd 1.1.1.1:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF2.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF2.cfg new file mode 100644 index 00000000..f852c42d --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF2.cfg @@ -0,0 +1,286 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 30 + name Orange +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostA + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostB + switchport access vlan 30 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.3/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.19/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.35/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.51/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.2/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.1/32 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.12/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.106/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 +! +interface Vlan30 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.30.30.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.1/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + pim ipv4 sparse-mode +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,30 vni 10010,10030 + vxlan vrf PROD vni 50001 + vxlan mlag source-interface Loopback1 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.10.101 encap 232.1.1.10 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT:.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65112 + router-id 1.1.1.2 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65112 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + neighbor 192.168.0.2 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.18 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.34 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.50 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 1.1.1.2:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 30 + rd 1.1.1.2:10030 + route-target both 10030:10030 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf PROD + rd 1.1.1.2:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF3.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF3.cfg new file mode 100644 index 00000000..7718b303 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF3.cfg @@ -0,0 +1,332 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 30 + name Orange +! +vlan 50 + name Yellow +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostD + switchport access vlan 10 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.5/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.21/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.37/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.53/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostC + switchport access vlan 50 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.3/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.3/32 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.13/32 +! +interface Loopback102 + vrf DEV + ip address 10.102.102.13/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.107/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 +! +interface Vlan30 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.30.30.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback102 + ip address virtual 10.50.50.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.0/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.0/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + pim ipv4 sparse-mode +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,30,50 vni 10010,10030,10050 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan mlag source-interface Loopback1 + vxlan vrf DEV multicast group 232.2.2.2 + vxlan vrf DEV multicast group overlay 239.0.50.101 encap 232.2.2.50 immediate + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.10.101 encap 232.1.1.10 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65134 + router-id 1.1.1.3 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65134 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + neighbor 192.168.0.4 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.20 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.36 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.52 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 1.1.1.3:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 30 + rd 1.1.1.3:10030 + route-target both 10030:10030 + redistribute learned + ! + vlan 50 + rd 1.1.1.3:10050 + route-target both 10050:10050 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf DEV + rd 1.1.1.3:50002 + evpn multicast + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate + ! + vrf PROD + rd 1.1.1.3:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf DEV + ipv4 + routing + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF4.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF4.cfg new file mode 100644 index 00000000..64522c8c --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF4.cfg @@ -0,0 +1,332 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 30 + name Orange +! +vlan 50 + name Yellow +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostD + switchport access vlan 10 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.7/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.23/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.39/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.55/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostE + switchport access vlan 30 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.4/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.3/32 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.14/32 +! +interface Loopback102 + vrf DEV + ip address 10.102.102.14/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.108/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 +! +interface Vlan30 + mtu 9014 + vrf PROD + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback101 + ip address virtual 10.30.30.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback102 + ip address virtual 10.50.50.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.1/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.1/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + pim ipv4 sparse-mode +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,30,50 vni 10010,10030,10050 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan mlag source-interface Loopback1 + vxlan vrf DEV multicast group 232.2.2.2 + vxlan vrf DEV multicast group overlay 239.0.50.101 encap 232.2.2.50 immediate + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.10.101 encap 232.1.1.10 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65134 + router-id 1.1.1.4 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65134 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + neighbor 192.168.0.6 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.22 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.38 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.54 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd 1.1.1.4:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 30 + rd 1.1.1.4:10030 + route-target both 10030:10030 + redistribute learned + ! + vlan 50 + rd 1.1.1.4:10050 + route-target both 10050:10050 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf DEV + rd 1.1.1.4:50002 + evpn multicast + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate + ! + vrf PROD + rd 1.1.1.4:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf DEV + ipv4 + routing + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF5.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF5.cfg new file mode 100644 index 00000000..7d812a42 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF5.cfg @@ -0,0 +1,261 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF5 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 70 + name Brown +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostF + switchport access vlan 70 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.9/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.25/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.41/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.57/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.5/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.5/32 +! +interface Loopback102 + vrf DEV + ip address 10.102.102.15/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.109/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback102 + ip address virtual 10.70.70.1/24 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.0/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 70 vni 10070 + vxlan vrf DEV vni 50002 + vxlan mlag source-interface Loopback1 + vxlan vrf DEV multicast group 232.2.2.2 + vxlan vrf DEV multicast group overlay 239.0.50.101 encap 232.2.2.50 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65156 + router-id 1.1.1.5 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65156 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + neighbor 192.168.0.8 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.24 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.40 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.56 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 70 + rd 1.1.1.5:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf DEV + rd 1.1.1.5:50002 + evpn multicast + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf DEV + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF6.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF6.cfg new file mode 100644 index 00000000..1b395fe2 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF6.cfg @@ -0,0 +1,261 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF6 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 70 + name Brown +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostF + switchport access vlan 70 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.11/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + no switchport + ip address 192.168.0.27/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + no switchport + ip address 192.168.0.43/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + no switchport + ip address 192.168.0.59/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.6/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.5/32 +! +interface Loopback102 + vrf DEV + ip address 10.102.102.16/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.110/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + pim ipv4 sparse-mode + pim ipv4 local-interface Loopback102 + ip address virtual 10.70.70.1/24 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.1/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 70 vni 10070 + vxlan vrf DEV vni 50002 + vxlan mlag source-interface Loopback1 + vxlan vrf DEV multicast group 232.2.2.2 + vxlan vrf DEV multicast group overlay 239.0.50.101 encap 232.2.2.50 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65156 + router-id 1.1.1.6 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65156 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + neighbor 192.168.0.10 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.26 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.42 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.58 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 70 + rd 1.1.1.6:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + ! + vrf DEV + rd 1.1.1.6:50002 + evpn multicast + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf DEV + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF7.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF7.cfg new file mode 100644 index 00000000..5286301f --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF7.cfg @@ -0,0 +1,312 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF7 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 70 + name Brown +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.13/31 +! +interface Ethernet2 + no switchport + ip address 192.168.0.29/31 +! +interface Ethernet3 + no switchport + ip address 192.168.0.45/31 +! +interface Ethernet4 + no switchport + ip address 192.168.0.61/31 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + no switchport + ip address 172.16.1.1/31 +! +interface Ethernet8 + no switchport + ip address 172.16.1.5/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.7/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.7/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.111/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.0/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.0/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,50,70 vni 10010,10050,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 2.2.1.7/32 + seq 20 permit 1.1.1.7/32 + seq 30 permit 1.1.1.8/32 +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65178 + router-id 1.1.1.7 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65178 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 172.16.1.0 peer group REMOTE-IPV4-PEERS + neighbor 172.16.1.4 peer group REMOTE-IPV4-PEERS + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + neighbor 192.168.0.12 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.28 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.44 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.60 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd evpn domain all 1.1.1.7:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 50 + rd evpn domain all 1.1.1.7:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 70 + rd evpn domain all 1.1.1.7:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 1:1 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + neighbor REMOTE-IPV4-PEERS activate + ! + vrf DEV + rd 1.1.1.7:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate + ! + vrf PROD + rd 1.1.1.7:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-LEAF8.cfg b/tech-library/data_center/evpnvxlan/configs/A-LEAF8.cfg new file mode 100644 index 00000000..49b248fe --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-LEAF8.cfg @@ -0,0 +1,312 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-LEAF8 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 70 + name Brown +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + no switchport + ip address 192.168.0.15/31 +! +interface Ethernet2 + no switchport + ip address 192.168.0.31/31 +! +interface Ethernet3 + no switchport + ip address 192.168.0.47/31 +! +interface Ethernet4 + no switchport + ip address 192.168.0.63/31 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + no switchport + ip address 172.16.1.3/31 +! +interface Ethernet8 + no switchport + ip address 172.16.1.7/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.1.8/32 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.1.7/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.112/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.1/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.1/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,50,70 vni 10010,10050,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 2.2.1.7/32 + seq 20 permit 1.1.1.7/32 + seq 30 permit 1.1.1.8/32 +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65178 + router-id 1.1.1.8 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65100 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65100 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65178 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.1.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.204 peer group LOCAL-EVPN-PEERS + neighbor 172.16.1.2 peer group REMOTE-IPV4-PEERS + neighbor 172.16.1.6 peer group REMOTE-IPV4-PEERS + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + neighbor 192.168.0.14 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.30 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.46 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.62 peer group LOCAL-IPV4-PEERS + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 10 + rd evpn domain all 1.1.1.8:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 50 + rd evpn domain all 1.1.1.8:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 70 + rd evpn domain all 1.1.1.8:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 1:1 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor MLAG-IPV4-PEER activate + neighbor REMOTE-IPV4-PEERS activate + ! + vrf DEV + rd 1.1.1.8:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate + ! + vrf PROD + rd 1.1.1.8:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-SPINE1.cfg b/tech-library/data_center/evpnvxlan/configs/A-SPINE1.cfg new file mode 100644 index 00000000..7a131084 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-SPINE1.cfg @@ -0,0 +1,191 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-SPINE1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description A-LEAF1 + no switchport + ip address 192.168.0.0/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + description A-LEAF2 + no switchport + ip address 192.168.0.2/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + description A-LEAF3 + no switchport + ip address 192.168.0.4/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + description A-LEAF4 + no switchport + ip address 192.168.0.6/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + description A-LEAF5 + no switchport + ip address 192.168.0.8/31 + pim ipv4 sparse-mode +! +interface Ethernet6 + description A-LEAF6 + no switchport + ip address 192.168.0.10/31 + pim ipv4 sparse-mode +! +interface Ethernet7 + description A-LEAF7 + no switchport + ip address 192.168.0.12/31 + pim ipv4 sparse-mode +! +interface Ethernet8 + description A-LEAF8 + no switchport + ip address 192.168.0.14/31 + pim ipv4 sparse-mode +! +interface Loopback0 + ip address 1.1.1.201/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.101/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +router bgp 65100 + router-id 1.1.1.201 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor 1.1.1.1 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.1 remote-as 65112 + neighbor 1.1.1.1 description A-LEAF1.EVPN + neighbor 1.1.1.2 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.2 remote-as 65112 + neighbor 1.1.1.2 description A-LEAF2.EVPN + neighbor 1.1.1.3 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.3 remote-as 65134 + neighbor 1.1.1.3 description A-LEAF3.EVPN + neighbor 1.1.1.4 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.4 remote-as 65134 + neighbor 1.1.1.4 description A-LEAF4.EVPN + neighbor 1.1.1.5 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.5 remote-as 65156 + neighbor 1.1.1.5 description A-LEAF5.EVPN + neighbor 1.1.1.6 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.6 remote-as 65156 + neighbor 1.1.1.6 description A-LEAF6.EVPN + neighbor 1.1.1.7 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.7 remote-as 65178 + neighbor 1.1.1.7 description A-LEAF7.EVPN + neighbor 1.1.1.8 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.8 remote-as 65178 + neighbor 1.1.1.8 description A-LEAF8.EVPN + neighbor 192.168.0.1 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.1 remote-as 65112 + neighbor 192.168.0.1 description A-LEAF1.IPV4 + neighbor 192.168.0.3 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.3 remote-as 65112 + neighbor 192.168.0.3 description A-LEAF2.IPV4 + neighbor 192.168.0.5 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.5 remote-as 65134 + neighbor 192.168.0.5 description A-LEAF3.IPV4 + neighbor 192.168.0.7 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.7 remote-as 65134 + neighbor 192.168.0.7 description A-LEAF4.IPV4 + neighbor 192.168.0.9 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.9 remote-as 65156 + neighbor 192.168.0.9 description A-LEAF5.IPV4 + neighbor 192.168.0.11 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.11 remote-as 65156 + neighbor 192.168.0.11 description A-LEAF6.IPV4 + neighbor 192.168.0.13 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.13 remote-as 65178 + neighbor 192.168.0.13 description A-LEAF7.IPV4 + neighbor 192.168.0.15 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.15 remote-as 65178 + neighbor 192.168.0.15 description A-LEAF8.IPV4 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-SPINE2.cfg b/tech-library/data_center/evpnvxlan/configs/A-SPINE2.cfg new file mode 100644 index 00000000..06deb0e4 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-SPINE2.cfg @@ -0,0 +1,191 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-SPINE2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description A-LEAF1 + no switchport + ip address 192.168.0.16/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + description A-LEAF2 + no switchport + ip address 192.168.0.18/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + description A-LEAF3 + no switchport + ip address 192.168.0.20/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + description A-LEAF4 + no switchport + ip address 192.168.0.22/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + description A-LEAF5 + no switchport + ip address 192.168.0.24/31 + pim ipv4 sparse-mode +! +interface Ethernet6 + description A-LEAF6 + no switchport + ip address 192.168.0.26/31 + pim ipv4 sparse-mode +! +interface Ethernet7 + description A-LEAF7 + no switchport + ip address 192.168.0.28/31 + pim ipv4 sparse-mode +! +interface Ethernet8 + description A-LEAF8 + no switchport + ip address 192.168.0.30/31 + pim ipv4 sparse-mode +! +interface Loopback0 + ip address 1.1.1.202/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.102/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +router bgp 65100 + router-id 1.1.1.202 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor 1.1.1.1 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.1 remote-as 65112 + neighbor 1.1.1.1 description A-LEAF1.EVPN + neighbor 1.1.1.2 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.2 remote-as 65112 + neighbor 1.1.1.2 description A-LEAF2.EVPN + neighbor 1.1.1.3 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.3 remote-as 65134 + neighbor 1.1.1.3 description A-LEAF3.EVPN + neighbor 1.1.1.4 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.4 remote-as 65134 + neighbor 1.1.1.4 description A-LEAF4.EVPN + neighbor 1.1.1.5 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.5 remote-as 65156 + neighbor 1.1.1.5 description A-LEAF5.EVPN + neighbor 1.1.1.6 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.6 remote-as 65156 + neighbor 1.1.1.6 description A-LEAF6.EVPN + neighbor 1.1.1.7 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.7 remote-as 65178 + neighbor 1.1.1.7 description A-LEAF7.EVPN + neighbor 1.1.1.8 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.8 remote-as 65178 + neighbor 1.1.1.8 description A-LEAF8.EVPN + neighbor 192.168.0.17 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.17 remote-as 65112 + neighbor 192.168.0.17 description A-LEAF1.IPV4 + neighbor 192.168.0.19 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.19 remote-as 65112 + neighbor 192.168.0.19 description A-LEAF2.IPV4 + neighbor 192.168.0.21 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.21 remote-as 65134 + neighbor 192.168.0.21 description A-LEAF3.IPV4 + neighbor 192.168.0.23 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.23 remote-as 65134 + neighbor 192.168.0.23 description A-LEAF4.IPV4 + neighbor 192.168.0.25 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.25 remote-as 65156 + neighbor 192.168.0.25 description A-LEAF5.IPV4 + neighbor 192.168.0.27 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.27 remote-as 65156 + neighbor 192.168.0.27 description A-LEAF6.IPV4 + neighbor 192.168.0.29 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.29 remote-as 65178 + neighbor 192.168.0.29 description A-LEAF7.IPV4 + neighbor 192.168.0.31 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.31 remote-as 65178 + neighbor 192.168.0.31 description A-LEAF8.IPV4 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-SPINE3.cfg b/tech-library/data_center/evpnvxlan/configs/A-SPINE3.cfg new file mode 100644 index 00000000..50e02ef8 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-SPINE3.cfg @@ -0,0 +1,191 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-SPINE3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description A-LEAF1 + no switchport + ip address 192.168.0.32/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + description A-LEAF2 + no switchport + ip address 192.168.0.34/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + description A-LEAF3 + no switchport + ip address 192.168.0.36/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + description A-LEAF4 + no switchport + ip address 192.168.0.38/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + description A-LEAF5 + no switchport + ip address 192.168.0.40/31 + pim ipv4 sparse-mode +! +interface Ethernet6 + description A-LEAF6 + no switchport + ip address 192.168.0.42/31 + pim ipv4 sparse-mode +! +interface Ethernet7 + description A-LEAF7 + no switchport + ip address 192.168.0.44/31 + pim ipv4 sparse-mode +! +interface Ethernet8 + description A-LEAF8 + no switchport + ip address 192.168.0.46/31 + pim ipv4 sparse-mode +! +interface Loopback0 + ip address 1.1.1.203/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.103/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +router bgp 65100 + router-id 1.1.1.203 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor 1.1.1.1 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.1 remote-as 65112 + neighbor 1.1.1.1 description A-LEAF1.EVPN + neighbor 1.1.1.2 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.2 remote-as 65112 + neighbor 1.1.1.2 description A-LEAF2.EVPN + neighbor 1.1.1.3 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.3 remote-as 65134 + neighbor 1.1.1.3 description A-LEAF3.EVPN + neighbor 1.1.1.4 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.4 remote-as 65134 + neighbor 1.1.1.4 description A-LEAF4.EVPN + neighbor 1.1.1.5 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.5 remote-as 65156 + neighbor 1.1.1.5 description A-LEAF5.EVPN + neighbor 1.1.1.6 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.6 remote-as 65156 + neighbor 1.1.1.6 description A-LEAF6.EVPN + neighbor 1.1.1.7 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.7 remote-as 65178 + neighbor 1.1.1.7 description A-LEAF7.EVPN + neighbor 1.1.1.8 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.8 remote-as 65178 + neighbor 1.1.1.8 description A-LEAF8.EVPN + neighbor 192.168.0.33 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.33 remote-as 65112 + neighbor 192.168.0.33 description A-LEAF1.IPV4 + neighbor 192.168.0.35 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.35 remote-as 65112 + neighbor 192.168.0.35 description A-LEAF2.IPV4 + neighbor 192.168.0.37 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.37 remote-as 65134 + neighbor 192.168.0.37 description A-LEAF3.IPV4 + neighbor 192.168.0.39 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.39 remote-as 65134 + neighbor 192.168.0.39 description A-LEAF4.IPV4 + neighbor 192.168.0.41 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.41 remote-as 65156 + neighbor 192.168.0.41 description A-LEAF5.IPV4 + neighbor 192.168.0.43 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.43 remote-as 65156 + neighbor 192.168.0.43 description A-LEAF6.IPV4 + neighbor 192.168.0.45 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.45 remote-as 65178 + neighbor 192.168.0.45 description A-LEAF7.IPV4 + neighbor 192.168.0.47 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.47 remote-as 65178 + neighbor 192.168.0.47 description A-LEAF8.IPV4 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/A-SPINE4.cfg b/tech-library/data_center/evpnvxlan/configs/A-SPINE4.cfg new file mode 100644 index 00000000..8791fae4 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/A-SPINE4.cfg @@ -0,0 +1,191 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname A-SPINE4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description A-LEAF1 + no switchport + ip address 192.168.0.48/31 + pim ipv4 sparse-mode +! +interface Ethernet2 + description A-LEAF2 + no switchport + ip address 192.168.0.50/31 + pim ipv4 sparse-mode +! +interface Ethernet3 + description A-LEAF3 + no switchport + ip address 192.168.0.52/31 + pim ipv4 sparse-mode +! +interface Ethernet4 + description A-LEAF4 + no switchport + ip address 192.168.0.54/31 + pim ipv4 sparse-mode +! +interface Ethernet5 + description A-LEAF5 + no switchport + ip address 192.168.0.56/31 + pim ipv4 sparse-mode +! +interface Ethernet6 + description A-LEAF6 + no switchport + ip address 192.168.0.58/31 + pim ipv4 sparse-mode +! +interface Ethernet7 + description A-LEAF7 + no switchport + ip address 192.168.0.60/31 + pim ipv4 sparse-mode +! +interface Ethernet8 + description A-LEAF8 + no switchport + ip address 192.168.0.62/31 + pim ipv4 sparse-mode +! +interface Loopback0 + ip address 1.1.1.204/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.104/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-P2P-UNDERLAY + seq 10 permit 192.168.0.0/24 le 31 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP permit 20 + match ip address prefix-list PL-P2P-UNDERLAY +! +router bgp 65100 + router-id 1.1.1.204 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor 1.1.1.1 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.1 remote-as 65112 + neighbor 1.1.1.1 description A-LEAF1.EVPN + neighbor 1.1.1.2 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.2 remote-as 65112 + neighbor 1.1.1.2 description A-LEAF2.EVPN + neighbor 1.1.1.3 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.3 remote-as 65134 + neighbor 1.1.1.3 description A-LEAF3.EVPN + neighbor 1.1.1.4 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.4 remote-as 65134 + neighbor 1.1.1.4 description A-LEAF4.EVPN + neighbor 1.1.1.5 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.5 remote-as 65156 + neighbor 1.1.1.5 description A-LEAF5.EVPN + neighbor 1.1.1.6 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.6 remote-as 65156 + neighbor 1.1.1.6 description A-LEAF6.EVPN + neighbor 1.1.1.7 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.7 remote-as 65178 + neighbor 1.1.1.7 description A-LEAF7.EVPN + neighbor 1.1.1.8 peer group LOCAL-EVPN-PEERS + neighbor 1.1.1.8 remote-as 65178 + neighbor 1.1.1.8 description A-LEAF8.EVPN + neighbor 192.168.0.49 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.49 remote-as 65112 + neighbor 192.168.0.49 description A-LEAF1.IPV4 + neighbor 192.168.0.51 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.51 remote-as 65112 + neighbor 192.168.0.51 description A-LEAF2.IPV4 + neighbor 192.168.0.53 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.53 remote-as 65134 + neighbor 192.168.0.53 description A-LEAF3.IPV4 + neighbor 192.168.0.55 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.55 remote-as 65134 + neighbor 192.168.0.55 description A-LEAF4.IPV4 + neighbor 192.168.0.57 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.57 remote-as 65156 + neighbor 192.168.0.57 description A-LEAF5.IPV4 + neighbor 192.168.0.59 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.59 remote-as 65156 + neighbor 192.168.0.59 description A-LEAF6.IPV4 + neighbor 192.168.0.61 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.61 remote-as 65178 + neighbor 192.168.0.61 description A-LEAF7.IPV4 + neighbor 192.168.0.63 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.63 remote-as 65178 + neighbor 192.168.0.63 description A-LEAF8.IPV4 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF1.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF1.cfg new file mode 100644 index 00000000..b82a7821 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF1.cfg @@ -0,0 +1,234 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 40 + name Purple +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostG + switchport access vlan 20 + ! + evpn ethernet-segment + identifier 0000:000b:0001:0002:0007 + route-target import 0b:01:02:00:00:07 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Port-Channel8 + description HostH + switchport access vlan 40 + ! + evpn ethernet-segment + identifier 0000:000b:0001:0002:0008 + route-target import 0b:01:02:00:00:08 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.1/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.1/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.21/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.118/24 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.20.20.1/24 + ipv6 address virtual 2001:db8:20:20::1/64 +! +interface Vlan40 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.40.40.1/24 + ipv6 address virtual 2001:db8:40:40::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 20,40 vni 10020,10040 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.1 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 20 + rd 1.1.2.1:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 40 + rd 1.1.2.1:10040 + route-target both 10040:10040 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf PROD + rd 1.1.2.1:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0001.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF2.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF2.cfg new file mode 100644 index 00000000..3daffab9 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF2.cfg @@ -0,0 +1,234 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 40 + name Purple +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostG + switchport access vlan 20 + ! + evpn ethernet-segment + identifier 0000:000b:0001:0002:0007 + route-target import 0b:01:02:00:00:07 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Port-Channel8 + description HostH + switchport access vlan 40 + ! + evpn ethernet-segment + identifier 0000:000b:0001:0002:0008 + route-target import 0b:01:02:00:00:08 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.2/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.2/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.22/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.119/24 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.20.20.1/24 + ipv6 address virtual 2001:db8:20:20::1/64 +! +interface Vlan40 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.40.40.1/24 + ipv6 address virtual 2001:db8:40:40::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 20,40 vni 10020,10040 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.2 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 20 + rd 1.1.2.2:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 40 + rd 1.1.2.2:10040 + route-target both 10040:10040 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf PROD + rd 1.1.2.2:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0002.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF3.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF3.cfg new file mode 100644 index 00000000..3a4186bb --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF3.cfg @@ -0,0 +1,248 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 60 + name Red +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostJ + switchport access vlan 10 + ! + evpn ethernet-segment + identifier 0000:000b:0003:0004:0008 + route-target import 0b:03:03:00:00:08 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + description HostI + switchport access vlan 60 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.3/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.3/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.23/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.120/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 + ipv6 address virtual 2001:db8:60:60::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,60,70 vni 10010,10060,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.3 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 10 + rd 1.1.2.3:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 60 + rd 1.1.2.3:10060 + route-target both 10060:10060 + redistribute learned + ! + vlan 70 + rd 1.1.2.3:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf DEV + rd 1.1.2.3:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + redistribute connected + ! + vrf PROD + rd 1.1.2.3:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0003.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF4.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF4.cfg new file mode 100644 index 00000000..f4ff41f3 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF4.cfg @@ -0,0 +1,248 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 60 + name Red +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostJ + switchport access vlan 10 + ! + evpn ethernet-segment + identifier 0000:000b:0003:0004:0008 + route-target import 0b:03:03:00:00:08 + lacp system-id c0d6.8200.0000 + spanning-tree portfast + link tracking group ES-LINKS downstream +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + description HostK + switchport access vlan 70 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.4/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.4/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.24/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.121/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 + ipv6 address virtual 2001:db8:60:60::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,60,70 vni 10010,10060,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.4 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 10 + rd 1.1.2.4:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 60 + rd 1.1.2.4:10060 + route-target both 10060:10060 + redistribute learned + ! + vlan 70 + rd 1.1.2.4:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf DEV + rd 1.1.2.4:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + redistribute connected + ! + vrf PROD + rd 1.1.2.4:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0004.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF5.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF5.cfg new file mode 100644 index 00000000..2e6e80d5 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF5.cfg @@ -0,0 +1,229 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF5 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 40 + name Purple +! +vlan 80 + name Black +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + description B-SW1 + switchport trunk allowed vlan 40,80 + switchport mode trunk + ! + evpn ethernet-segment + identifier 0000:000b:0005:0006:0007 + redundancy single-active + designated-forwarder election algorithm preference 2000 + route-target import 0b:05:06:00:00:07 + spanning-tree portfast + spanning-tree bpduguard disable + link tracking group ES-LINKS downstream +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.5/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.5/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.25/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.122/24 +! +interface Vlan40 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.40.40.1/24 + ipv6 address virtual 2001:db8:40:40::1/64 +! +interface Vlan80 + mtu 9014 + vrf DEV + ip address virtual 10.80.80.1/24 + ipv6 address virtual 2001:db8:80:80::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 40,80 vni 10040,10080 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.5 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 40 + rd 1.1.2.5:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 80 + rd 1.1.2.5:10080 + route-target both 10080:10080 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf DEV + rd 1.1.2.5:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + redistribute connected + ! + vrf PROD + rd 1.1.2.5:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0005.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF6.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF6.cfg new file mode 100644 index 00000000..39e93a93 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF6.cfg @@ -0,0 +1,229 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +link tracking group ES-LINKS + recovery delay 300 +! +hostname B-LEAF6 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +spanning-tree edge-port bpduguard default +spanning-tree root super +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 40 + name Purple +! +vlan 80 + name Black +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point + link tracking group ES-LINKS upstream +! +interface Ethernet7 + description B-SW1 + switchport trunk allowed vlan 40,80 + switchport mode trunk + ! + evpn ethernet-segment + identifier 0000:000b:0005:0006:0007 + redundancy single-active + designated-forwarder election algorithm preference 1000 + route-target import 0b:05:06:00:00:07 + spanning-tree portfast + spanning-tree bpduguard disable + link tracking group ES-LINKS downstream +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.6/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.6/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback101 + vrf PROD + ip address 10.101.101.26/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.123/24 +! +interface Vlan40 + mtu 9014 + vrf PROD + ip igmp + pim ipv4 local-interface Loopback101 + ip address virtual 10.40.40.1/24 + ipv6 address virtual 2001:db8:40:40::1/64 +! +interface Vlan80 + mtu 9014 + vrf DEV + ip address virtual 10.80.80.1/24 + ipv6 address virtual 2001:db8:80:80::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 40,80 vni 10040,10080 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 + vxlan vrf PROD multicast group 232.1.1.1 + vxlan vrf PROD multicast group overlay 239.0.20.101 encap 232.1.1.20 immediate +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.6 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + ! + vlan 40 + rd 1.1.2.6:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 80 + rd 1.1.2.6:10080 + route-target both 10080:10080 + redistribute learned + ! + address-family evpn + route export ethernet-segment ip mass-withdraw + route import ethernet-segment ip mass-withdraw + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + layer-2 fec in-place update + ! + vrf DEV + rd 1.1.2.6:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + redistribute connected + ! + vrf PROD + rd 1.1.2.6:50001 + evpn multicast + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + redistribute connected +! +router isis 100 + net 49.1111.0000.0000.0006.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe + ! + vrf PROD + ipv4 + routing +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF7.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF7.cfg new file mode 100644 index 00000000..58d2d2e6 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF7.cfg @@ -0,0 +1,327 @@ +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-LEAF7 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 ## remove me +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 20 + name Green +! +vlan 60 + name Red +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 +! +interface Ethernet6 +! +interface Ethernet7 + no switchport + ip address 172.16.2.1/31 +! +interface Ethernet8 + no switchport + ip address 172.16.2.5/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.7/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.7/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.124/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip address virtual 10.20.20.1/24 + ipv6 address virtual 2001:db8:20:20::1/64 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 + ipv6 address virtual 2001:db8:60:60::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,20,60,70 vni 10010,10020,10060,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 1.1.2.7/32 + seq 20 permit 1.1.2.8/32 + seq 30 permit 2.2.2.7/32 + seq 40 permit 2.2.2.8/32 +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.7 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS route-reflector-client + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + neighbor 172.16.2.0 peer group REMOTE-IPV4-PEERS + neighbor 172.16.2.4 peer group REMOTE-IPV4-PEERS + ! + vlan 10 + rd evpn domain all 1.1.2.7:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 20 + rd evpn domain all 1.1.2.7:10020 + route-target import export evpn domain all 10020:10020 + ! + vlan 60 + rd evpn domain all 1.1.2.7:10060 + route-target import export evpn domain all 10060:10060 + ! + vlan 70 + rd evpn domain all 1.1.2.7:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor LOCAL-EVPN-PEERS rcf in AS65200_IN_EVPN() + neighbor LOCAL-EVPN-PEERS rcf out AS65200_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS rcf in AS65000_IN_EVPN() + neighbor REMOTE-EVPN-PEERS rcf out AS65000_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 2:2 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + layer-2 fec in-place update + ! + evpn ethernet-segment domain all + identifier 0000:bbbb:0007:0008:0000 + designated-forwarder election algorithm preference 2000 + route-target import 00:bb:bb:07:08:00 + ! + address-family ipv4 + neighbor REMOTE-IPV4-PEERS activate + neighbor REMOTE-IPV4-PEERS rcf out AS65000_OUT_IPV4() + redistribute connected + ! + vrf DEV + rd 1.1.2.7:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + ! + vrf PROD + rd 1.1.2.7:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 +! +router general + control-functions + code + #################################### + #################################### + # Reusable functions # + #################################### + #################################### + function PREFIX_ROUTE() { + return evpn.route_type is EVPN_IP_PREFIX; + } + function IMET_ROUTE() { + return evpn.route_type is EVPN_IMET; + } + function FROM_GW_PEER() { + return community has_any {2:2}; + } + function GW_LOOPBACK() { + return prefix match prefix_list_v4 PL-GATEWAY-LOOP; + } + ############################################ + ############################################ + # IPv4 Unicast Address Family Functions # + ############################################ + ############################################ + function AS65000_OUT_IPV4() { #(1)! + if GW_LOOPBACK(){ + return true; + } + return false; + } + #################################### + #################################### + # EVPN Address Family Functions # + #################################### + #################################### + function AS65000_OUT_EVPN() { #(2)! + if IMET_ROUTE() or PREFIX_ROUTE(){ + community add {2:2}; + } + return true; + } + # + # + function AS65000_IN_EVPN() { #(3)! + if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() { + return false; + } + return true; + } + # + # + function AS65200_OUT_EVPN() { #(4)! + if PREFIX_ROUTE(){ + community add {2:2}; + } + return true; + } + # + # + function AS65200_IN_EVPN() { #(5)! + if PREFIX_ROUTE() and FROM_GW_PEER() { + return false; + } + return true; + } + # + EOF +! +router isis 100 + net 49.1111.0000.0000.0007.00 + is-type level-2 + ! + address-family ipv4 unicast +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-LEAF8.cfg b/tech-library/data_center/evpnvxlan/configs/B-LEAF8.cfg new file mode 100644 index 00000000..2a854d6b --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-LEAF8.cfg @@ -0,0 +1,328 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-LEAF8 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 20 + name Green +! +vlan 60 + name Red +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-SPINE1 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-SPINE2 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-SPINE3 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-SPINE4 + no switchport + ip address unnumbered Loopback0 + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 +! +interface Ethernet6 +! +interface Ethernet7 + no switchport + ip address 172.16.2.3/31 +! +interface Ethernet8 + no switchport + ip address 172.16.2.7/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.8/32 + isis enable 100 + isis circuit-type level-2 +! +interface Loopback1 + description VTEP IP + ip address 2.2.2.8/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.125/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip address virtual 10.20.20.1/24 + ipv6 address virtual 2001:db8:20:20::1/64 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 + ipv6 address virtual 2001:db8:60:60::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,20,60,70 vni 10010,10020,10060,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 1.1.2.7/32 + seq 20 permit 1.1.2.8/32 + seq 30 permit 2.2.2.7/32 + seq 40 permit 2.2.2.8/32 +! +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.8 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65200 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS route-reflector-client + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.2.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.2.204 peer group LOCAL-EVPN-PEERS + neighbor 172.16.2.2 peer group REMOTE-IPV4-PEERS + neighbor 172.16.2.6 peer group REMOTE-IPV4-PEERS + ! + vlan 10 + rd evpn domain all 1.1.2.8:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 20 + rd evpn domain all 1.1.2.8:10020 + route-target import export evpn domain all 10020:10020 + ! + vlan 60 + rd evpn domain all 1.1.2.8:10060 + route-target import export evpn domain all 10060:10060 + ! + vlan 70 + rd evpn domain all 1.1.2.8:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor LOCAL-EVPN-PEERS rcf in AS65200_IN_EVPN() + neighbor LOCAL-EVPN-PEERS rcf out AS65200_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS rcf in AS65000_IN_EVPN() + neighbor REMOTE-EVPN-PEERS rcf out AS65000_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 2:2 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + layer-2 fec in-place update + ! + evpn ethernet-segment domain all + identifier 0000:bbbb:0007:0008:0000 + designated-forwarder election algorithm preference 1000 + route-target import 00:bb:bb:07:08:00 + ! + address-family ipv4 + neighbor REMOTE-IPV4-PEERS activate + neighbor REMOTE-IPV4-PEERS rcf out AS65000_OUT_IPV4() + redistribute connected + ! + vrf DEV + rd 1.1.2.8:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + ! + vrf PROD + rd 1.1.2.8:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 +! +router general + control-functions + code + #################################### + #################################### + # Reusable functions # + #################################### + #################################### + function PREFIX_ROUTE() { + return evpn.route_type is EVPN_IP_PREFIX; + } + function IMET_ROUTE() { + return evpn.route_type is EVPN_IMET; + } + function FROM_GW_PEER() { + return community has_any {2:2}; + } + function GW_LOOPBACK() { + return prefix match prefix_list_v4 PL-GATEWAY-LOOP; + } + ############################################ + ############################################ + # IPv4 Unicast Address Family Functions # + ############################################ + ############################################ + function AS65000_OUT_IPV4() { #(1)! + if GW_LOOPBACK(){ + return true; + } + return false; + } + #################################### + #################################### + # EVPN Address Family Functions # + #################################### + #################################### + function AS65000_OUT_EVPN() { #(2)! + if IMET_ROUTE() or PREFIX_ROUTE(){ + community add {2:2}; + } + return true; + } + # + # + function AS65000_IN_EVPN() { #(3)! + if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() { + return false; + } + return true; + } + # + # + function AS65200_OUT_EVPN() { #(4)! + if PREFIX_ROUTE(){ + community add {2:2}; + } + return true; + } + # + # + function AS65200_IN_EVPN() { #(5)! + if PREFIX_ROUTE() and FROM_GW_PEER() { + return false; + } + return true; + } + # + EOF +! +router isis 100 + net 49.1111.0000.0000.0008.00 + is-type level-2 + ! + address-family ipv4 unicast +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-SPINE1.cfg b/tech-library/data_center/evpnvxlan/configs/B-SPINE1.cfg new file mode 100644 index 00000000..ead1d6a6 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-SPINE1.cfg @@ -0,0 +1,158 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-SPINE1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-LEAF1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-LEAF2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-LEAF3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-LEAF4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 + description B-LEAF5 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet6 + description B-LEAF6 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet7 + description B-LEAF7 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet8 + description B-LEAF8 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.201/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.114/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.201 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.2.205 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.2.0/24 peer-group LOCAL-EVPN-PEERS remote-as 65200 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router isis 100 + net 49.1111.0000.0000.0201.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-SPINE2.cfg b/tech-library/data_center/evpnvxlan/configs/B-SPINE2.cfg new file mode 100644 index 00000000..232b3910 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-SPINE2.cfg @@ -0,0 +1,158 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-SPINE2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-LEAF1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-LEAF2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-LEAF3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-LEAF4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 + description B-LEAF5 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet6 + description B-LEAF6 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet7 + description B-LEAF7 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet8 + description B-LEAF8 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.202/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.115/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.202 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.2.205 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.2.0/24 peer-group LOCAL-EVPN-PEERS remote-as 65200 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router isis 100 + net 49.1111.0000.0000.0202.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-SPINE3.cfg b/tech-library/data_center/evpnvxlan/configs/B-SPINE3.cfg new file mode 100644 index 00000000..a7ad4d77 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-SPINE3.cfg @@ -0,0 +1,158 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-SPINE3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-LEAF1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-LEAF2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-LEAF3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-LEAF4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 + description B-LEAF5 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet6 + description B-LEAF6 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet7 + description B-LEAF7 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet8 + description B-LEAF8 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.203/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.116/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.203 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.2.205 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.2.0/24 peer-group LOCAL-EVPN-PEERS remote-as 65200 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router isis 100 + net 49.1111.0000.0000.0203.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-SPINE4.cfg b/tech-library/data_center/evpnvxlan/configs/B-SPINE4.cfg new file mode 100644 index 00000000..04af0db5 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-SPINE4.cfg @@ -0,0 +1,158 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-SPINE4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description B-LEAF1 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet2 + description B-LEAF2 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet3 + description B-LEAF3 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet4 + description B-LEAF4 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet5 + description B-LEAF5 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet6 + description B-LEAF6 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet7 + description B-LEAF7 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Ethernet8 + description B-LEAF8 + no switchport + ip address unnumbered Loopback0 + pim ipv4 sparse-mode + isis enable 100 + isis circuit-type level-2 + isis network point-to-point +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.2.204/32 + isis enable 100 + isis circuit-type level-2 +! +interface Management0 + vrf MGMT + ip address 172.100.100.117/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65200 + router-id 1.1.2.204 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.2.205 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.2.0/24 peer-group LOCAL-EVPN-PEERS remote-as 65200 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS route-reflector-client + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router isis 100 + net 49.1111.0000.0000.0204.00 + is-type level-2 + ! + address-family ipv4 unicast +! +router multicast + ipv4 + routing + software-forwarding sfe +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/B-SW1.cfg b/tech-library/data_center/evpnvxlan/configs/B-SW1.cfg new file mode 100644 index 00000000..68446186 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/B-SW1.cfg @@ -0,0 +1,67 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname B-SW1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 40 + name Purple +! +vlan 80 + name Black +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + switchport mode trunk +! +interface Ethernet2 + switchport mode trunk +! +interface Ethernet3 + description HostL + switchport access vlan 40 + spanning-tree portfast +! +interface Ethernet4 + description HostM + switchport access vlan 80 + spanning-tree portfast +! +interface Management0 + vrf MGMT + ip address 172.100.100.139/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/BB1.cfg b/tech-library/data_center/evpnvxlan/configs/BB1.cfg new file mode 100644 index 00000000..9ccacf58 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/BB1.cfg @@ -0,0 +1,124 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname BB1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + mtu 9214 + no switchport + ip address 172.16.1.0/31 +! +interface Ethernet2 + mtu 9214 + no switchport + ip address 172.16.1.2/31 +! +interface Ethernet3 + mtu 9214 + no switchport + ip address 172.16.2.0/31 +! +interface Ethernet4 + mtu 9214 + no switchport + ip address 172.16.2.2/31 +! +interface Ethernet5 + mtu 9214 + no switchport + ip address 172.16.3.0/31 +! +interface Ethernet6 + mtu 9214 + no switchport + ip address 172.16.3.2/31 +! +interface Ethernet7 + mtu 9214 + no switchport + ip address 172.16.4.0/31 +! +interface Ethernet8 + mtu 9214 + no switchport + ip address 172.16.4.2/31 +! +interface Ethernet9 + mtu 9214 + no switchport + ip address 172.16.255.0/31 +! +interface Loopback0 + ip address 1.1.0.1/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.138/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +peer-filter DC-ASN-RANGE + 10 match as-range 65100-65499 result accept +! +router bgp 65000 + router-id 1.1.0.1 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.0.0 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group EVPN-GW-PEERS remote-as 65000 + bgp listen range 172.16.0.0/16 peer-group IP-TRANSPORT-CLIENTS peer-filter DC-ASN-RANGE + neighbor default send-community + neighbor EVPN-GW-PEERS peer group + neighbor EVPN-GW-PEERS next-hop-unchanged + neighbor EVPN-GW-PEERS update-source Loopback0 + neighbor EVPN-GW-PEERS ebgp-multihop 5 + neighbor EVPN-GW-PEERS route-reflector-client + neighbor EVPN-GW-PEERS password 7 hBArOS+tjuUeTz8PN9pwMA== + neighbor IP-TRANSPORT-CLIENTS peer group + neighbor IP-TRANSPORT-CLIENTS route-reflector-client + neighbor IP-TRANSPORT-CLIENTS password 7 uJNz72DuFXan+gkG/U30PQ== + ! + address-family evpn + neighbor EVPN-GW-PEERS activate + ! + address-family ipv4 + neighbor IP-TRANSPORT-CLIENTS activate + network 1.1.0.1/32 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/BB2.cfg b/tech-library/data_center/evpnvxlan/configs/BB2.cfg new file mode 100644 index 00000000..ab1ffb8b --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/BB2.cfg @@ -0,0 +1,124 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname BB2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + mtu 9214 + no switchport + ip address 172.16.1.4/31 +! +interface Ethernet2 + mtu 9214 + no switchport + ip address 172.16.1.6/31 +! +interface Ethernet3 + mtu 9214 + no switchport + ip address 172.16.2.4/31 +! +interface Ethernet4 + mtu 9214 + no switchport + ip address 172.16.2.6/31 +! +interface Ethernet5 + mtu 9214 + no switchport + ip address 172.16.3.4/31 +! +interface Ethernet6 + mtu 9214 + no switchport + ip address 172.16.3.6/31 +! +interface Ethernet7 + mtu 9214 + no switchport + ip address 172.16.4.4/31 +! +interface Ethernet8 + mtu 9214 + no switchport + ip address 172.16.4.6/31 +! +interface Ethernet9 + mtu 9214 + no switchport + ip address 172.16.255.1/31 +! +interface Loopback0 + ip address 1.1.0.2/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.126/24 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +peer-filter DC-ASN-RANGE + 10 match as-range 65100-65499 result accept +! +router bgp 65000 + router-id 1.1.0.2 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + bgp cluster-id 1.1.0.0 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group EVPN-GW-PEERS remote-as 65000 + bgp listen range 172.16.0.0/16 peer-group IP-TRANSPORT-CLIENTS peer-filter DC-ASN-RANGE + neighbor default send-community + neighbor EVPN-GW-PEERS peer group + neighbor EVPN-GW-PEERS next-hop-unchanged + neighbor EVPN-GW-PEERS update-source Loopback0 + neighbor EVPN-GW-PEERS ebgp-multihop 5 + neighbor EVPN-GW-PEERS route-reflector-client + neighbor EVPN-GW-PEERS password 7 hBArOS+tjuUeTz8PN9pwMA== + neighbor IP-TRANSPORT-CLIENTS peer group + neighbor IP-TRANSPORT-CLIENTS route-reflector-client + neighbor IP-TRANSPORT-CLIENTS password 7 uJNz72DuFXan+gkG/U30PQ== + ! + address-family evpn + neighbor EVPN-GW-PEERS activate + ! + address-family ipv4 + neighbor IP-TRANSPORT-CLIENTS activate + network 1.1.0.2/32 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF1.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF1.cfg new file mode 100644 index 00000000..50eeec52 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF1.cfg @@ -0,0 +1,160 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF1 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostN + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.1/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.17/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.1/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.1/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.129/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65312 + router-id 1.1.3.1 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 10 + rd 1.1.3.1:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.1 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF2.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF2.cfg new file mode 100644 index 00000000..d18401cb --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF2.cfg @@ -0,0 +1,160 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF2 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostN + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.3/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.19/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.2/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.1/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.130/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10 vni 10010 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65312 + router-id 1.1.3.2 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 10 + rd 1.1.3.2:10010 + route-target both 10010:10010 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.2 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF3.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF3.cfg new file mode 100644 index 00000000..aeef63f2 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF3.cfg @@ -0,0 +1,181 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF3 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 50 + name Yellow +! +vlan 60 + name Red +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostP + switchport access vlan 60 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.5/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.21/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostO + switchport access vlan 20 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.3/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.3/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.131/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 20,50,60 vni 10020,10050,10060 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65334 + router-id 1.1.3.3 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 20 + rd 1.1.3.3:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 50 + rd 1.1.3.3:10050 + route-target both 10050:10050 + redistribute learned + ! + vlan 60 + rd 1.1.3.3:10060 + route-target both 10060:10060 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.3 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF4.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF4.cfg new file mode 100644 index 00000000..603cdd55 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF4.cfg @@ -0,0 +1,181 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF4 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 50 + name Yellow +! +vlan 60 + name Red +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostP + switchport access vlan 60 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.7/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.23/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostQ + switchport access vlan 50 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.4/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.3/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.132/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 20,50,60 vni 10020,10050,10060 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65334 + router-id 1.1.3.4 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 20 + rd 1.1.3.4:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 50 + rd 1.1.3.4:10050 + route-target both 10050:10050 + redistribute learned + ! + vlan 60 + rd 1.1.3.4:10060 + route-target both 10060:10060 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.4 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF5.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF5.cfg new file mode 100644 index 00000000..c2b6e522 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF5.cfg @@ -0,0 +1,177 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF5 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 60 + name Red +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostR + switchport access vlan 20 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostS + switchport access vlan 60 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.9/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.25/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.5/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.5/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.133/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 20,60 vni 10020,10060 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65356 + router-id 1.1.3.5 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 20 + rd 1.1.3.5:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 60 + rd 1.1.3.5:10060 + route-target both 10060:10060 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.5 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF6.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF6.cfg new file mode 100644 index 00000000..bb729b05 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF6.cfg @@ -0,0 +1,177 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF6 +ip name-server vrf MGMT 8.8.8.8 +! +router l2-vpn + arp learning bridged +! +spanning-tree mode mstp +no spanning-tree vlan-id 4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 20 + name Green +! +vlan 60 + name Red +! +vlan 4093-4094 + trunk group MLAG_PEER +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostR + switchport access vlan 20 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostS + switchport access vlan 60 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.11/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.27/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.6/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.5/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.134/24 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 20,60 vni 10020,10060 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +router bgp 65356 + router-id 1.1.3.6 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.201 description C-SPINE1.EVPN + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 description C-SPINE2.EVPN + ! + vlan 20 + rd 1.1.3.6:10020 + route-target both 10020:10020 + redistribute learned + ! + vlan 60 + rd 1.1.3.6:10060 + route-target both 10060:10060 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard +! +router ospf 100 + router-id 1.1.3.6 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF7.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF7.cfg new file mode 100644 index 00000000..22bd9a77 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF7.cfg @@ -0,0 +1,310 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF7 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 20 + name Green +! +vlan 50 + name Yellow +! +vlan 60 + name Red +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.13/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.29/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description BB1 + no switchport + ip address 172.16.3.1/31 +! +interface Ethernet8 + description BB2 + no switchport + ip address 172.16.3.5/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.7/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.7/32 + ip address 2.2.3.255/32 secondary + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.135/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip address virtual 10.20.20.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.0/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.0/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.0/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.1/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,20,50,60 vni 10010,10020,10050,10060 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 2.2.3.7/32 + seq 20 permit 1.1.3.7/32 + seq 30 permit 1.1.3.8/32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65378 + router-id 1.1.3.7 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65378 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 172.16.3.0 peer group REMOTE-IPV4-PEERS + neighbor 172.16.3.4 peer group REMOTE-IPV4-PEERS + ! + vlan 10 + rd evpn domain all 1.1.3.7:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 20 + rd evpn domain all 1.1.3.7:10020 + route-target import export evpn domain all 10020:10020 + ! + vlan 50 + rd evpn domain all 1.1.3.7:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 60 + rd evpn domain all 1.1.3.7:10060 + route-target import export evpn domain all 10060:10060 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 3:3 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + ! + address-family ipv4 + neighbor REMOTE-IPV4-PEERS activate + network 1.1.3.7/32 + network 1.1.3.8/32 + network 2.2.3.7/32 + ! + vrf DEV + rd 1.1.3.7:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate + ! + vrf PROD + rd 1.1.3.7:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.1 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.1 activate +! +router ospf 100 + router-id 1.1.3.7 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-LEAF8.cfg b/tech-library/data_center/evpnvxlan/configs/C-LEAF8.cfg new file mode 100644 index 00000000..b6dddcff --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-LEAF8.cfg @@ -0,0 +1,310 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-LEAF8 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 20 + name Green +! +vlan 50 + name Yellow +! +vlan 60 + name Red +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description C-SPINE1 + no switchport + ip address 192.168.0.15/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-SPINE2 + no switchport + ip address 192.168.0.31/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description BB1 + no switchport + ip address 172.16.3.3/31 +! +interface Ethernet8 + description BB2 + no switchport + ip address 172.16.3.7/31 +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.3.8/32 + ip ospf area 0.0.0.0 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.3.7/32 + ip address 2.2.3.255/32 secondary + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.136/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 +! +interface Vlan20 + mtu 9014 + vrf PROD + ip address virtual 10.20.20.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 +! +interface Vlan60 + mtu 9014 + vrf DEV + ip address virtual 10.60.60.1/24 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ip address 192.0.0.1/31 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ip address 192.0.0.1/31 +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ip address 192.0.0.1/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ip address 169.254.0.2/30 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan vlan 10,20,50,60 vni 10010,10020,10050,10060 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 2.2.3.7/32 + seq 20 permit 1.1.3.7/32 + seq 30 permit 1.1.3.8/32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 169.254.0.1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65378 + router-id 1.1.3.8 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + bgp bestpath d-path + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65300 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor MLAG-IPV4-PEER peer group + neighbor MLAG-IPV4-PEER remote-as 65378 + neighbor MLAG-IPV4-PEER next-hop-self + neighbor MLAG-IPV4-PEER route-map RM-MLAG-PEER-OUT out + neighbor MLAG-IPV4-PEER password 7 CRkxra9QRmU5k9/wECPlUA== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.3.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.3.202 peer group LOCAL-EVPN-PEERS + neighbor 172.16.3.2 peer group REMOTE-IPV4-PEERS + neighbor 172.16.3.6 peer group REMOTE-IPV4-PEERS + ! + vlan 10 + rd evpn domain all 1.1.3.8:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 20 + rd evpn domain all 1.1.3.8:10020 + route-target import export evpn domain all 10020:10020 + ! + vlan 50 + rd evpn domain all 1.1.3.8:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 60 + rd evpn domain all 1.1.3.8:10060 + route-target import export evpn domain all 10060:10060 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 3:3 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + ! + address-family ipv4 + neighbor REMOTE-IPV4-PEERS activate + network 1.1.3.7/32 + network 1.1.3.8/32 + network 2.2.3.7/32 + ! + vrf DEV + rd 1.1.3.8:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate + ! + vrf PROD + rd 1.1.3.8:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + neighbor 192.0.0.0 peer group MLAG-IPV4-PEER + redistribute connected route-map RM-CONN-2-BGP-VRFS + ! + address-family ipv4 + neighbor 192.0.0.0 activate +! +router ospf 100 + router-id 1.1.3.8 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-SPINE1.cfg b/tech-library/data_center/evpnvxlan/configs/C-SPINE1.cfg new file mode 100644 index 00000000..4b542bd1 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-SPINE1.cfg @@ -0,0 +1,136 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-SPINE1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description C-LEAF1 + no switchport + ip address 192.168.0.0/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-LEAF2 + no switchport + ip address 192.168.0.2/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet3 + description C-LEAF3 + no switchport + ip address 192.168.0.4/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet4 + description C-LEAF4 + no switchport + ip address 192.168.0.6/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + description C-LEAF5 + no switchport + ip address 192.168.0.8/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet6 + description C-LEAF6 + no switchport + ip address 192.168.0.10/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet7 + description C-LEAF7 + no switchport + ip address 192.168.0.12/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet8 + description C-LEAF8 + no switchport + ip address 192.168.0.14/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Loopback0 + ip address 1.1.3.201/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.127/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65301-65399 result accept +! +router bgp 65300 + router-id 1.1.3.201 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + bgp listen range 1.1.3.0/24 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router ospf 100 + router-id 1.1.3.201 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/C-SPINE2.cfg b/tech-library/data_center/evpnvxlan/configs/C-SPINE2.cfg new file mode 100644 index 00000000..023e8a54 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/C-SPINE2.cfg @@ -0,0 +1,136 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname C-SPINE2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description C-LEAF1 + no switchport + ip address 192.168.0.16/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet2 + description C-LEAF2 + no switchport + ip address 192.168.0.18/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet3 + description C-LEAF3 + no switchport + ip address 192.168.0.20/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet4 + description C-LEAF4 + no switchport + ip address 192.168.0.22/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet5 + description C-LEAF5 + no switchport + ip address 192.168.0.24/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet6 + description C-LEAF6 + no switchport + ip address 192.168.0.26/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet7 + description C-LEAF7 + no switchport + ip address 192.168.0.28/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Ethernet8 + description C-LEAF8 + no switchport + ip address 192.168.0.30/31 + ip ospf network point-to-point + ip ospf area 0.0.0.0 +! +interface Loopback0 + ip address 1.1.3.202/32 + ip ospf area 0.0.0.0 +! +interface Management0 + vrf MGMT + ip address 172.100.100.128/24 +! +mac address-table aging-time 1800 +! +ip routing +no ip routing vrf MGMT +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65301-65399 result accept +! +router bgp 65300 + router-id 1.1.3.202 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 2 + bgp listen range 1.1.3.0/24 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate +! +router ospf 100 + router-id 1.1.3.202 + max-lsa 12000 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF1.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF1.cfg new file mode 100644 index 00000000..5f2549f8 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF1.cfg @@ -0,0 +1,272 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 90 + name Pink +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostD1 + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostD2 + switchport access vlan 90 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.1/32 + ipv6 address 2001:db8:d:1::1/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.1/32 + ipv6 address 2001:db8:d:2::1/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.144/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan90 + mtu 9014 + vrf DEV + ip address virtual 10.90.90.1/24 + ipv6 address virtual 2001:db8:90:90::1/64 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ipv6 enable +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 10,90 vni 10010,10090 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65401 + router-id 1.1.4.1 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65401 + ! + vlan 10 + rd 1.1.4.1:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 90 + rd 1.1.4.1:10090 + route-target both 10090:10090 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.1:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.1 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65401 + ! + vrf PROD + rd 1.1.4.1:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.1 + redistribute connected + neighbor interface Vl3001 peer-group MLAG-IPV6-PEER remote-as 65401 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF2.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF2.cfg new file mode 100644 index 00000000..7b9239ae --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF2.cfg @@ -0,0 +1,287 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 90 + name Pink +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostD1 + switchport access vlan 10 + mlag 7 + spanning-tree portfast +! +interface Port-Channel8 + description HostD2 + switchport access vlan 90 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.2/32 + ipv6 address 2001:db8:d:1::2/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.1/32 + ipv6 address 2001:db8:d:2::1/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.145/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan90 + mtu 9014 + vrf DEV + ip address virtual 10.90.90.1/24 + ipv6 address virtual 2001:db8:90:90::1/64 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ipv6 enable +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::2/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 10,90 vni 10010,10090 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ip prefix-list PL-MLAG-PEER-VRFS + seq 10 permit 192.0.0.0/31 +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +route-map RM-CONN-2-BGP-VRFS deny 10 + match ip address prefix-list PL-MLAG-PEER-VRFS +! +route-map RM-CONN-2-BGP-VRFS permit 20 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65401 + router-id 1.1.4.2 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65401 + ! + vlan 10 + rd 1.1.4.2:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 90 + rd 1.1.4.2:10090 + route-target both 10090:10090 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.2:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.2 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65401 + ! + vrf PROD + rd 1.1.4.2:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.2 + redistribute connected + neighbor interface Vl3001 peer-group MLAG-IPV6-PEER remote-as 65401 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF3.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF3.cfg new file mode 100644 index 00000000..9ff0b3c6 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF3.cfg @@ -0,0 +1,287 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 90 +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostD4 + switchport access vlan 10 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostD3 + switchport access vlan 50 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.3/32 + ipv6 address 2001:db8:d:1::3/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.3/32 + ipv6 address 2001:db8:d:2::3/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.146/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 + ipv6 address virtual 2001:db8:50:50::1/64 +! +interface Vlan90 + mtu 9014 + vrf DEV + ip address virtual 10.90.90.1/24 + ipv6 address virtual 2001:db8:90:90::1/64 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ipv6 enable +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 10,50,90 vni 10010,10050,10090 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65403 + router-id 1.1.4.3 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65403 + ! + vlan 10 + rd 1.1.4.3:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 30 + rd 1.1.4.3:10030 + route-target both 10030:10030 + redistribute learned + ! + vlan 50 + rd 1.1.4.3:10050 + route-target both 10050:10050 + redistribute learned + ! + vlan 90 + rd 1.1.4.3:10090 + route-target both 10090:10090 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.3:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.3 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65403 + ! + vrf PROD + rd 1.1.4.3:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.3 + redistribute connected + neighbor interface Vl3001 peer-group MLAG-IPV6-PEER remote-as 65403 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF4.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF4.cfg new file mode 100644 index 00000000..20e6911e --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF4.cfg @@ -0,0 +1,283 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3001-3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 90 + name Pink +! +vlan 3001 + name MLAG_PEER_VRF_PROD + trunk group MLAG_PEER +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel8 + description HostD4 + switchport access vlan 10 + mlag 8 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + description HostD5 + switchport access vlan 90 + spanning-tree portfast +! +interface Ethernet8 + channel-group 8 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.4/32 + ipv6 address 2001:db8:d:1::4/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.3/32 + ipv6 address 2001:db8:d:2::3/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.147/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 + ipv6 address virtual 2001:db8:50:50::1/64 +! +interface Vlan90 + mtu 9014 + vrf DEV + ip address virtual 10.90.90.1/24 + ipv6 address virtual 2001:db8:90:90::1/64 +! +interface Vlan3001 + description MLAG iBGP Peer - VRF PROD + no autostate + vrf PROD + ipv6 enable +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::2/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 10,50,90 vni 10010,10050,10090 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65403 + router-id 1.1.4.4 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65403 + ! + vlan 10 + rd 1.1.4.4:10010 + route-target both 10010:10010 + redistribute learned + ! + vlan 50 + rd 1.1.4.4:10050 + route-target both 10050:10050 + redistribute learned + ! + vlan 90 + rd 1.1.4.4:10090 + route-target both 10090:10090 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.4:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.4 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65403 + ! + vrf PROD + rd 1.1.4.4:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.4 + redistribute connected + neighbor interface Vl3001 peer-group MLAG-IPV6-PEER remote-as 65403 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF5.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF5.cfg new file mode 100644 index 00000000..beee3ab1 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF5.cfg @@ -0,0 +1,227 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF5 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 70 + name Brown +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostD6 + switchport access vlan 70 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.5/32 + ipv6 address 2001:db8:d:1::5/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.5/32 + ipv6 address 2001:db8:d:2::5/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.148/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 70 vni 10070 + vxlan vrf DEV vni 50002 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::2 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65405 + router-id 1.1.4.5 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65405 + ! + vlan 70 + rd 1.1.4.5:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.5:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.5 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65405 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF6.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF6.cfg new file mode 100644 index 00000000..a2e723ba --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF6.cfg @@ -0,0 +1,227 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +dhcp relay + tunnel requests disabled + mlag peer-link requests disabled +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF6 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode mstp +no spanning-tree vlan-id 3002,4093-4094 +spanning-tree edge-port bpduguard default +spanning-tree mst 0 priority 0 +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 70 + name Brown +! +vlan 3002 + name MLAG_PEER_VRF_DEV + trunk group MLAG_PEER +! +vlan 4093 + name MLAG_PEER_L3_UNDERLAY + trunk group MLAG_PEER +! +vlan 4094 + name MLAG_PEER_SYNC + trunk group MLAG_PEER +! +vrf instance DEV +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Port-Channel7 + description HostD6 + switchport access vlan 70 + mlag 7 + spanning-tree portfast +! +interface Port-Channel1000 + description MLAG PEER-LINK + switchport mode trunk + switchport trunk group MLAG_PEER +! +interface Ethernet1 + description D-SPINE1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-SPINE2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-SPINE3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-SPINE4 + no switchport + ipv6 enable +! +interface Ethernet5 + channel-group 1000 mode active +! +interface Ethernet6 + channel-group 1000 mode active +! +interface Ethernet7 + channel-group 7 mode active +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.6/32 + ipv6 address 2001:db8:d:1::6/128 +! +interface Loopback1 + description Shared VTEP IP (MLAG) + ip address 2.2.4.5/32 + ipv6 address 2001:db8:d:2::5/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.149/24 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vlan3002 + description MLAG iBGP Peer - VRF DEV + no autostate + vrf DEV + ipv6 enable +! +interface Vlan4093 + description MLAG UNDERLAY BGP PEER + no autostate + ipv6 enable +! +interface Vlan4094 + description MLAG PEER SYNC + no autostate + ipv6 address 2001:db8::2/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan virtual-router encapsulation mac-address mlag-system-id + vxlan udp-port 4789 + vxlan encapsulation ipv4 ipv6 + vxlan vlan 70 vni 10070 + vxlan vrf DEV vni 50002 +! +mac address-table aging-time 1800 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +! +ip extcommunity-list regexp evpn-imported permit RT.* +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +! +mlag configuration + domain-id 100 + local-interface Vlan4094 + peer-address 2001:db8::1 + peer-link Port-Channel1000 +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-MLAG-PEER-OUT deny 10 + match extcommunity evpn-imported +! +route-map RM-MLAG-PEER-OUT permit 20 + set origin incomplete +! +router bgp 65405 + router-id 1.1.4.6 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor MLAG-IPV6-PEER peer group + neighbor MLAG-IPV6-PEER next-hop-self + neighbor MLAG-IPV6-PEER route-map RM-MLAG-PEER-OUT out + neighbor 2001:db8:d:1::201 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::202 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::203 peer group LOCAL-EVPN-PEERS + neighbor 2001:db8:d:1::204 peer group LOCAL-EVPN-PEERS + neighbor interface Et1-4 peer-group LOCAL-IPV6-PEERS remote-as 65400 + neighbor interface Vl4093 peer-group MLAG-IPV6-PEER remote-as 65405 + ! + vlan 70 + rd 1.1.4.6:10070 + route-target both 10070:10070 + redistribute learned + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + route import match-failure action discard + ! + address-family ipv4 + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + neighbor MLAG-IPV6-PEER activate + neighbor MLAG-IPV6-PEER next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + neighbor MLAG-IPV6-PEER activate + redistribute connected + ! + vrf DEV + rd 1.1.4.6:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.6 + redistribute connected + neighbor interface Vl3002 peer-group MLAG-IPV6-PEER remote-as 65405 +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF7.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF7.cfg new file mode 100644 index 00000000..e70431be --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF7.cfg @@ -0,0 +1,303 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF7 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-SPINE1 + load-interval 1 + no switchport + ip address 192.168.0.1/31 +! +interface Ethernet2 + description D-SPINE2 + load-interval 1 + no switchport + ip address 192.168.0.3/31 +! +interface Ethernet3 + description D-SPINE3 + load-interval 1 + no switchport + ip address 192.168.0.5/31 +! +interface Ethernet4 + description D-SPINE4 + load-interval 1 + no switchport + ip address 192.168.0.7/31 +! +interface Ethernet5 + no switchport + ipv6 enable +! +interface Ethernet6 + no switchport + ipv6 enable +! +interface Ethernet7 + no switchport + ip address 172.16.4.1/31 + ipv6 enable +! +interface Ethernet8 + no switchport + ip address 172.16.4.5/31 + ipv6 enable +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.7/32 + ipv6 address 2001:db8:d:1::7/128 +! +interface Loopback1 + description VTEP IP + ip address 2.2.4.7/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.150/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 + ipv6 address virtual 2001:db8:50:50::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,50,70 vni 10010,10050,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 1.1.4.7/32 + seq 20 permit 1.1.4.8/32 + seq 30 permit 2.2.4.7/32 +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +router bgp 65407 ## wrong bgp as + router-id 1.1.4.7 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65400 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.1 description BB1.EVPN + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 description BB2.EVPN + neighbor 1.1.4.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.201 description D-SPINE1.EVPN + neighbor 1.1.4.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.202 description D-SPINE2.EVPN + neighbor 1.1.4.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.203 description D-SPINE3.EVPN + neighbor 1.1.4.204 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.204 description D-SPINE4.EVPN + neighbor 172.16.4.0 peer group REMOTE-IPV4-PEERS + neighbor 172.16.4.0 description BB1.IPV4 + neighbor 172.16.4.4 peer group REMOTE-IPV4-PEERS + neighbor 172.16.4.4 description BB2.IPV4 + neighbor 192.168.0.0 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.0 description D-SPINE1.IPV4 + neighbor 192.168.0.2 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.2 description D-SPINE2.IPV4 + neighbor 192.168.0.4 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.4 description D-SPINE3.IPV4 + neighbor 192.168.0.6 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.6 description D-SPINE4.IPV4 + ! + vlan 10 + rd evpn domain all 1.1.4.7:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 50 + rd evpn domain all 1.1.4.7:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 70 + rd evpn domain all 1.1.4.7:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor LOCAL-EVPN-PEERS rcf in AS65400_IN_EVPN() + neighbor LOCAL-EVPN-PEERS rcf out AS65400_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS rcf in AS65000_IN_EVPN() + neighbor REMOTE-EVPN-PEERS rcf out AS65000_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 4:4 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + layer-2 fec in-place update + ! + evpn ethernet-segment domain all + identifier 0000:dddd:0007:0008:0000 + designated-forwarder election algorithm preference 2000 + route-target import 00:dd:dd:07:08:00 + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor REMOTE-IPV4-PEERS activate + redistribute connected + ! + vrf DEV + rd 1.1.4.7:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.7 + ! + vrf PROD + rd 1.1.4.7:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.7 +! +router general + control-functions + code + function PREFIX_ROUTE() { + return evpn.route_type is EVPN_IP_PREFIX; + } + function IMET_ROUTE() { + return evpn.route_type is EVPN_IMET; + } + function FROM_GW_PEER() { + return community has_any {4:4}; + } + # + # + # + function AS65000_OUT_EVPN() { + if IMET_ROUTE() or PREFIX_ROUTE(){ + community add {4:4}; + } + return true; + } + # + function AS65000_IN_EVPN() { + if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() { + return false; + } + return true; + } + # + # + # + # + function AS65400_OUT_EVPN() { + if PREFIX_ROUTE(){ + community add {4:4}; + } + return true; + } + # + function AS65400_IN_EVPN() { + if PREFIX_ROUTE() and FROM_GW_PEER() { + return false; + } + return true; + } + # + EOF +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-LEAF8.cfg b/tech-library/data_center/evpnvxlan/configs/D-LEAF8.cfg new file mode 100644 index 00000000..a62df8dd --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-LEAF8.cfg @@ -0,0 +1,304 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-LEAF8 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 10 + name Blue +! +vlan 50 + name Yellow +! +vlan 70 + name Brown +! +vrf instance DEV +! +vrf instance MGMT +! +vrf instance PROD +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-SPINE1 + load-interval 1 + no switchport + ip address 192.168.0.9/31 +! +interface Ethernet2 + description D-SPINE2 + load-interval 1 + no switchport + ip address 192.168.0.11/31 +! +interface Ethernet3 + description D-SPINE3 + load-interval 1 + no switchport + ip address 192.168.0.13/31 +! +interface Ethernet4 + description D-SPINE4 + load-interval 1 + no switchport + ip address 192.168.0.15/31 +! +interface Ethernet5 + no switchport + ipv6 enable +! +interface Ethernet6 + no switchport + ipv6 enable +! +interface Ethernet7 + no switchport + ip address 172.16.4.3/31 + ipv6 enable +! +interface Ethernet8 + no switchport + ip address 172.16.4.7/31 + ipv6 enable +! +interface Loopback0 + description Globally Unique Address + ip address 1.1.4.8/32 + ipv6 address 2001:db8:d:1::8/128 +! +interface Loopback1 + description VTEP IP + ip address 2.2.4.8/32 +! +interface Management0 + vrf MGMT + ip address 172.100.100.151/24 +! +interface Vlan10 + mtu 9014 + vrf PROD + ip address virtual 10.10.10.1/24 + ipv6 address virtual 2001:db8:10:10::1/64 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 + ipv6 address virtual 2001:db8:50:50::1/64 +! +interface Vlan70 + mtu 9014 + vrf DEV + ip address virtual 10.70.70.1/24 + ipv6 address virtual 2001:db8:70:70::1/64 +! +interface Vxlan1 + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 10,50,70 vni 10010,10050,10070 + vxlan vrf DEV vni 50002 + vxlan vrf PROD vni 50001 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +ip routing vrf DEV +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-GATEWAY-LOOP + seq 10 permit 1.1.4.7/32 + seq 20 permit 1.1.4.8/32 + seq 30 permit 2.2.4.7/32 + seq 40 permit 2.2.4.8/32 +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ipv6 unicast-routing +ipv6 unicast-routing vrf DEV +ipv6 unicast-routing vrf PROD +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-AS65000-IPV4-OUT permit 10 + match ip address prefix-list PL-GATEWAY-LOOP +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS +! +router bgp 65408 + router-id 1.1.4.8 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS remote-as 65400 + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS remote-as 65400 + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor REMOTE-EVPN-PEERS peer group + neighbor REMOTE-EVPN-PEERS remote-as 65000 + neighbor REMOTE-EVPN-PEERS local-as 65000 no-prepend replace-as + neighbor REMOTE-EVPN-PEERS update-source Loopback0 + neighbor REMOTE-EVPN-PEERS password 7 IO6gE/ln7Sp2wt33WX/Asg== + neighbor REMOTE-IPV4-PEERS peer group + neighbor REMOTE-IPV4-PEERS remote-as 65000 + neighbor REMOTE-IPV4-PEERS route-map RM-AS65000-IPV4-OUT out + neighbor REMOTE-IPV4-PEERS password 7 dkvBq1jk4inJHsHfMjYRnQ== + neighbor 1.1.0.1 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.1 description BB1.EVPN + neighbor 1.1.0.2 peer group REMOTE-EVPN-PEERS + neighbor 1.1.0.2 description BB2.EVPN + neighbor 1.1.4.201 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.201 description D-SPINE1.EVPN + neighbor 1.1.4.202 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.202 description D-SPINE2.EVPN + neighbor 1.1.4.203 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.203 description D-SPINE3.EVPN + neighbor 1.1.4.204 peer group LOCAL-EVPN-PEERS + neighbor 1.1.4.204 description D-SPINE4.EVPN + neighbor 172.16.4.2 peer group REMOTE-IPV4-PEERS + neighbor 172.16.4.2 description BB1.IPV4 + neighbor 172.16.4.6 peer group REMOTE-IPV4-PEERS + neighbor 172.16.4.6 description BB2.IPV4 + neighbor 192.168.0.8 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.8 description D-SPINE1.IPV4 + neighbor 192.168.0.10 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.10 description D-SPINE2.IPV4 + neighbor 192.168.0.12 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.12 description D-SPINE3.IPV4 + neighbor 192.168.0.14 peer group LOCAL-IPV4-PEERS + neighbor 192.168.0.14 description D-SPINE4.IPV4 + ! + vlan 10 + rd evpn domain all 1.1.4.8:10010 + route-target import export evpn domain all 10010:10010 + ! + vlan 50 + rd evpn domain all 1.1.4.8:10050 + route-target import export evpn domain all 10050:10050 + ! + vlan 70 + rd evpn domain all 1.1.4.8:10070 + route-target import export evpn domain all 10070:10070 + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + neighbor LOCAL-EVPN-PEERS rcf in AS65400_IN_EVPN() + neighbor LOCAL-EVPN-PEERS rcf out AS65400_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS activate + neighbor REMOTE-EVPN-PEERS rcf in AS65000_IN_EVPN() + neighbor REMOTE-EVPN-PEERS rcf out AS65000_OUT_EVPN() + neighbor REMOTE-EVPN-PEERS domain remote + domain identifier 4:4 + domain identifier 99:99 remote + route import match-failure action discard + neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain + layer-2 fec in-place update + ! + evpn ethernet-segment domain all + identifier 0000:dddd:0007:0008:0000 + designated-forwarder election algorithm preference 2000 + route-target import 00:dd:dd:07:08:00 + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor REMOTE-IPV4-PEERS activate + redistribute connected + ! + vrf DEV + rd 1.1.4.8:50002 + route-target import evpn 50002:50002 + route-target export evpn 50002:50002 + router-id 1.1.4.8 + ! + vrf PROD + rd 1.1.4.8:50001 + route-target import evpn 50001:50001 + route-target export evpn 50001:50001 + router-id 1.1.4.8 +! +router general + control-functions + code + function PREFIX_ROUTE() { + return evpn.route_type is EVPN_IP_PREFIX; + } + function IMET_ROUTE() { + return evpn.route_type is EVPN_IMET; + } + function FROM_GW_PEER() { + return community has_any {4:4}; + } + # + # + # + function AS65000_OUT_EVPN() { + if IMET_ROUTE() or PREFIX_ROUTE(){ + community add {4:4}; + } + return true; + } + # + function AS65000_IN_EVPN() { + if (IMET_ROUTE() or PREFIX_ROUTE()) and FROM_GW_PEER() { + return false; + } + return true; + } + # + # + # + # + function AS65400_OUT_EVPN() { + if PREFIX_ROUTE(){ + community add {4:4}; + } + return true; + } + # + function AS65400_IN_EVPN() { + if PREFIX_ROUTE() and FROM_GW_PEER() { + return false; + } + return true; + } + # + EOF +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-SPINE1.cfg b/tech-library/data_center/evpnvxlan/configs/D-SPINE1.cfg new file mode 100644 index 00000000..d22579a4 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-SPINE1.cfg @@ -0,0 +1,142 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-SPINE1 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-LEAF1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-LEAF2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-LEAF3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-LEAF4 + no switchport + ipv6 enable +! +interface Ethernet5 + description D-LEAF5 + no switchport + ipv6 enable +! +interface Ethernet6 + description D-LEAF6 + no switchport + ipv6 enable +! +interface Ethernet7 + description D-LEAF7 + no switchport + ip address 192.168.0.0/31 +! +interface Ethernet8 + description D-LEAF8 + no switchport + ip address 192.168.0.8/31 +! +interface Loopback0 + ip address 1.1.4.201/32 + ipv6 address 2001:db8:d:1::201/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.140/24 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +no ip routing vrf MGMT +! +ipv6 prefix-list PL-LOOPBACKS + seq 10 permit 2001:db8:d:1::/64 eq 128 + seq 20 permit 2001:db8:d:2::/64 eq 128 +! +ipv6 unicast-routing +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ipv6 address prefix-list PL-LOOPBACKS +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65401-65499 result accept +! +router bgp 65400 + router-id 1.1.4.201 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 2001:db8:d:1::/64 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 192.168.0.0/24 peer-group LOCAL-IPV4-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor interface Et1-8 peer-group LOCAL-IPV6-PEERS peer-filter LEAF-AS-RANGE + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + redistribute connected +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-SPINE2.cfg b/tech-library/data_center/evpnvxlan/configs/D-SPINE2.cfg new file mode 100644 index 00000000..20b43201 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-SPINE2.cfg @@ -0,0 +1,142 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-SPINE2 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-LEAF1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-LEAF2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-LEAF3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-LEAF4 + no switchport + ipv6 enable +! +interface Ethernet5 + description D-LEAF5 + no switchport + ipv6 enable +! +interface Ethernet6 + description D-LEAF6 + no switchport + ipv6 enable +! +interface Ethernet7 + description D-LEAF7 + no switchport + ip address 192.168.0.2/31 +! +interface Ethernet8 + description D-LEAF8 + no switchport + ip address 192.168.0.10/31 +! +interface Loopback0 + ip address 1.1.4.202/32 + ipv6 address 2001:db8:d:1::202/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.141/24 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ipv6 unicast-routing +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ipv6 address prefix-list PL-LOOPBACKS +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65401-65499 result accept +! +router bgp 65400 + router-id 1.1.4.202 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 2001:db8:d:1::/64 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 192.168.0.0/24 peer-group LOCAL-IPV4-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor interface Et1-8 peer-group LOCAL-IPV6-PEERS peer-filter LEAF-AS-RANGE + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + redistribute connected +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-SPINE3.cfg b/tech-library/data_center/evpnvxlan/configs/D-SPINE3.cfg new file mode 100644 index 00000000..54711600 --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-SPINE3.cfg @@ -0,0 +1,142 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-SPINE3 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-LEAF1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-LEAF2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-LEAF3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-LEAF4 + no switchport + ipv6 enable +! +interface Ethernet5 + description D-LEAF5 + no switchport + ipv6 enable +! +interface Ethernet6 + description D-LEAF6 + no switchport + ipv6 enable +! +interface Ethernet7 + description D-LEAF7 + no switchport + ip address 192.168.0.4/31 +! +interface Ethernet8 + description D-LEAF8 + no switchport + ip address 192.168.0.12/31 +! +interface Loopback0 + ip address 1.1.4.203/32 + ipv6 address 2001:db8:d:1::203/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.142/24 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ipv6 unicast-routing +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ipv6 address prefix-list PL-LOOPBACKS +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65401-65499 result accept +! +router bgp 65400 + router-id 1.1.4.203 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 2001:db8:d:1::/64 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 192.168.0.0/24 peer-group LOCAL-IPV4-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor interface Et1-8 peer-group LOCAL-IPV6-PEERS peer-filter LEAF-AS-RANGE + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + redistribute connected +! +management ssh + vrf MGMT + no shutdown +! +end diff --git a/tech-library/data_center/evpnvxlan/configs/D-SPINE4.cfg b/tech-library/data_center/evpnvxlan/configs/D-SPINE4.cfg new file mode 100644 index 00000000..c505febe --- /dev/null +++ b/tech-library/data_center/evpnvxlan/configs/D-SPINE4.cfg @@ -0,0 +1,142 @@ +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +! +switchport default mode routed +! +transceiver qsfp default-mode 4x10G +! +interface defaults + mtu 9214 +! +service routing protocols model multi-agent +! +hostname D-SPINE4 +ip name-server vrf MGMT 8.8.8.8 +! +spanning-tree mode none +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance MGMT +! +management api http-commands + no shutdown + ! + vrf MGMT + no shutdown +! +aaa authorization exec default local +! +interface Ethernet1 + description D-LEAF1 + no switchport + ipv6 enable +! +interface Ethernet2 + description D-LEAF2 + no switchport + ipv6 enable +! +interface Ethernet3 + description D-LEAF3 + no switchport + ipv6 enable +! +interface Ethernet4 + description D-LEAF4 + no switchport + ipv6 enable +! +interface Ethernet5 + description D-LEAF5 + no switchport + ipv6 enable +! +interface Ethernet6 + description D-LEAF6 + no switchport + ipv6 enable +! +interface Ethernet7 + description D-LEAF7 + no switchport + ip address 192.168.0.6/31 +! +interface Ethernet8 + description D-LEAF8 + no switchport + ip address 192.168.0.14/31 +! +interface Loopback0 + ip address 1.1.4.204/32 + ipv6 address 2001:db8:d:1::204/128 +! +interface Management0 + vrf MGMT + ip address 172.100.100.143/24 +! +mac address-table aging-time 1800 +! +ip routing ipv6 interfaces +no ip routing vrf MGMT +! +ip prefix-list PL-LOOPBACKS + seq 10 permit 1.1.0.0/16 eq 32 + seq 20 permit 2.2.0.0/16 eq 32 +! +ipv6 unicast-routing +! +ip route vrf MGMT 0.0.0.0/0 172.100.100.1 +! +arp aging timeout default 1500 +! +route-map RM-CONN-2-BGP permit 10 + match ipv6 address prefix-list PL-LOOPBACKS +! +peer-filter LEAF-AS-RANGE + 10 match as-range 65401-65499 result accept +! +router bgp 65400 + router-id 1.1.4.204 + no bgp default ipv4-unicast + distance bgp 20 200 200 + graceful-restart restart-time 300 + graceful-restart + maximum-paths 4 + bgp listen range 1.1.0.0/16 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 2001:db8:d:1::/64 peer-group LOCAL-EVPN-PEERS peer-filter LEAF-AS-RANGE + bgp listen range 192.168.0.0/24 peer-group LOCAL-IPV4-PEERS peer-filter LEAF-AS-RANGE + neighbor default send-community + neighbor LOCAL-EVPN-PEERS peer group + neighbor LOCAL-EVPN-PEERS next-hop-unchanged + neighbor LOCAL-EVPN-PEERS update-source Loopback0 + neighbor LOCAL-EVPN-PEERS ebgp-multihop 3 + neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g== + neighbor LOCAL-IPV4-PEERS peer group + neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ== + neighbor LOCAL-IPV6-PEERS peer group + neighbor LOCAL-IPV6-PEERS password 7 nI7sLaKoXTZaU/dFFLYqCQ== + neighbor interface Et1-8 peer-group LOCAL-IPV6-PEERS peer-filter LEAF-AS-RANGE + ! + address-family evpn + neighbor LOCAL-EVPN-PEERS activate + ! + address-family ipv4 + neighbor LOCAL-IPV4-PEERS activate + neighbor LOCAL-IPV6-PEERS activate + neighbor LOCAL-IPV6-PEERS next-hop address-family ipv6 originate + redistribute connected + ! + address-family ipv6 + neighbor LOCAL-IPV6-PEERS activate + redistribute connected +! +management ssh + vrf MGMT + no shutdown +! +end