Single Data Center - L3LS¶
Introduction¶
This example is meant to be used as the logical second step in introducing AVD to new users, directly following the Introduction to Ansible and AVD section. New users with access to virtual switches (using Arista vEOS-lab or cEOS) can learn how to generate configuration and documentation for a complete fabric environment. Users with access to physical switches will have to adapt a few settings. This is all documented inline in the comments included in the YAML files. If a lab with virtual or physical switches is not accessible, this example can be used only to generate the output from AVD if required.
The example includes and describes all the AVD files and their content used to build an L3LS EVPN/VXLAN Symmetric IRB network covering a single DC using the following:
- Two (virtual) spine switches.
- Two sets of (virtual) leaf switches, serving endpoints such as servers.
- Two (virtual) layer2-only switches, often used for server management connectivity.
Ansible playbooks are included to show the following:
- Building the intended configuration and documentation
- Deploying the configuration directly to the switches using eAPI
- Deploying the configuration via CloudVision to the switches, including a full change-based workflow with rollback capability etc.
Installation¶
Requirements to use this example:
- Follow the installation guide for AVD
- Run the following playbook to copy the AVD examples to your current working directory, for example
ansible-avd-examples:
This will show the following:
~/ansible-avd-examples# ansible-playbook arista.avd.install_examples
PLAY [Install Examples]**********************************************************************************************
TASK [Copy all examples to ~/ansible-avd-examples]*******************************************************************
changed: [localhost]
PLAY RECAP
*********************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Info
If the content of any file is modified and the playbook is rerun, the file will not be overwritten. However, if any file in the example is deleted and the playbook is rerun, Ansible will re-create the file.
After the playbook has run successfully, the directory structure of the example should look like below, the contents of which will be covered in later sections:
ansible-avd-examples/ (or wherever the playbook was run)
|── single-dc-l3ls
├── ansible.cfg
├── documentation
├── group_vars
├── images
├── intended
├── inventory.yml
├── build.yml
├── deploy.yml
├── deploy-cvp.yml
├── README.md
└── switch-basic-configurations
Overall design overview¶
Physical topology¶
The drawing below shows the physical topology used in this example. The interface assignment shown here are referenced across the entire example, so keep that in mind if this example must be adapted to a different topology. Finally, the Ansible host is connected to the dedicated out-of-band management port (Ethernet0 when using vEOS-lab):
IP ranges used¶
| Out-of-band management IP allocation for DC1 | 172.16.1.0/24 |
|---|---|
| Default gateway | 172.16.1.1 |
| dc1-spine1 | 172.16.1.11 |
| dc1-spine2 | 172.16.1.12 |
| dc1-leaf1a | 172.16.1.101 |
| dc1-leaf1b | 172.16.1.102 |
| dc1-leaf2a | 172.16.1.103 |
| dc1-leaf2b | 172.16.1.104 |
| dc1-leaf1c | 172.16.1.151 |
| dc1-leaf2c | 172.16.1.152 |
| Point-to-point links between leaf and spine | (Underlay) |
| DC1 | 10.255.255.0/26 |
| Loopback0 interfaces used for EVPN peering | 10.255.0.0/27 |
| Loopback1 interfaces used for VTEP | (Leaf switches) |
| DC1 | 10.255.1.0/27 |
| VTEP Loopbacks used for diagnostics | (Leaf switches) |
| VRF10 | 10.255.10.0/27 |
| VRF11 | 10.255.11.0/27 |
| SVIs (interface vlan…) | 10.10.<VLAN-ID>.0/24 |
For example interface VLAN11 has the IP address: |
10.10.11.1 |
| MLAG Peer-link (interface vlan 4094) | (Leaf switches) |
| DC1 | 10.255.1.64/27 |
| MLAG iBGP Peering (interface vlan 4093) | (Leaf switches) |
| DC1 | 10.255.1.96/27 |
| CloudVision Portal | |
| cvp | 192.168.1.12 |
BGP design¶
Basic EOS config¶
Basic connectivity between the Ansible host and the switches must be established before Ansible can be used to push configurations. You must configure the following on all switches:
- A hostname configured purely for ease of understanding.
- An IP enabled interface - in this example, the dedicated out-of-band management interface is used.
- A username and password with the proper access privileges.
Below is the basic configuration file for dc1-leaf1a:
dc1-leaf1a-basic-configuration.txt
! ansible-avd-examples/single-dc-l3ls/switch-basic-configurations/dc1-leaf1a-basic-configuration.txt
! Basic EOS config
!
! Hostname of the device
hostname dc1-leaf1a
!
! Configures username and password for the ansible user
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
! Defines the VRF for MGMT
vrf instance MGMT
!
! Defines the settings for the Management1 interface through which Ansible reaches the device
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
! IP address - must be set uniquely per device
ip address 172.16.1.101/24
!
! Static default route for VRF MGMT
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
! Enables API access in VRF MGMT
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
end
!
! Save configuration to flash
copy running-config startup-config
Note
The folder single-dc-l3ls/switch-basic-configurations/ contains a file per device for the initial configurations.
Ansible inventory, group vars, and naming scheme¶
The following drawing shows a graphic overview of the Ansible inventory, group variables, and naming scheme used in this example:
Note
The two servers dc1-leaf1-server1 and dc1-leaf2-server1 at the bottom are not configured by AVD, but the switch ports used to connect to the servers are.
Group names use uppercase and underscore syntax:
- CLOUDVISION
- FABRIC
- DC1
- DC1_SPINES
- DC1_L3_LEAVES
- DC1_L2_LEAVES
All hostnames use lowercase and dashes, for example:
- cvp
- dc1-spine1
- dc1-leaf1a
- dc1-leaf2c
The drawing also shows the relationships between groups and their children:
- For example,
dc1-spine1anddc1-spine2are both children of the group calledDC1_SPINES.
Additionally, groups themselves can be children of another group, for example:
DC1_L3_LEAVESis a group consisting of the groupsDC1_LEAF1andDC1_LEAF2DC1_L3_LEAVESis also a child of the groupDC1.
This naming convention makes it possible to extend anything easily, but as always, this can be changed based on your preferences. Just ensure that the names of all groups and hosts are unique.
Content of the inventory.yml file¶
This section describes the entire ansible-avd-examples/single-dc-l3ls/inventory.yml file used to represent the above topology.
It is important that the hostnames specified in the inventory exist either in DNS or in the hosts file on your Ansible host to allow successful name lookup and be able to reach the switches directly. A successful ping from the Ansible host to each inventory host verifies name resolution(e.g., ping dc1-spine1).
Alternatively, if there is no DNS available, or if devices need to be reached using a fully qualified domain name (FQDN), define ansible_host to be an IP address or FQDN for each device - see below for an example:
inventory.yml
---
all:
children:
CLOUDVISION:
hosts:
cvp:
# Ansible variables used by the ansible_avd and ansible_cvp roles to push configuration to devices via CVP
ansible_host: 192.168.1.12
ansible_user: ansible
ansible_password: ansible
ansible_connection: httpapi
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_network_os: eos
FABRIC:
children:
DC1:
children:
DC1_SPINES:
hosts:
dc1-spine1:
ansible_host: 172.16.1.11
dc1-spine2:
ansible_host: 172.16.1.12
DC1_L3_LEAVES:
hosts:
dc1-leaf1a:
ansible_host: 172.16.1.101
dc1-leaf1b:
ansible_host: 172.16.1.102
dc1-leaf2a:
ansible_host: 172.16.1.103
dc1-leaf2b:
ansible_host: 172.16.1.104
DC1_L2_LEAVES:
hosts:
dc1-leaf1c:
ansible_host: 172.16.1.151
dc1-leaf2c:
ansible_host: 172.16.1.152
NETWORK_SERVICES:
children:
DC1_L3_LEAVES:
DC1_L2_LEAVES:
CONNECTED_ENDPOINTS:
children:
DC1_L3_LEAVES:
DC1_L2_LEAVES:
The above is what is included in this example, purely to make it as simple as possible to get started. However, in the future, please do not carry over this practice to a production environment, where an inventory file for an identical topology should look as follows when using DNS:
inventory.yml
---
all:
children:
CLOUDVISION:
hosts:
cvp:
ansible_httpapi_host: cvp
ansible_host: cvp
ansible_user: ansible
ansible_password: ansible
ansible_connection: httpapi
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_network_os: eos
ansible_python_interpreter: $(which python3)
FABRIC:
children:
DC1:
children:
DC1_SPINES:
hosts:
dc1-spine1:
dc1-spine2:
DC1_L3_LEAVES:
hosts:
dc1-leaf1a:
dc1-leaf1b:
dc1-leaf2a:
dc1-leaf2b:
DC1_L2_LEAVES:
hosts:
dc1-leaf1c:
dc1-leaf2c:
NETWORK_SERVICES:
children:
DC1_L3_LEAVES:
DC1_L2_LEAVES:
CONNECTED_ENDPOINTS:
children:
DC1_L3_LEAVES:
DC1_L2_LEAVES:
Defining device types¶
Since this example covers building an L3LS network, AVD must know about the device types, for example, spines, L3 leaves, L2 leaves, etc. The devices are already grouped in the inventory, so the device types are specified in the group variable files with the following names and content:
---
type: spine
spine:
# Define variables for all nodes of this type
defaults:
# Set the relevant platform as each platform has different default values in Ansible AVD
# Arista platform family <- from the documentation page https://avd.arista.com/5.1/roles/eos_designs/docs/input-variables.html#node-type-settings TOREVISE
platform: vEOS-lab
# Pool of IPv4 addresses to configure interface Loopback0 used for BGP EVPN sessions
loopback_ipv4_pool: 10.255.0.0/27
# Autonous System Number for BGP
bgp_as: 65100
# Define variables per node
nodes:
# The Node Name is used as "hostname"
- name: dc1-spine1
# Unique identifier used for IP addressing and other algorithms
id: 1
# Node management interface IPv4 address
mgmt_ip: 172.16.1.11/24
- name: dc1-spine2
id: 2
mgmt_ip: 172.16.1.12/24
---
type: l3leaf
# L3 Leaf switch group
l3leaf:
defaults:
# Set the relevant platform as each platform has different default values in Ansible AVD
platform: vEOS-lab
# Pool of IPv4 addresses to configure interface Loopback0 used for BGP EVPN sessions
loopback_ipv4_pool: 10.255.0.0/27
# Offset all assigned loopback IP addresses.
# Required when the < loopback_ipv4_pool > is same for 2 different node_types (like spine and l3leaf) to avoid over-lapping IPs.
# For example, set the minimum offset l3leaf.defaults.loopback_ipv4_offset: < total # spine switches > or vice versa.
loopback_ipv4_offset: 2
# Definition of pool of IPs to be used as Virtual Tunnel EndPoint (VXLAN origin and destination IPs)
vtep_loopback_ipv4_pool: 10.255.1.0/27
# Ansible hostname of the devices used to establish neighborship (IP assignments and BGP peering)
uplink_switches: ['dc1-spine1', 'dc1-spine2']
# Definition of pool of IPs to be used in P2P links
uplink_ipv4_pool: 10.255.255.0/26
# Definition of pool of IPs to be used for MLAG peer-link connectivity
mlag_peer_ipv4_pool: 10.255.1.64/27
# iBGP Peering between MLAG peers
mlag_peer_l3_ipv4_pool: 10.255.1.96/27
# Virtual router mac for VNIs assigned to Leaf switches in format xx:xx:xx:xx:xx:xx
virtual_router_mac_address: 00:1c:73:00:00:99
spanning_tree_priority: 4096
spanning_tree_mode: mstp
# If two nodes (and only two) are in the same node_group, they will automatically form an MLAG pair
node_groups:
# Definition of a node group that will include two devices in MLAG.
# Definitions under the group will be inherited by both nodes in the group
- group: DC1_L3_LEAF1
# ASN to be used by BGP for the group. Both devices in the MLAG pair will use the same BGP ASN
bgp_as: 65101
nodes:
# Definition of hostnames under the node_group
- name: dc1-leaf1a
id: 1
mgmt_ip: 172.16.1.101/24
# Definition of the port to be used in the uplink device facing this device.
# Note that the number of elements in this list must match the length of 'uplink_switches' as well as 'uplink_interfaces'
uplink_switch_interfaces: [Ethernet1, Ethernet1]
- name: dc1-leaf1b
id: 2
mgmt_ip: 172.16.1.102/24
uplink_switch_interfaces: [Ethernet2, Ethernet2]
- group: DC1_L3_LEAF2
bgp_as: 65102
nodes:
- name: dc1-leaf2a
id: 3
mgmt_ip: 172.16.1.103/24
uplink_switch_interfaces: [Ethernet3, Ethernet3]
- name: dc1-leaf2b
id: 4
mgmt_ip: 172.16.1.104/24
uplink_switch_interfaces: [Ethernet4, Ethernet4]
---
type: l2leaf
l2leaf:
defaults:
platform: vEOS-lab
spanning_tree_mode: mstp
node_groups:
- group: DC1_L2_LEAF1
uplink_switches: [dc1-leaf1a, dc1-leaf1b]
nodes:
- name: dc1-leaf1c
id: 1
mgmt_ip: 172.16.1.151/24
uplink_switch_interfaces: [Ethernet8, Ethernet8]
- group: DC1_L2_LEAF2
uplink_switches: [dc1-leaf2a, dc1-leaf2b]
nodes:
- name: dc1-leaf2c
id: 2
mgmt_ip: 172.16.1.152/24
uplink_switch_interfaces: [Ethernet8, Ethernet8]
For example, all switches that are children of the DC1_SPINES group defined in the inventory will be of type spine.
Setting fabric-wide configuration parameters¶
The ansible-avd-examples/single-dc-l3ls/group_vars/FABRIC folder contain files that defines generic settings that apply to all children of the FABRIC group as specified in the inventory described earlier.
The first file defines how the Ansible host connects to the devices:
fabric_ansible_connectivity.yml
---
# Ansible connectivity definitions
# eAPI connectivity via HTTPS is specified (as opposed to CLI via SSH)
ansible_connection: ansible.netcommon.httpapi
# Specifies that we are indeed using Arista EOS
ansible_network_os: arista.eos.eos
# This user/password must exist on the switches to enable Ansible access
ansible_user: ansible
ansible_password: ansible
# User escalation (to enter enable mode)
ansible_become: true
ansible_become_method: enable
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
The following section specifies variables that generate configuration to be applied to all devices in the fabric:
fabric_variables.yml
---
# Common AVD group variables
fabric_name: FABRIC
# Generate CSVs with fabric link info.
eos_designs_documentation:
topology_csv: true
p2p_links_csv: true
# Define underlay and overlay routing protocol to be used
underlay_routing_protocol: ebgp
overlay_routing_protocol: ebgp
# Local users
local_users:
# Define a new user, which is called "ansible"
- name: ansible
privilege: 15
role: network-admin
# Password set to "ansible". Same string as the device generates when configuring a username.
sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
- name: admin
privilege: 15
role: network-admin
no_password: true
# BGP peer groups passwords
bgp_peer_groups:
# all passwords set to "arista"
evpn_overlay_peers:
password: Q4fqtbqcZ7oQuKfuWtNGRQ==
ipv4_underlay_peers:
password: 7x4B4rnJhZB438m9+BrBfQ==
mlag_ipv4_underlay_peer:
password: 4b21pAdCvWeAqpcKDFMdWw==
# P2P interfaces MTU, includes VLANs 4093 and 4094 that are over peer-link
# If you're running vEOS-lab or cEOS, you should use MTU of 1500 instead as shown in the following line
# p2p_uplinks_mtu: 9214
p2p_uplinks_mtu: 1500
# Set default uplink, downlink, and MLAG interfaces based on node type
default_interfaces:
- types: [spine]
platforms: [default]
uplink_interfaces: [Ethernet1-2]
downlink_interfaces: [Ethernet1-8]
- types: [l3leaf]
platforms: [default]
uplink_interfaces: [Ethernet1-2]
mlag_interfaces: [Ethernet3-4]
downlink_interfaces: [Ethernet8]
- types: [l2leaf]
platforms: [default]
uplink_interfaces: [Ethernet1-2]
# CloudVision Portal definitions
cvp_instance_ips:
- 192.168.1.12
terminattr_smashexcludes: "ale,flexCounter,hardware,kni,pulse,strata"
terminattr_ingestexclude: "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
terminattr_disable_aaa: true
# DNS Server
name_servers:
- 192.168.1.1
# NTP Servers IP or DNS name, first NTP server will be preferred, and sourced from Management VRF
ntp_settings:
server_vrf: use_mgmt_interface_vrf
servers:
- name: 0.pool.ntp.org
Setting device specific configuration parameters¶
The ansible-avd-examples/single-dc-l3ls/group_vars/DC1/dc1.yml file defines settings that apply to all children of the DC1 group as specified in the inventory described earlier. However, this time the settings defined are no longer fabric-wide but are limited to DC1. This example is of limited benefit with only a single data center. Still, it allows us to scale the configuration to a scenario with multiple data centers in the future.
The ansible-avd-examples/single-dc-l3ls/group_vars/DC1_SPINES/spines.yml covers the spine switches.
spines.yml
---
type: spine
spine:
# Define variables for all nodes of this type
defaults:
# Set the relevant platform as each platform has different default values in Ansible AVD
# Arista platform family <- from the documentation page https://avd.arista.com/5.1/roles/eos_designs/docs/input-variables.html#node-type-settings TOREVISE
platform: vEOS-lab
# Pool of IPv4 addresses to configure interface Loopback0 used for BGP EVPN sessions
loopback_ipv4_pool: 10.255.0.0/27
# Autonous System Number for BGP
bgp_as: 65100
# Define variables per node
nodes:
# The Node Name is used as "hostname"
- name: dc1-spine1
# Unique identifier used for IP addressing and other algorithms
id: 1
# Node management interface IPv4 address
mgmt_ip: 172.16.1.11/24
- name: dc1-spine2
id: 2
mgmt_ip: 172.16.1.12/24
The ansible-avd-examples/single-dc-l3ls/group_vars/DC1_L3_LEAVES/l3_leaves.yml covers the L3 leaf switches. Significantly more settings need to be set compared to the spine switches.
l3_leaves.yml
---
type: l3leaf
# L3 Leaf switch group
l3leaf:
defaults:
# Set the relevant platform as each platform has different default values in Ansible AVD
platform: vEOS-lab
# Pool of IPv4 addresses to configure interface Loopback0 used for BGP EVPN sessions
loopback_ipv4_pool: 10.255.0.0/27
# Offset all assigned loopback IP addresses.
# Required when the < loopback_ipv4_pool > is same for 2 different node_types (like spine and l3leaf) to avoid over-lapping IPs.
# For example, set the minimum offset l3leaf.defaults.loopback_ipv4_offset: < total # spine switches > or vice versa.
loopback_ipv4_offset: 2
# Definition of pool of IPs to be used as Virtual Tunnel EndPoint (VXLAN origin and destination IPs)
vtep_loopback_ipv4_pool: 10.255.1.0/27
# Ansible hostname of the devices used to establish neighborship (IP assignments and BGP peering)
uplink_switches: ['dc1-spine1', 'dc1-spine2']
# Definition of pool of IPs to be used in P2P links
uplink_ipv4_pool: 10.255.255.0/26
# Definition of pool of IPs to be used for MLAG peer-link connectivity
mlag_peer_ipv4_pool: 10.255.1.64/27
# iBGP Peering between MLAG peers
mlag_peer_l3_ipv4_pool: 10.255.1.96/27
# Virtual router mac for VNIs assigned to Leaf switches in format xx:xx:xx:xx:xx:xx
virtual_router_mac_address: 00:1c:73:00:00:99
spanning_tree_priority: 4096
spanning_tree_mode: mstp
# If two nodes (and only two) are in the same node_group, they will automatically form an MLAG pair
node_groups:
# Definition of a node group that will include two devices in MLAG.
# Definitions under the group will be inherited by both nodes in the group
- group: DC1_L3_LEAF1
# ASN to be used by BGP for the group. Both devices in the MLAG pair will use the same BGP ASN
bgp_as: 65101
nodes:
# Definition of hostnames under the node_group
- name: dc1-leaf1a
id: 1
mgmt_ip: 172.16.1.101/24
# Definition of the port to be used in the uplink device facing this device.
# Note that the number of elements in this list must match the length of 'uplink_switches' as well as 'uplink_interfaces'
uplink_switch_interfaces: [Ethernet1, Ethernet1]
- name: dc1-leaf1b
id: 2
mgmt_ip: 172.16.1.102/24
uplink_switch_interfaces: [Ethernet2, Ethernet2]
- group: DC1_L3_LEAF2
bgp_as: 65102
nodes:
- name: dc1-leaf2a
id: 3
mgmt_ip: 172.16.1.103/24
uplink_switch_interfaces: [Ethernet3, Ethernet3]
- name: dc1-leaf2b
id: 4
mgmt_ip: 172.16.1.104/24
uplink_switch_interfaces: [Ethernet4, Ethernet4]
Finally, more of the same, but this time for the L2 leaf switches:
l2_leaves.yml
---
type: l2leaf
l2leaf:
defaults:
platform: vEOS-lab
spanning_tree_mode: mstp
node_groups:
- group: DC1_L2_LEAF1
uplink_switches: [dc1-leaf1a, dc1-leaf1b]
nodes:
- name: dc1-leaf1c
id: 1
mgmt_ip: 172.16.1.151/24
uplink_switch_interfaces: [Ethernet8, Ethernet8]
- group: DC1_L2_LEAF2
uplink_switches: [dc1-leaf2a, dc1-leaf2b]
nodes:
- name: dc1-leaf2c
id: 2
mgmt_ip: 172.16.1.152/24
uplink_switch_interfaces: [Ethernet8, Ethernet8]
An L2 leaf switch is simpler than an L3 switch. Hence there are fewer settings to define.
Specifying network services (VRFs and VLANs) in the EVPN/VXLAN fabric¶
The ansible-avd-examples/single-dc-l3ls/group_vars/NETWORK_SERVICES/network_services.yml file defines All VRF and VLANs. This means that regardless of where a given VRF or VLAN must exist, its existence is defined in this file, but it does not indicate where in the fabric it exists. That was done at the bottom of the inventory file previously described in the Inventory section.
network_services.yml
---
tenants:
# Definition of tenants. Additional level of abstraction to VRFs
- name: TENANT1
# Number used to generate the VNI of each VLAN by adding the VLAN number in this tenant.
mac_vrf_vni_base: 10000
vrfs:
# VRF definitions inside the tenant.
- name: VRF10
# VRF VNI definition.
vrf_vni: 10
# Enable VTEP Network diagnostics
# This will create a loopback with virtual source-nat enable to perform diagnostics from the switch.
vtep_diagnostic:
# Loopback interface number
loopback: 10
# Loopback ip range, a unique ip is derived from this ranged and assigned
# to each l3 leaf based on it's unique id.
loopback_ip_range: 10.255.10.0/27
svis:
# SVI definitions.
- id: 11
# SVI Description
name: VRF10_VLAN11
enabled: true
# IP anycast gateway to be used in the SVI in every leaf.
ip_address_virtual: 10.10.11.1/24
- id: 12
name: VRF10_VLAN12
enabled: true
ip_address_virtual: 10.10.12.1/24
- name: VRF11
vrf_vni: 11
vtep_diagnostic:
loopback: 11
loopback_ip_range: 10.255.11.0/27
svis:
- id: 21
name: VRF11_VLAN21
enabled: true
ip_address_virtual: 10.10.21.1/24
- id: 22
name: VRF11_VLAN22
enabled: true
ip_address_virtual: 10.10.22.1/24
l2vlans:
# These are pure L2 vlans. They do not have a SVI defined in the l3leafs and they will be bridged inside the VXLAN fabric
- id: 3401
name: L2_VLAN3401
- id: 3402
name: L2_VLAN3402
AVD offers granular control of where Tenants and VLANs are configured using tags and filter. Those areas are not covered in this basic example.
Specifying endpoint connectivity in the EVPN/VXLAN fabric¶
After the previous section, all VRFs and VLANs across the fabric are now defined. The ansible-avd-examples/single-dc-l3ls/group_vars/CONNECTED_ENDPOINTS/connected_endpoints.yml file specifies the connectivity for all endpoints in the fabric (typically servers):
connected_endpoints.yml
---
# Definition of connected endpoints in the fabric.
servers:
# Name of the defined server.
- name: dc1-leaf1-server1
# Definition of adapters on the server.
adapters:
# Name of the server interfaces that will be used in the description of each interface
- endpoint_ports: [PCI1, PCI2]
# Device ports where the server ports are connected.
switch_ports: [Ethernet5, Ethernet5]
# Device names where the server ports are connected.
switches: [dc1-leaf1a, dc1-leaf1b]
# VLANs that will be configured on these ports.
vlans: 11-12,21-22
# Native VLAN to be used on these ports.
native_vlan: 4092
# L2 mode of the port.
mode: trunk
# Spanning tree portfast configuration on this port.
spanning_tree_portfast: edge
# Definition of the pair of ports as port channel.
port_channel:
# The port-channel name on the endpoint that will be used in the port-channel description.
endpoint_port_channel: Bond1
# Port channel mode for LACP.
mode: active
- endpoint_ports: [iLO]
switch_ports: [Ethernet5]
switches: [dc1-leaf1c]
vlans: 11
mode: access
spanning_tree_portfast: edge
- name: dc1-leaf2-server1
adapters:
- endpoint_ports: [PCI1, PCI2]
switch_ports: [Ethernet5, Ethernet5]
switches: [dc1-leaf2a, dc1-leaf2b]
vlans: 11-12,21-22
native_vlan: 4092
mode: trunk
spanning_tree_portfast: edge
port_channel:
mode: active
- endpoint_ports: [iLO]
switch_ports: [Ethernet5]
switches: [dc1-leaf2c]
vlans: 11
mode: access
spanning_tree_portfast: edge
The playbooks¶
In this example, three playbooks are included, of which two must be used:
- The first playbook
build.ymlis mandatory and is used to build the structured configuration, documentation and finally the actual EOS CLI configuration. - The second playbook is a choice between:
deploy.ymlto deploy the configurations generated bybuild.ymldirectly to the Arista switches using eAPI.deploy-cvp.ymlto deploy the configurations generated bybuild.ymlto the Arista switches using CloudVision.
The build.yml playbook looks like the following:
build.yml
---
# build.yml
- name: Build Configurations and Documentation
hosts: FABRIC
gather_facts: false
tasks:
- name: Generate AVD Structured Configurations and Fabric Documentation
ansible.builtin.import_role:
name: arista.avd.eos_designs
- name: Generate Device Configurations and Documentation
ansible.builtin.import_role:
name: arista.avd.eos_cli_config_gen
The deploy.yml playbook looks like the following:
deploy.yml
---
# deploy.yml
- name: Deploy Configurations to Devices using eAPI
hosts: FABRIC
gather_facts: false
tasks:
- name: Deploy Configurations to Devices
ansible.builtin.import_role:
name: arista.avd.eos_config_deploy_eapi
The deploy-cvp.yml playbook looks like the following:
deploy-cvp.yml
---
- name: Deploy Configurations to Devices Using CloudVision Portal
hosts: CLOUDVISION
gather_facts: false
connection: local
tasks:
- name: Deploy Configurations to CloudVision
ansible.builtin.import_role:
name: arista.avd.eos_config_deploy_cvp
vars:
cv_collection: v3
fabric_name: FABRIC
In addition, the arista.avd.eos_config_deploy_cvp collection performs the following actions:
- Reads the AVD inventory and builds the container topology in CloudVision
- Looks for configuration previously generated by arista.avd.eos_cli_config_gen and builds configlets list, one per device
- Looks for additional configlets to attach to either devices or containers
- Build configlets on CVP
- Create containers topology
- Move devices to the container
- Bind configlet to device
- Deploy Fabric configuration by running all pending tasks (optional, if execute_tasks == true)
Testing AVD output without a lab¶
Using the build.yml playbook without any actual devices is possible. The playbook will generate all the output (variables, configurations, documentation) but will not attempt to communicate with devices.
Please look through the folders and files described above to learn more about the output generated by AVD.
Playbook Run¶
To build the configuration files, run the playbook called build.yml.
After the playbook run finishes, EOS CLI intended configuration files were written to intended/configs.
To build and deploy the configurations to your switches directly, using eAPI, run the playbook called deploy.yml. This assumes that your Ansible host has access and authentication rights to the switches. Those auth variables are defined in FABRIC.yml.
To build and deploy the configurations to your switches using CloudVision Portal, run the playbook called deploy-cvp.yml. This assumes that your CloudVision Portal server has access and authentication rights to the switches. Those auth variables are defined in FABRIC.yml.
### Deploy Configurations to Devices Using CloudVision Portal
ansible-playbook playbooks/deploy-cvp.yml
EOS Intended Configurations¶
Your configuration files should be similar to these.
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-spine1
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode none
!
vrf instance MGMT
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Ethernet1
description P2P_dc1-leaf1a_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.0/31
!
interface Ethernet2
description P2P_dc1-leaf1b_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.4/31
!
interface Ethernet3
description P2P_dc1-leaf2a_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.8/31
!
interface Ethernet4
description P2P_dc1-leaf2b_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.12/31
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.1/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.11/24
!
ip routing
no ip routing vrf MGMT
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65100
router-id 10.255.0.1
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS next-hop-unchanged
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor 10.255.0.3 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.3 remote-as 65101
neighbor 10.255.0.3 description dc1-leaf1a_Loopback0
neighbor 10.255.0.4 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.4 remote-as 65101
neighbor 10.255.0.4 description dc1-leaf1b_Loopback0
neighbor 10.255.0.5 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.5 remote-as 65102
neighbor 10.255.0.5 description dc1-leaf2a_Loopback0
neighbor 10.255.0.6 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.6 remote-as 65102
neighbor 10.255.0.6 description dc1-leaf2b_Loopback0
neighbor 10.255.255.1 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.1 remote-as 65101
neighbor 10.255.255.1 description dc1-leaf1a_Ethernet1
neighbor 10.255.255.5 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.5 remote-as 65101
neighbor 10.255.255.5 description dc1-leaf1b_Ethernet1
neighbor 10.255.255.9 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.9 remote-as 65102
neighbor 10.255.255.9 description dc1-leaf2a_Ethernet1
neighbor 10.255.255.13 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.13 remote-as 65102
neighbor 10.255.255.13 description dc1-leaf2b_Ethernet1
redistribute connected route-map RM-CONN-2-BGP
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-spine2
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode none
!
vrf instance MGMT
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Ethernet1
description P2P_dc1-leaf1a_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.2/31
!
interface Ethernet2
description P2P_dc1-leaf1b_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.6/31
!
interface Ethernet3
description P2P_dc1-leaf2a_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.10/31
!
interface Ethernet4
description P2P_dc1-leaf2b_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.14/31
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.2/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.12/24
!
ip routing
no ip routing vrf MGMT
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65100
router-id 10.255.0.2
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS next-hop-unchanged
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor 10.255.0.3 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.3 remote-as 65101
neighbor 10.255.0.3 description dc1-leaf1a_Loopback0
neighbor 10.255.0.4 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.4 remote-as 65101
neighbor 10.255.0.4 description dc1-leaf1b_Loopback0
neighbor 10.255.0.5 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.5 remote-as 65102
neighbor 10.255.0.5 description dc1-leaf2a_Loopback0
neighbor 10.255.0.6 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.6 remote-as 65102
neighbor 10.255.0.6 description dc1-leaf2b_Loopback0
neighbor 10.255.255.3 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.3 remote-as 65101
neighbor 10.255.255.3 description dc1-leaf1a_Ethernet2
neighbor 10.255.255.7 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.7 remote-as 65101
neighbor 10.255.255.7 description dc1-leaf1b_Ethernet2
neighbor 10.255.255.11 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.11 remote-as 65102
neighbor 10.255.255.11 description dc1-leaf2a_Ethernet2
neighbor 10.255.255.15 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.15 remote-as 65102
neighbor 10.255.255.15 description dc1-leaf2b_Ethernet2
redistribute connected route-map RM-CONN-2-BGP
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf1a
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3009
name MLAG_L3_VRF_VRF10
trunk group MLAG
!
vlan 3010
name MLAG_L3_VRF_VRF11
trunk group MLAG
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vlan 4093
name MLAG_L3
trunk group MLAG
!
vlan 4094
name MLAG
trunk group MLAG
!
vrf instance MGMT
!
vrf instance VRF10
!
vrf instance VRF11
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel3
description MLAG_dc1-leaf1b_Port-Channel3
no shutdown
switchport mode trunk
switchport trunk group MLAG
switchport
!
interface Port-Channel5
description SERVER_dc1-leaf1-server1_Bond1
no shutdown
switchport trunk native vlan 4092
switchport trunk allowed vlan 11-12,21-22
switchport mode trunk
switchport
mlag 5
spanning-tree portfast
!
interface Port-Channel8
description L2_dc1-leaf1c_Port-Channel1
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
mlag 8
!
interface Ethernet1
description P2P_dc1-spine1_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.1/31
!
interface Ethernet2
description P2P_dc1-spine2_Ethernet1
no shutdown
mtu 1500
no switchport
ip address 10.255.255.3/31
!
interface Ethernet3
description MLAG_dc1-leaf1b_Ethernet3
no shutdown
channel-group 3 mode active
!
interface Ethernet4
description MLAG_dc1-leaf1b_Ethernet4
no shutdown
channel-group 3 mode active
!
interface Ethernet5
description SERVER_dc1-leaf1-server1_PCI1
no shutdown
channel-group 5 mode active
!
interface Ethernet8
description L2_dc1-leaf1c_Ethernet1
no shutdown
channel-group 8 mode active
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.3/32
!
interface Loopback1
description VXLAN_TUNNEL_SOURCE
no shutdown
ip address 10.255.1.3/32
!
interface Loopback10
description DIAG_VRF_VRF10
no shutdown
vrf VRF10
ip address 10.255.10.3/32
!
interface Loopback11
description DIAG_VRF_VRF11
no shutdown
vrf VRF11
ip address 10.255.11.3/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.101/24
!
interface Vlan11
description VRF10_VLAN11
no shutdown
vrf VRF10
ip address virtual 10.10.11.1/24
!
interface Vlan12
description VRF10_VLAN12
no shutdown
vrf VRF10
ip address virtual 10.10.12.1/24
!
interface Vlan21
description VRF11_VLAN21
no shutdown
vrf VRF11
ip address virtual 10.10.21.1/24
!
interface Vlan22
description VRF11_VLAN22
no shutdown
vrf VRF11
ip address virtual 10.10.22.1/24
!
interface Vlan3009
description MLAG_L3_VRF_VRF10
no shutdown
mtu 1500
vrf VRF10
ip address 10.255.1.96/31
!
interface Vlan3010
description MLAG_L3_VRF_VRF11
no shutdown
mtu 1500
vrf VRF11
ip address 10.255.1.96/31
!
interface Vlan4093
description MLAG_L3
no shutdown
mtu 1500
ip address 10.255.1.96/31
!
interface Vlan4094
description MLAG
no shutdown
mtu 1500
no autostate
ip address 10.255.1.64/31
!
interface Vxlan1
description dc1-leaf1a_VTEP
vxlan source-interface Loopback1
vxlan virtual-router encapsulation mac-address mlag-system-id
vxlan udp-port 4789
vxlan vlan 11 vni 10011
vxlan vlan 12 vni 10012
vxlan vlan 21 vni 10021
vxlan vlan 22 vni 10022
vxlan vlan 3401 vni 13401
vxlan vlan 3402 vni 13402
vxlan vrf VRF10 vni 10
vxlan vrf VRF11 vni 11
!
ip virtual-router mac-address 00:1c:73:00:00:99
!
ip address virtual source-nat vrf VRF10 address 10.255.10.3
ip address virtual source-nat vrf VRF11 address 10.255.11.3
!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF10
ip routing vrf VRF11
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
seq 20 permit 10.255.1.0/27 eq 32
!
ip prefix-list PL-MLAG-PEER-VRFS
seq 10 permit 10.255.1.96/31
!
mlag configuration
domain-id DC1_L3_LEAF1
local-interface Vlan4094
peer-address 10.255.1.65
peer-link Port-Channel3
reload-delay mlag 300
reload-delay non-mlag 330
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
route-map RM-CONN-2-BGP-VRFS deny 10
match ip address prefix-list PL-MLAG-PEER-VRFS
!
route-map RM-CONN-2-BGP-VRFS permit 20
!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65101
router-id 10.255.0.3
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor MLAG-IPv4-UNDERLAY-PEER peer group
neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65101
neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
neighbor MLAG-IPv4-UNDERLAY-PEER description dc1-leaf1b
neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
neighbor MLAG-IPv4-UNDERLAY-PEER password 7 4b21pAdCvWeAqpcKDFMdWw==
neighbor MLAG-IPv4-UNDERLAY-PEER send-community
neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65100
neighbor 10.255.0.1 description dc1-spine1_Loopback0
neighbor 10.255.0.2 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.2 remote-as 65100
neighbor 10.255.0.2 description dc1-spine2_Loopback0
neighbor 10.255.1.97 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.97 description dc1-leaf1b_Vlan4093
neighbor 10.255.255.0 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.0 remote-as 65100
neighbor 10.255.255.0 description dc1-spine1_Ethernet1
neighbor 10.255.255.2 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.2 remote-as 65100
neighbor 10.255.255.2 description dc1-spine2_Ethernet1
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
rd 10.255.0.3:10011
route-target both 10011:10011
redistribute learned
!
vlan 12
rd 10.255.0.3:10012
route-target both 10012:10012
redistribute learned
!
vlan 21
rd 10.255.0.3:10021
route-target both 10021:10021
redistribute learned
!
vlan 22
rd 10.255.0.3:10022
route-target both 10022:10022
redistribute learned
!
vlan 3401
rd 10.255.0.3:13401
route-target both 13401:13401
redistribute learned
!
vlan 3402
rd 10.255.0.3:13402
route-target both 13402:13402
redistribute learned
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
neighbor MLAG-IPv4-UNDERLAY-PEER activate
!
vrf VRF10
rd 10.255.0.3:10
route-target import evpn 10:10
route-target export evpn 10:10
router-id 10.255.0.3
neighbor 10.255.1.97 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.97 description dc1-leaf1b_Vlan3009
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
vrf VRF11
rd 10.255.0.3:11
route-target import evpn 11:11
route-target export evpn 11:11
router-id 10.255.0.3
neighbor 10.255.1.97 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.97 description dc1-leaf1b_Vlan3010
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf1b
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3009
name MLAG_L3_VRF_VRF10
trunk group MLAG
!
vlan 3010
name MLAG_L3_VRF_VRF11
trunk group MLAG
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vlan 4093
name MLAG_L3
trunk group MLAG
!
vlan 4094
name MLAG
trunk group MLAG
!
vrf instance MGMT
!
vrf instance VRF10
!
vrf instance VRF11
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel3
description MLAG_dc1-leaf1a_Port-Channel3
no shutdown
switchport mode trunk
switchport trunk group MLAG
switchport
!
interface Port-Channel5
description SERVER_dc1-leaf1-server1_Bond1
no shutdown
switchport trunk native vlan 4092
switchport trunk allowed vlan 11-12,21-22
switchport mode trunk
switchport
mlag 5
spanning-tree portfast
!
interface Port-Channel8
description L2_dc1-leaf1c_Port-Channel1
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
mlag 8
!
interface Ethernet1
description P2P_dc1-spine1_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.5/31
!
interface Ethernet2
description P2P_dc1-spine2_Ethernet2
no shutdown
mtu 1500
no switchport
ip address 10.255.255.7/31
!
interface Ethernet3
description MLAG_dc1-leaf1a_Ethernet3
no shutdown
channel-group 3 mode active
!
interface Ethernet4
description MLAG_dc1-leaf1a_Ethernet4
no shutdown
channel-group 3 mode active
!
interface Ethernet5
description SERVER_dc1-leaf1-server1_PCI2
no shutdown
channel-group 5 mode active
!
interface Ethernet8
description L2_dc1-leaf1c_Ethernet2
no shutdown
channel-group 8 mode active
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.4/32
!
interface Loopback1
description VXLAN_TUNNEL_SOURCE
no shutdown
ip address 10.255.1.3/32
!
interface Loopback10
description DIAG_VRF_VRF10
no shutdown
vrf VRF10
ip address 10.255.10.4/32
!
interface Loopback11
description DIAG_VRF_VRF11
no shutdown
vrf VRF11
ip address 10.255.11.4/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.102/24
!
interface Vlan11
description VRF10_VLAN11
no shutdown
vrf VRF10
ip address virtual 10.10.11.1/24
!
interface Vlan12
description VRF10_VLAN12
no shutdown
vrf VRF10
ip address virtual 10.10.12.1/24
!
interface Vlan21
description VRF11_VLAN21
no shutdown
vrf VRF11
ip address virtual 10.10.21.1/24
!
interface Vlan22
description VRF11_VLAN22
no shutdown
vrf VRF11
ip address virtual 10.10.22.1/24
!
interface Vlan3009
description MLAG_L3_VRF_VRF10
no shutdown
mtu 1500
vrf VRF10
ip address 10.255.1.97/31
!
interface Vlan3010
description MLAG_L3_VRF_VRF11
no shutdown
mtu 1500
vrf VRF11
ip address 10.255.1.97/31
!
interface Vlan4093
description MLAG_L3
no shutdown
mtu 1500
ip address 10.255.1.97/31
!
interface Vlan4094
description MLAG
no shutdown
mtu 1500
no autostate
ip address 10.255.1.65/31
!
interface Vxlan1
description dc1-leaf1b_VTEP
vxlan source-interface Loopback1
vxlan virtual-router encapsulation mac-address mlag-system-id
vxlan udp-port 4789
vxlan vlan 11 vni 10011
vxlan vlan 12 vni 10012
vxlan vlan 21 vni 10021
vxlan vlan 22 vni 10022
vxlan vlan 3401 vni 13401
vxlan vlan 3402 vni 13402
vxlan vrf VRF10 vni 10
vxlan vrf VRF11 vni 11
!
ip virtual-router mac-address 00:1c:73:00:00:99
!
ip address virtual source-nat vrf VRF10 address 10.255.10.4
ip address virtual source-nat vrf VRF11 address 10.255.11.4
!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF10
ip routing vrf VRF11
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
seq 20 permit 10.255.1.0/27 eq 32
!
ip prefix-list PL-MLAG-PEER-VRFS
seq 10 permit 10.255.1.96/31
!
mlag configuration
domain-id DC1_L3_LEAF1
local-interface Vlan4094
peer-address 10.255.1.64
peer-link Port-Channel3
reload-delay mlag 300
reload-delay non-mlag 330
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
route-map RM-CONN-2-BGP-VRFS deny 10
match ip address prefix-list PL-MLAG-PEER-VRFS
!
route-map RM-CONN-2-BGP-VRFS permit 20
!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65101
router-id 10.255.0.4
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor MLAG-IPv4-UNDERLAY-PEER peer group
neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65101
neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
neighbor MLAG-IPv4-UNDERLAY-PEER description dc1-leaf1a
neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
neighbor MLAG-IPv4-UNDERLAY-PEER password 7 4b21pAdCvWeAqpcKDFMdWw==
neighbor MLAG-IPv4-UNDERLAY-PEER send-community
neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65100
neighbor 10.255.0.1 description dc1-spine1_Loopback0
neighbor 10.255.0.2 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.2 remote-as 65100
neighbor 10.255.0.2 description dc1-spine2_Loopback0
neighbor 10.255.1.96 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.96 description dc1-leaf1a_Vlan4093
neighbor 10.255.255.4 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.4 remote-as 65100
neighbor 10.255.255.4 description dc1-spine1_Ethernet2
neighbor 10.255.255.6 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.6 remote-as 65100
neighbor 10.255.255.6 description dc1-spine2_Ethernet2
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
rd 10.255.0.4:10011
route-target both 10011:10011
redistribute learned
!
vlan 12
rd 10.255.0.4:10012
route-target both 10012:10012
redistribute learned
!
vlan 21
rd 10.255.0.4:10021
route-target both 10021:10021
redistribute learned
!
vlan 22
rd 10.255.0.4:10022
route-target both 10022:10022
redistribute learned
!
vlan 3401
rd 10.255.0.4:13401
route-target both 13401:13401
redistribute learned
!
vlan 3402
rd 10.255.0.4:13402
route-target both 13402:13402
redistribute learned
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
neighbor MLAG-IPv4-UNDERLAY-PEER activate
!
vrf VRF10
rd 10.255.0.4:10
route-target import evpn 10:10
route-target export evpn 10:10
router-id 10.255.0.4
neighbor 10.255.1.96 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.96 description dc1-leaf1a_Vlan3009
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
vrf VRF11
rd 10.255.0.4:11
route-target import evpn 11:11
route-target export evpn 11:11
router-id 10.255.0.4
neighbor 10.255.1.96 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.96 description dc1-leaf1a_Vlan3010
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf1c
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
spanning-tree mst 0 priority 32768
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vrf instance MGMT
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel1
description L2_DC1_L3_LEAF1_Port-Channel8
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
!
interface Ethernet1
description L2_dc1-leaf1a_Ethernet8
no shutdown
channel-group 1 mode active
!
interface Ethernet2
description L2_dc1-leaf1b_Ethernet8
no shutdown
channel-group 1 mode active
!
interface Ethernet5
description SERVER_dc1-leaf1-server1_iLO
no shutdown
switchport access vlan 11
switchport mode access
switchport
spanning-tree portfast
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.151/24
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf2a
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3009
name MLAG_L3_VRF_VRF10
trunk group MLAG
!
vlan 3010
name MLAG_L3_VRF_VRF11
trunk group MLAG
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vlan 4093
name MLAG_L3
trunk group MLAG
!
vlan 4094
name MLAG
trunk group MLAG
!
vrf instance MGMT
!
vrf instance VRF10
!
vrf instance VRF11
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel3
description MLAG_dc1-leaf2b_Port-Channel3
no shutdown
switchport mode trunk
switchport trunk group MLAG
switchport
!
interface Port-Channel5
description SERVER_dc1-leaf2-server1
no shutdown
switchport trunk native vlan 4092
switchport trunk allowed vlan 11-12,21-22
switchport mode trunk
switchport
mlag 5
spanning-tree portfast
!
interface Port-Channel8
description L2_dc1-leaf2c_Port-Channel1
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
mlag 8
!
interface Ethernet1
description P2P_dc1-spine1_Ethernet3
no shutdown
mtu 1500
no switchport
ip address 10.255.255.9/31
!
interface Ethernet2
description P2P_dc1-spine2_Ethernet3
no shutdown
mtu 1500
no switchport
ip address 10.255.255.11/31
!
interface Ethernet3
description MLAG_dc1-leaf2b_Ethernet3
no shutdown
channel-group 3 mode active
!
interface Ethernet4
description MLAG_dc1-leaf2b_Ethernet4
no shutdown
channel-group 3 mode active
!
interface Ethernet5
description SERVER_dc1-leaf2-server1_PCI1
no shutdown
channel-group 5 mode active
!
interface Ethernet8
description L2_dc1-leaf2c_Ethernet1
no shutdown
channel-group 8 mode active
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.5/32
!
interface Loopback1
description VXLAN_TUNNEL_SOURCE
no shutdown
ip address 10.255.1.5/32
!
interface Loopback10
description DIAG_VRF_VRF10
no shutdown
vrf VRF10
ip address 10.255.10.5/32
!
interface Loopback11
description DIAG_VRF_VRF11
no shutdown
vrf VRF11
ip address 10.255.11.5/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.103/24
!
interface Vlan11
description VRF10_VLAN11
no shutdown
vrf VRF10
ip address virtual 10.10.11.1/24
!
interface Vlan12
description VRF10_VLAN12
no shutdown
vrf VRF10
ip address virtual 10.10.12.1/24
!
interface Vlan21
description VRF11_VLAN21
no shutdown
vrf VRF11
ip address virtual 10.10.21.1/24
!
interface Vlan22
description VRF11_VLAN22
no shutdown
vrf VRF11
ip address virtual 10.10.22.1/24
!
interface Vlan3009
description MLAG_L3_VRF_VRF10
no shutdown
mtu 1500
vrf VRF10
ip address 10.255.1.100/31
!
interface Vlan3010
description MLAG_L3_VRF_VRF11
no shutdown
mtu 1500
vrf VRF11
ip address 10.255.1.100/31
!
interface Vlan4093
description MLAG_L3
no shutdown
mtu 1500
ip address 10.255.1.100/31
!
interface Vlan4094
description MLAG
no shutdown
mtu 1500
no autostate
ip address 10.255.1.68/31
!
interface Vxlan1
description dc1-leaf2a_VTEP
vxlan source-interface Loopback1
vxlan virtual-router encapsulation mac-address mlag-system-id
vxlan udp-port 4789
vxlan vlan 11 vni 10011
vxlan vlan 12 vni 10012
vxlan vlan 21 vni 10021
vxlan vlan 22 vni 10022
vxlan vlan 3401 vni 13401
vxlan vlan 3402 vni 13402
vxlan vrf VRF10 vni 10
vxlan vrf VRF11 vni 11
!
ip virtual-router mac-address 00:1c:73:00:00:99
!
ip address virtual source-nat vrf VRF10 address 10.255.10.5
ip address virtual source-nat vrf VRF11 address 10.255.11.5
!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF10
ip routing vrf VRF11
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
seq 20 permit 10.255.1.0/27 eq 32
!
ip prefix-list PL-MLAG-PEER-VRFS
seq 10 permit 10.255.1.100/31
!
mlag configuration
domain-id DC1_L3_LEAF2
local-interface Vlan4094
peer-address 10.255.1.69
peer-link Port-Channel3
reload-delay mlag 300
reload-delay non-mlag 330
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
route-map RM-CONN-2-BGP-VRFS deny 10
match ip address prefix-list PL-MLAG-PEER-VRFS
!
route-map RM-CONN-2-BGP-VRFS permit 20
!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65102
router-id 10.255.0.5
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor MLAG-IPv4-UNDERLAY-PEER peer group
neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65102
neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
neighbor MLAG-IPv4-UNDERLAY-PEER description dc1-leaf2b
neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
neighbor MLAG-IPv4-UNDERLAY-PEER password 7 4b21pAdCvWeAqpcKDFMdWw==
neighbor MLAG-IPv4-UNDERLAY-PEER send-community
neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65100
neighbor 10.255.0.1 description dc1-spine1_Loopback0
neighbor 10.255.0.2 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.2 remote-as 65100
neighbor 10.255.0.2 description dc1-spine2_Loopback0
neighbor 10.255.1.101 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.101 description dc1-leaf2b_Vlan4093
neighbor 10.255.255.8 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.8 remote-as 65100
neighbor 10.255.255.8 description dc1-spine1_Ethernet3
neighbor 10.255.255.10 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.10 remote-as 65100
neighbor 10.255.255.10 description dc1-spine2_Ethernet3
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
rd 10.255.0.5:10011
route-target both 10011:10011
redistribute learned
!
vlan 12
rd 10.255.0.5:10012
route-target both 10012:10012
redistribute learned
!
vlan 21
rd 10.255.0.5:10021
route-target both 10021:10021
redistribute learned
!
vlan 22
rd 10.255.0.5:10022
route-target both 10022:10022
redistribute learned
!
vlan 3401
rd 10.255.0.5:13401
route-target both 13401:13401
redistribute learned
!
vlan 3402
rd 10.255.0.5:13402
route-target both 13402:13402
redistribute learned
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
neighbor MLAG-IPv4-UNDERLAY-PEER activate
!
vrf VRF10
rd 10.255.0.5:10
route-target import evpn 10:10
route-target export evpn 10:10
router-id 10.255.0.5
neighbor 10.255.1.101 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.101 description dc1-leaf2b_Vlan3009
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
vrf VRF11
rd 10.255.0.5:11
route-target import evpn 11:11
route-target export evpn 11:11
router-id 10.255.0.5
neighbor 10.255.1.101 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.101 description dc1-leaf2b_Vlan3010
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf2b
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
no spanning-tree vlan-id 4093-4094
spanning-tree mst 0 priority 4096
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3009
name MLAG_L3_VRF_VRF10
trunk group MLAG
!
vlan 3010
name MLAG_L3_VRF_VRF11
trunk group MLAG
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vlan 4093
name MLAG_L3
trunk group MLAG
!
vlan 4094
name MLAG
trunk group MLAG
!
vrf instance MGMT
!
vrf instance VRF10
!
vrf instance VRF11
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel3
description MLAG_dc1-leaf2a_Port-Channel3
no shutdown
switchport mode trunk
switchport trunk group MLAG
switchport
!
interface Port-Channel5
description SERVER_dc1-leaf2-server1
no shutdown
switchport trunk native vlan 4092
switchport trunk allowed vlan 11-12,21-22
switchport mode trunk
switchport
mlag 5
spanning-tree portfast
!
interface Port-Channel8
description L2_dc1-leaf2c_Port-Channel1
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
mlag 8
!
interface Ethernet1
description P2P_dc1-spine1_Ethernet4
no shutdown
mtu 1500
no switchport
ip address 10.255.255.13/31
!
interface Ethernet2
description P2P_dc1-spine2_Ethernet4
no shutdown
mtu 1500
no switchport
ip address 10.255.255.15/31
!
interface Ethernet3
description MLAG_dc1-leaf2a_Ethernet3
no shutdown
channel-group 3 mode active
!
interface Ethernet4
description MLAG_dc1-leaf2a_Ethernet4
no shutdown
channel-group 3 mode active
!
interface Ethernet5
description SERVER_dc1-leaf2-server1_PCI2
no shutdown
channel-group 5 mode active
!
interface Ethernet8
description L2_dc1-leaf2c_Ethernet2
no shutdown
channel-group 8 mode active
!
interface Loopback0
description ROUTER_ID
no shutdown
ip address 10.255.0.6/32
!
interface Loopback1
description VXLAN_TUNNEL_SOURCE
no shutdown
ip address 10.255.1.5/32
!
interface Loopback10
description DIAG_VRF_VRF10
no shutdown
vrf VRF10
ip address 10.255.10.6/32
!
interface Loopback11
description DIAG_VRF_VRF11
no shutdown
vrf VRF11
ip address 10.255.11.6/32
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.104/24
!
interface Vlan11
description VRF10_VLAN11
no shutdown
vrf VRF10
ip address virtual 10.10.11.1/24
!
interface Vlan12
description VRF10_VLAN12
no shutdown
vrf VRF10
ip address virtual 10.10.12.1/24
!
interface Vlan21
description VRF11_VLAN21
no shutdown
vrf VRF11
ip address virtual 10.10.21.1/24
!
interface Vlan22
description VRF11_VLAN22
no shutdown
vrf VRF11
ip address virtual 10.10.22.1/24
!
interface Vlan3009
description MLAG_L3_VRF_VRF10
no shutdown
mtu 1500
vrf VRF10
ip address 10.255.1.101/31
!
interface Vlan3010
description MLAG_L3_VRF_VRF11
no shutdown
mtu 1500
vrf VRF11
ip address 10.255.1.101/31
!
interface Vlan4093
description MLAG_L3
no shutdown
mtu 1500
ip address 10.255.1.101/31
!
interface Vlan4094
description MLAG
no shutdown
mtu 1500
no autostate
ip address 10.255.1.69/31
!
interface Vxlan1
description dc1-leaf2b_VTEP
vxlan source-interface Loopback1
vxlan virtual-router encapsulation mac-address mlag-system-id
vxlan udp-port 4789
vxlan vlan 11 vni 10011
vxlan vlan 12 vni 10012
vxlan vlan 21 vni 10021
vxlan vlan 22 vni 10022
vxlan vlan 3401 vni 13401
vxlan vlan 3402 vni 13402
vxlan vrf VRF10 vni 10
vxlan vrf VRF11 vni 11
!
ip virtual-router mac-address 00:1c:73:00:00:99
!
ip address virtual source-nat vrf VRF10 address 10.255.10.6
ip address virtual source-nat vrf VRF11 address 10.255.11.6
!
ip routing
no ip routing vrf MGMT
ip routing vrf VRF10
ip routing vrf VRF11
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 10.255.0.0/27 eq 32
seq 20 permit 10.255.1.0/27 eq 32
!
ip prefix-list PL-MLAG-PEER-VRFS
seq 10 permit 10.255.1.100/31
!
mlag configuration
domain-id DC1_L3_LEAF2
local-interface Vlan4094
peer-address 10.255.1.68
peer-link Port-Channel3
reload-delay mlag 300
reload-delay non-mlag 330
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
route-map RM-CONN-2-BGP permit 10
match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
!
route-map RM-CONN-2-BGP-VRFS deny 10
match ip address prefix-list PL-MLAG-PEER-VRFS
!
route-map RM-CONN-2-BGP-VRFS permit 20
!
route-map RM-MLAG-PEER-IN permit 10
description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
set origin incomplete
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65102
router-id 10.255.0.6
no bgp default ipv4-unicast
maximum-paths 4 ecmp 4
neighbor EVPN-OVERLAY-PEERS peer group
neighbor EVPN-OVERLAY-PEERS update-source Loopback0
neighbor EVPN-OVERLAY-PEERS bfd
neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
neighbor EVPN-OVERLAY-PEERS password 7 Q4fqtbqcZ7oQuKfuWtNGRQ==
neighbor EVPN-OVERLAY-PEERS send-community
neighbor EVPN-OVERLAY-PEERS maximum-routes 0
neighbor IPv4-UNDERLAY-PEERS peer group
neighbor IPv4-UNDERLAY-PEERS password 7 7x4B4rnJhZB438m9+BrBfQ==
neighbor IPv4-UNDERLAY-PEERS send-community
neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
neighbor MLAG-IPv4-UNDERLAY-PEER peer group
neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65102
neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
neighbor MLAG-IPv4-UNDERLAY-PEER description dc1-leaf2a
neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
neighbor MLAG-IPv4-UNDERLAY-PEER password 7 4b21pAdCvWeAqpcKDFMdWw==
neighbor MLAG-IPv4-UNDERLAY-PEER send-community
neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000
neighbor 10.255.0.1 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.1 remote-as 65100
neighbor 10.255.0.1 description dc1-spine1_Loopback0
neighbor 10.255.0.2 peer group EVPN-OVERLAY-PEERS
neighbor 10.255.0.2 remote-as 65100
neighbor 10.255.0.2 description dc1-spine2_Loopback0
neighbor 10.255.1.100 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.100 description dc1-leaf2a_Vlan4093
neighbor 10.255.255.12 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.12 remote-as 65100
neighbor 10.255.255.12 description dc1-spine1_Ethernet4
neighbor 10.255.255.14 peer group IPv4-UNDERLAY-PEERS
neighbor 10.255.255.14 remote-as 65100
neighbor 10.255.255.14 description dc1-spine2_Ethernet4
redistribute connected route-map RM-CONN-2-BGP
!
vlan 11
rd 10.255.0.6:10011
route-target both 10011:10011
redistribute learned
!
vlan 12
rd 10.255.0.6:10012
route-target both 10012:10012
redistribute learned
!
vlan 21
rd 10.255.0.6:10021
route-target both 10021:10021
redistribute learned
!
vlan 22
rd 10.255.0.6:10022
route-target both 10022:10022
redistribute learned
!
vlan 3401
rd 10.255.0.6:13401
route-target both 13401:13401
redistribute learned
!
vlan 3402
rd 10.255.0.6:13402
route-target both 13402:13402
redistribute learned
!
address-family evpn
neighbor EVPN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor EVPN-OVERLAY-PEERS activate
neighbor IPv4-UNDERLAY-PEERS activate
neighbor MLAG-IPv4-UNDERLAY-PEER activate
!
vrf VRF10
rd 10.255.0.6:10
route-target import evpn 10:10
route-target export evpn 10:10
router-id 10.255.0.6
neighbor 10.255.1.100 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.100 description dc1-leaf2a_Vlan3009
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
vrf VRF11
rd 10.255.0.6:11
route-target import evpn 11:11
route-target export evpn 11:11
router-id 10.255.0.6
neighbor 10.255.1.100 peer group MLAG-IPv4-UNDERLAY-PEER
neighbor 10.255.1.100 description dc1-leaf2a_Vlan3010
redistribute connected route-map RM-CONN-2-BGP-VRFS
!
end
!
no enable password
no aaa root
!
username admin privilege 15 role network-admin nopassword
username ansible privilege 15 role network-admin secret sha512 $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920
!
daemon TerminAttr
exec /usr/bin/TerminAttr -cvaddr=192.168.1.12:9910 -cvauth=token,/tmp/token -cvvrf=MGMT -disableaaa -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
no shutdown
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname dc1-leaf2c
ip name-server vrf MGMT 192.168.1.1
!
spanning-tree mode mstp
spanning-tree mst 0 priority 32768
!
vlan 11
name VRF10_VLAN11
!
vlan 12
name VRF10_VLAN12
!
vlan 21
name VRF11_VLAN21
!
vlan 22
name VRF11_VLAN22
!
vlan 3401
name L2_VLAN3401
!
vlan 3402
name L2_VLAN3402
!
vrf instance MGMT
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
interface Port-Channel1
description L2_DC1_L3_LEAF2_Port-Channel8
no shutdown
switchport trunk allowed vlan 11-12,21-22,3401-3402
switchport mode trunk
switchport
!
interface Ethernet1
description L2_dc1-leaf2a_Ethernet8
no shutdown
channel-group 1 mode active
!
interface Ethernet2
description L2_dc1-leaf2b_Ethernet8
no shutdown
channel-group 1 mode active
!
interface Ethernet5
description SERVER_dc1-leaf2-server1_iLO
no shutdown
switchport access vlan 11
switchport mode access
switchport
spanning-tree portfast
!
interface Management1
description OOB_MANAGEMENT
no shutdown
vrf MGMT
ip address 172.16.1.152/24
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 172.16.1.1
!
ntp local-interface vrf MGMT Management1
ntp server vrf MGMT 0.pool.ntp.org prefer
!
end
The execution of the playbook should produce the following output:
user@ubuntu:~/ansible-avd-examples/single-dc-l3ls$ ansible-playbook build.yml
PLAY [Run AVD] *****************************************************************************************************************************************************************************
TASK [arista.avd.eos_designs : Collection arista.avd version 4.0.0 loaded from /home/user/.ansible/collections/ansible_collections] ******************************************************
ok: [dc1-leaf1a]
TASK [arista.avd.eos_designs : Create required output directories if not present] **********************************************************************************************************
ok: [dc1-leaf1a -> localhost] => (item=/home/user/Documents/git_projects/ansible-avd-examples/single-dc-l3ls/intended/structured_configs)
ok: [dc1-leaf1a -> localhost] => (item=/home/user/Documents/git_projects/ansible-avd-examples/single-dc-l3ls/documentation/fabric)
(...)
If similar output is not shown, make sure:
- The documented requirements are met.
- The latest
arista.avdcollection is installed.
Troubleshooting¶
EVPN not working¶
If after doing the following steps:
- Manually copy/paste the switch-basic-configuration to the devices.
- Run the playbook and push the generated configuration to the fabric.
- Log in to a leaf device, for example, dc1-leaf1a and run the command
show bgp evpn summaryto view EVPN routes.
The following error message is shown:
This is caused by AVD pushing the configuration line service routing protocols model multi-agent, which enables the multi-agent routing process supporting EVPN. This change requires a reboot of the device.