├── .gitignore ├── LICENSE ├── README.md ├── clab-clos ├── ansible-inventory.yml ├── authorized_keys ├── ext │ └── flash │ │ ├── startup-config │ │ └── system_mac_address ├── leaf1 │ └── flash │ │ ├── startup-config │ │ └── system_mac_address ├── leaf2 │ └── flash │ │ ├── startup-config │ │ └── system_mac_address ├── leaf3 │ └── flash │ │ ├── startup-config │ │ └── system_mac_address ├── leaf4 │ └── flash │ │ ├── startup-config │ │ └── system_mac_address ├── spine1 │ └── flash │ │ ├── startup-config │ │ └── system_mac_address └── spine2 │ └── flash │ ├── startup-config │ └── system_mac_address ├── clos.clab.yaml ├── clos_config ├── ext.cfg ├── inventory.yaml ├── leaf1.cfg ├── leaf2.cfg ├── leaf3.cfg ├── leaf4.cfg ├── spine1.cfg └── spine2.cfg ├── configs ├── post │ ├── cicd-pdx-rtr-eos-01.cfg │ ├── cicd-pdx-rtr-eos-02.cfg │ ├── cicd-pdx-rtr-eos-03.cfg │ └── cicd-pdx-rtr-eos-04.cfg └── pre │ ├── cicd-pdx-rtr-eos-01.cfg │ ├── cicd-pdx-rtr-eos-02.cfg │ ├── cicd-pdx-rtr-eos-03.cfg │ └── cicd-pdx-rtr-eos-04.cfg ├── deploy.py ├── images └── topo.png ├── mikro.clab.yaml ├── net.clab.yaml ├── nornir_settings └── config.yaml ├── requirements.txt └── tools.py /.gitignore: -------------------------------------------------------------------------------- 1 | .net.clab.yaml 2 | .mikro.clab.yaml 3 | .clos.clab.yaml 4 | cicd/ 5 | clab-mikro/ 6 | clab-clos/ 7 | junos-lic 8 | nornir.log 9 | 10 | # Byte-compiled / optimized / DLL files 11 | __pycache__/ 12 | *.py[cod] 13 | *$py.class 14 | 15 | # C extensions 16 | *.so 17 | 18 | # Distribution / packaging 19 | .Python 20 | build/ 21 | develop-eggs/ 22 | dist/ 23 | downloads/ 24 | eggs/ 25 | .eggs/ 26 | lib/ 27 | lib64/ 28 | parts/ 29 | sdist/ 30 | var/ 31 | wheels/ 32 | pip-wheel-metadata/ 33 | share/python-wheels/ 34 | *.egg-info/ 35 | .installed.cfg 36 | *.egg 37 | MANIFEST 38 | 39 | # PyInstaller 40 | # Usually these files are written by a python script from a template 41 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 42 | *.manifest 43 | *.spec 44 | 45 | # Installer logs 46 | pip-log.txt 47 | pip-delete-this-directory.txt 48 | 49 | # Unit test / coverage reports 50 | htmlcov/ 51 | .tox/ 52 | .nox/ 53 | .coverage 54 | .coverage.* 55 | .cache 56 | nosetests.xml 57 | coverage.xml 58 | *.cover 59 | *.py,cover 60 | .hypothesis/ 61 | .pytest_cache/ 62 | 63 | # Translations 64 | *.mo 65 | *.pot 66 | 67 | # Django stuff: 68 | *.log 69 | local_settings.py 70 | db.sqlite3 71 | db.sqlite3-journal 72 | 73 | # Flask stuff: 74 | instance/ 75 | .webassets-cache 76 | 77 | # Scrapy stuff: 78 | .scrapy 79 | 80 | # Sphinx documentation 81 | docs/_build/ 82 | 83 | # PyBuilder 84 | target/ 85 | 86 | # Jupyter Notebook 87 | .ipynb_checkpoints 88 | 89 | # IPython 90 | profile_default/ 91 | ipython_config.py 92 | 93 | # pyenv 94 | .python-version 95 | 96 | # pipenv 97 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 98 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 99 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 100 | # install all needed dependencies. 101 | #Pipfile.lock 102 | 103 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 104 | __pypackages__/ 105 | 106 | # Celery stuff 107 | celerybeat-schedule 108 | celerybeat.pid 109 | 110 | # SageMath parsed files 111 | *.sage.py 112 | 113 | # Environments 114 | .env 115 | .venv 116 | env/ 117 | venv/ 118 | ENV/ 119 | env.bak/ 120 | venv.bak/ 121 | 122 | # Spyder project settings 123 | .spyderproject 124 | .spyproject 125 | 126 | # Rope project settings 127 | .ropeproject 128 | 129 | # mkdocs documentation 130 | /site 131 | 132 | # mypy 133 | .mypy_cache/ 134 | .dmypy.json 135 | dmypy.json 136 | 137 | # Pyre type checker 138 | .pyre/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 JulioPDX 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Learning a Little about Containerlab 2 | 3 | Hello all. This is the respository based on this [blog post](https://juliopdx.com/2021/12/10/my-journey-and-experience-with-containerlab/) and this [one](https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/)!. 4 | 5 | ## Getting Started 6 | 7 | Feel free to use this example. You will need access to the same version of cEOS image I used. If you use another version, just make sure those changes are reflected in the `net.clab.yaml` file, as well as any configuration differences in the `/configs/post` directory. 8 | 9 | ## Installing requirements 10 | 11 | ```bash 12 | # Downlad and install Containerlab 13 | bash -c "$(curl -sL https://get-clab.srlinux.dev)" 14 | python3 -m venv venv 15 | source venv/bin/activate 16 | pip install -r requirements.txt 17 | ``` 18 | 19 | ## Deploy topology 20 | 21 | ```bash 22 | sudo containerlab deploy -t net.clab.yaml 23 | ``` 24 | 25 | ## Run Deployment Script 26 | 27 | You may need to alter the deployment script to point to the correct configuration files and inventory! 28 | 29 | ```bash 30 | python3 deploy.py 31 | ``` 32 | 33 | ## Deploying Clos Topology for VXLAN BGP EVPN 34 | 35 | ![Clos Topo](/images/topo.png) 36 | 37 | If you would like to work with the Clos topology, please follow these directions. Creating the python virtual environment is still required! Build is based on the great blog post by [David Varnum](https://overlaid.net/2019/01/27/arista-bgp-evpn-configuration-example/), although this one is a bit smaller! 38 | 39 | ## Deploy Clos Topology 40 | 41 | ```bash 42 | sudo containerlab deploy -t clos.clab.yaml 43 | ``` 44 | 45 | ## Configure Deployment 46 | 47 | If the startup configurations are not set, run the included python script to deploy the configurations. 48 | 49 | ```python 50 | (venv) juliopdx@drone:~/git/gcl$ python3 deploy.py 51 | deploy_network****************************************************************** 52 | * client1 ** changed : False *************************************************** 53 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 54 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 55 | * client2 ** changed : False *************************************************** 56 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 57 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 58 | * client3 ** changed : False *************************************************** 59 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 60 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 61 | * client4 ** changed : False *************************************************** 62 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 63 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 64 | * ext ** changed : False ******************************************************* 65 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 66 | ---- Configuring ext! ** changed : False --------------------------------------- INFO 67 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 68 | * leaf1 ** changed : False ***************************************************** 69 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 70 | ---- Configuring leaf1! ** changed : False ------------------------------------- INFO 71 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 72 | * leaf2 ** changed : False ***************************************************** 73 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 74 | ---- Configuring leaf2! ** changed : False ------------------------------------- INFO 75 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 76 | * leaf3 ** changed : False ***************************************************** 77 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 78 | ---- Configuring leaf3! ** changed : False ------------------------------------- INFO 79 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 80 | * leaf4 ** changed : False ***************************************************** 81 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 82 | ---- Configuring leaf4! ** changed : False ------------------------------------- INFO 83 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 84 | * spine1 ** changed : False **************************************************** 85 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 86 | ---- Configuring spine1! ** changed : False ------------------------------------ INFO 87 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 88 | * spine2 ** changed : False **************************************************** 89 | vvvv deploy_network ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO 90 | ---- Configuring spine2! ** changed : False ------------------------------------ INFO 91 | ^^^^ END deploy_network ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 92 | (venv) juliopdx@drone:~/git/gcl$ 93 | ``` 94 | 95 | In my case the deployments are already complete. Please note, you will still have to configure any client addresses. 96 | 97 | ## Check Neighbors 98 | 99 | ```bash 100 | (venv) juliopdx@drone:~/git/gcl$ ssh admin@spine1 101 | Password: 102 | spine1>en 103 | spine1#show ip bgp summary 104 | BGP summary information for VRF default 105 | Router identifier 10.0.250.1, local AS number 65000 106 | Neighbor Status Codes: m - Under maintenance 107 | Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc 108 | 10.0.1.1 4 65001 42 42 0 0 00:29:27 Estab 3 3 109 | 10.0.1.3 4 65001 44 43 0 0 00:29:26 Estab 3 3 110 | 10.0.1.5 4 65002 39 42 0 0 00:29:26 Estab 2 2 111 | 10.0.1.7 4 65002 40 40 0 0 00:29:27 Estab 2 2 112 | spine1#show bgp evpn summary 113 | BGP summary information for VRF default 114 | Router identifier 10.0.250.1, local AS number 65000 115 | Neighbor Status Codes: m - Under maintenance 116 | Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc 117 | 10.0.250.11 4 65001 44 53 0 0 00:29:52 Estab 2 2 118 | 10.0.250.12 4 65001 48 53 0 0 00:29:51 Estab 2 2 119 | 10.0.250.13 4 65002 47 54 0 0 00:29:49 Estab 4 4 120 | 10.0.250.14 4 65002 49 51 0 0 00:29:50 Estab 4 4 121 | spine1#exit 122 | Connection to spine1 closed. 123 | (venv) juliopdx@drone:~/git/gcl$ ssh admin@leaf1 124 | Password: 125 | leaf1>en 126 | leaf1#show ip bgp summary 127 | BGP summary information for VRF default 128 | Router identifier 10.0.250.11, local AS number 65001 129 | Neighbor Status Codes: m - Under maintenance 130 | Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc 131 | 10.0.1.0 4 65000 43 43 0 0 00:30:33 Estab 4 4 132 | 10.0.2.0 4 65000 41 42 0 0 00:30:33 Estab 4 4 133 | 10.0.3.1 4 65001 43 42 0 0 00:30:33 Estab 7 7 134 | leaf1#show bgp evpn summary 135 | BGP summary information for VRF default 136 | Router identifier 10.0.250.11, local AS number 65001 137 | Neighbor Status Codes: m - Under maintenance 138 | Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc 139 | 10.0.250.1 4 65000 54 45 0 0 00:30:50 Estab 8 8 140 | 10.0.250.2 4 65000 54 52 0 0 00:28:43 Estab 8 8 141 | leaf1# 142 | ``` 143 | 144 | ## Testing L2 145 | 146 | Client1(10.40.40.1) and Client3(10.40.40.3) are assigned to VLAN 40. There is no gateway involved at this point. 147 | 148 | ```bash 149 | (venv) juliopdx@drone:~/git/gcl$ docker exec -it client1 bash 150 | bash-5.0# ifconfig eth1 10.40.40.1 netmask 255.255.255.0 up 151 | bash-5.0# exit 152 | exit 153 | (venv) juliopdx@drone:~/git/gcl$ docker exec -it client3 bash 154 | bash-5.0# ifconfig eth1 10.40.40.3 netmask 255.255.255.0 up 155 | bash-5.0# ping -c 4 10.40.40.1 156 | PING 10.40.40.1 (10.40.40.1) 56(84) bytes of data. 157 | 64 bytes from 10.40.40.1: icmp_seq=1 ttl=64 time=155 ms 158 | 64 bytes from 10.40.40.1: icmp_seq=2 ttl=64 time=24.9 ms 159 | 64 bytes from 10.40.40.1: icmp_seq=3 ttl=64 time=22.7 ms 160 | 64 bytes from 10.40.40.1: icmp_seq=4 ttl=64 time=23.0 ms 161 | 162 | --- 10.40.40.1 ping statistics --- 163 | 4 packets transmitted, 4 received, 0% packet loss, time 3004ms 164 | rtt min/avg/max/mdev = 22.742/56.382/154.891/56.879 ms 165 | bash-5.0# 166 | ``` 167 | 168 | ## Testing L3 169 | 170 | Client2(10.12.12.10) and Client4(10.34.34.10) are on different networks. Lets validate connectivity over the fabric. 171 | 172 | ```bash 173 | (venv) juliopdx@drone:~/git/gcl$ docker exec -it client2 bash 174 | bash-5.0# ifconfig eth1 10.12.12.10 netmask 255.255.255.0 up 175 | bash-5.0# route add default gw 10.12.12.1 176 | bash-5.0# ping -c 4 10.12.12.1 177 | PING 10.12.12.1 (10.12.12.1) 56(84) bytes of data. 178 | 64 bytes from 10.12.12.1: icmp_seq=1 ttl=64 time=54.1 ms 179 | 64 bytes from 10.12.12.1: icmp_seq=2 ttl=64 time=11.4 ms 180 | 64 bytes from 10.12.12.1: icmp_seq=3 ttl=64 time=8.39 ms 181 | 64 bytes from 10.12.12.1: icmp_seq=4 ttl=64 time=10.3 ms 182 | 183 | --- 10.12.12.1 ping statistics --- 184 | 4 packets transmitted, 4 received, 0% packet loss, time 3005ms 185 | rtt min/avg/max/mdev = 8.391/21.055/54.143/19.133 ms 186 | bash-5.0# exit 187 | exit 188 | (venv) juliopdx@drone:~/git/gcl$ docker exec -it client4 bash 189 | bash-5.0# ifconfig eth1 10.34.34.10 netmask 255.255.255.0 up 190 | bash-5.0# route add default gw 10.34.34.1 191 | bash-5.0# ping -c 4 10.34.34.1 192 | PING 10.34.34.1 (10.34.34.1) 56(84) bytes of data. 193 | 64 bytes from 10.34.34.1: icmp_seq=1 ttl=64 time=35.8 ms 194 | 64 bytes from 10.34.34.1: icmp_seq=2 ttl=64 time=8.96 ms 195 | 64 bytes from 10.34.34.1: icmp_seq=3 ttl=64 time=8.51 ms 196 | 64 bytes from 10.34.34.1: icmp_seq=4 ttl=64 time=9.30 ms 197 | 198 | --- 10.34.34.1 ping statistics --- 199 | 4 packets transmitted, 4 received, 0% packet loss, time 3004ms 200 | rtt min/avg/max/mdev = 8.514/15.643/35.807/11.644 ms 201 | bash-5.0# ping -c 4 10.12.12.10 202 | PING 10.12.12.10 (10.12.12.10) 56(84) bytes of data. 203 | 64 bytes from 10.12.12.10: icmp_seq=1 ttl=62 time=60.0 ms 204 | 64 bytes from 10.12.12.10: icmp_seq=3 ttl=62 time=52.8 ms 205 | 206 | --- 10.12.12.10 ping statistics --- 207 | 4 packets transmitted, 2 received, 50% packet loss, time 3021ms 208 | rtt min/avg/max/mdev = 52.771/56.362/59.954/3.591 ms 209 | bash-5.0# 210 | ``` 211 | 212 | ## Testing external connectivity 213 | 214 | I added some bogus default route on the ext node. This is then advertised into BGP but only under the vrf where Client2 and Client4 reside. Lets see if they can reach "10.80.40.1". 215 | 216 | ```bash 217 | (venv) juliopdx@drone:~/git/gcl$ docker exec -it client4 bash 218 | bash-5.0# ping -c 4 10.80.40.1 219 | PING 10.80.40.1 (10.80.40.1) 56(84) bytes of data. 220 | 64 bytes from 10.80.40.1: icmp_seq=1 ttl=63 time=46.4 ms 221 | 64 bytes from 10.80.40.1: icmp_seq=2 ttl=63 time=39.5 ms 222 | 64 bytes from 10.80.40.1: icmp_seq=3 ttl=63 time=34.5 ms 223 | 64 bytes from 10.80.40.1: icmp_seq=4 ttl=63 time=29.9 ms 224 | 225 | --- 10.80.40.1 ping statistics --- 226 | 4 packets transmitted, 4 received, 0% packet loss, time 3005ms 227 | rtt min/avg/max/mdev = 29.869/37.571/46.415/6.128 ms 228 | bash-5.0# 229 | ``` 230 | 231 | ## Conclusion 232 | 233 | Feel free to use this and play around with these really awesome technologies. I cant stress this enough, the blog series by David is awesome and led to the creation of this lab topology. Thank you David! 234 | -------------------------------------------------------------------------------- /clab-clos/ansible-inventory.yml: -------------------------------------------------------------------------------- 1 | all: 2 | children: 3 | ceos: 4 | hosts: 5 | ext: 6 | ansible_host: 172.100.100.25 7 | leaf1: 8 | ansible_host: 172.100.100.21 9 | leaf2: 10 | ansible_host: 172.100.100.22 11 | leaf3: 12 | ansible_host: 172.100.100.23 13 | leaf4: 14 | ansible_host: 172.100.100.24 15 | spine1: 16 | ansible_host: 172.100.100.11 17 | spine2: 18 | ansible_host: 172.100.100.12 19 | linux: 20 | hosts: 21 | client1: 22 | ansible_host: 172.100.100.101 23 | client2: 24 | ansible_host: 172.100.100.102 25 | client3: 26 | ansible_host: 172.100.100.103 27 | client4: 28 | ansible_host: 172.100.100.104 29 | -------------------------------------------------------------------------------- /clab-clos/authorized_keys: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /clab-clos/ext/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:16 2022 by root 2 | ! device: ext (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$EKtAoouaqkzEjLF6$ooRidjSST98aVaRrPTW4/T51nwsUQskiBrnW4d.qUPfb8tkb418tXosshP3OPiAAgdZudQEakrp5Hr6A75GZJ0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname ext 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | vlan 900 17 | ! 18 | management api http-commands 19 | no shutdown 20 | ! 21 | management api gnmi 22 | transport grpc default 23 | ! 24 | management api netconf 25 | transport ssh default 26 | ! 27 | interface Ethernet1 28 | description leaf3 29 | switchport access vlan 900 30 | ! 31 | interface Ethernet2 32 | description leaf4 33 | switchport access vlan 900 34 | ! 35 | interface Loopback0 36 | ip address 10.80.40.1/32 37 | ! 38 | interface Management0 39 | ip address 172.100.100.25/24 40 | ! 41 | interface Vlan900 42 | ip address 10.90.90.1/29 43 | ! 44 | ip routing 45 | ! 46 | ip route 0.0.0.0/0 Null0 47 | ! 48 | router bgp 64999 49 | neighbor 10.90.90.2 remote-as 65002 50 | neighbor 10.90.90.3 remote-as 65002 51 | redistribute static 52 | ! 53 | end 54 | -------------------------------------------------------------------------------- /clab-clos/ext/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:bd:6a:58 2 | -------------------------------------------------------------------------------- /clab-clos/leaf1/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:09 2022 by root 2 | ! device: leaf1 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf1 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 12 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.1/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.1/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client1 65 | switchport access vlan 40 66 | ! 67 | interface Loopback0 68 | ip address 10.0.250.11/32 69 | ! 70 | interface Loopback1 71 | ip address 10.0.255.11/32 72 | ! 73 | interface Management0 74 | ip address 172.100.100.21/24 75 | ! 76 | interface Vlan12 77 | vrf gold 78 | ip address 10.12.12.2/24 79 | ip virtual-router address 10.12.12.1 80 | ! 81 | interface Vlan4090 82 | description mlag peer link 83 | no autostate 84 | ip address 10.0.199.254/31 85 | ! 86 | interface Vlan4091 87 | mtu 9214 88 | ip address 10.0.3.0/31 89 | ! 90 | interface Vxlan1 91 | vxlan source-interface Loopback1 92 | vxlan udp-port 4789 93 | vxlan vlan 40 vni 100040 94 | vxlan vrf gold vni 100001 95 | vxlan learn-restrict any 96 | ! 97 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 98 | ! 99 | ip routing 100 | ip routing vrf gold 101 | ! 102 | mlag configuration 103 | domain-id leafs 104 | local-interface Vlan4090 105 | peer-address 10.0.199.255 106 | peer-address heartbeat 172.100.100.22 107 | peer-link Port-Channel999 108 | dual-primary detection delay 10 action errdisable all-interfaces 109 | ! 110 | router bgp 65001 111 | router-id 10.0.250.11 112 | no bgp default ipv4-unicast 113 | distance bgp 20 200 200 114 | maximum-paths 4 ecmp 64 115 | neighbor evpn peer group 116 | neighbor evpn remote-as 65000 117 | neighbor evpn update-source Loopback0 118 | neighbor evpn ebgp-multihop 3 119 | neighbor evpn send-community extended 120 | neighbor evpn maximum-routes 12000 warning-only 121 | neighbor underlay peer group 122 | neighbor underlay remote-as 65000 123 | neighbor underlay maximum-routes 12000 warning-only 124 | neighbor underlay_ibgp peer group 125 | neighbor underlay_ibgp remote-as 65001 126 | neighbor underlay_ibgp next-hop-self 127 | neighbor underlay_ibgp maximum-routes 12000 warning-only 128 | neighbor 10.0.1.0 peer group underlay 129 | neighbor 10.0.2.0 peer group underlay 130 | neighbor 10.0.3.1 peer group underlay_ibgp 131 | neighbor 10.0.250.1 peer group evpn 132 | neighbor 10.0.250.2 peer group evpn 133 | ! 134 | vlan 40 135 | rd auto 136 | route-target both 40:100040 137 | redistribute learned 138 | ! 139 | address-family evpn 140 | neighbor evpn activate 141 | ! 142 | address-family ipv4 143 | neighbor underlay activate 144 | neighbor underlay_ibgp activate 145 | network 10.0.250.11/32 146 | network 10.0.255.11/32 147 | ! 148 | vrf gold 149 | rd 10.0.250.11:1 150 | route-target import evpn 1:100001 151 | route-target export evpn 1:100001 152 | redistribute connected 153 | ! 154 | end 155 | -------------------------------------------------------------------------------- /clab-clos/leaf1/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:a0:f4:7c 2 | -------------------------------------------------------------------------------- /clab-clos/leaf2/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:03 2022 by root 2 | ! device: leaf2 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf2 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 12 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.3/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.3/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client2 65 | switchport access vlan 12 66 | ! 67 | interface Loopback0 68 | ip address 10.0.250.12/32 69 | ! 70 | interface Loopback1 71 | ip address 10.0.255.11/32 72 | ! 73 | interface Management0 74 | ip address 172.100.100.22/24 75 | ! 76 | interface Vlan12 77 | vrf gold 78 | ip address 10.12.12.2/24 79 | ip virtual-router address 10.12.12.1 80 | ! 81 | interface Vlan4090 82 | description mlag peer link 83 | no autostate 84 | ip address 10.0.199.255/31 85 | ! 86 | interface Vlan4091 87 | mtu 9214 88 | ip address 10.0.3.1/31 89 | ! 90 | interface Vxlan1 91 | vxlan source-interface Loopback1 92 | vxlan udp-port 4789 93 | vxlan vlan 40 vni 100040 94 | vxlan vrf gold vni 100001 95 | vxlan learn-restrict any 96 | ! 97 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 98 | ! 99 | ip routing 100 | ip routing vrf gold 101 | ! 102 | mlag configuration 103 | domain-id leafs 104 | local-interface Vlan4090 105 | peer-address 10.0.199.254 106 | peer-address heartbeat 172.100.100.21 107 | peer-link Port-Channel999 108 | dual-primary detection delay 10 action errdisable all-interfaces 109 | ! 110 | router bgp 65001 111 | router-id 10.0.250.12 112 | no bgp default ipv4-unicast 113 | distance bgp 20 200 200 114 | maximum-paths 4 ecmp 64 115 | neighbor evpn peer group 116 | neighbor evpn remote-as 65000 117 | neighbor evpn update-source Loopback0 118 | neighbor evpn ebgp-multihop 3 119 | neighbor evpn send-community extended 120 | neighbor evpn maximum-routes 12000 warning-only 121 | neighbor underlay peer group 122 | neighbor underlay remote-as 65000 123 | neighbor underlay maximum-routes 12000 warning-only 124 | neighbor underlay_ibgp peer group 125 | neighbor underlay_ibgp remote-as 65001 126 | neighbor underlay_ibgp next-hop-self 127 | neighbor underlay_ibgp maximum-routes 12000 warning-only 128 | neighbor 10.0.1.2 peer group underlay 129 | neighbor 10.0.2.2 peer group underlay 130 | neighbor 10.0.3.0 peer group underlay_ibgp 131 | neighbor 10.0.250.1 peer group evpn 132 | neighbor 10.0.250.2 peer group evpn 133 | ! 134 | vlan 40 135 | rd auto 136 | route-target both 40:100040 137 | redistribute learned 138 | ! 139 | address-family evpn 140 | neighbor evpn activate 141 | ! 142 | address-family ipv4 143 | neighbor underlay activate 144 | neighbor underlay_ibgp activate 145 | network 10.0.250.12/32 146 | network 10.0.255.11/32 147 | ! 148 | vrf gold 149 | rd 10.0.250.12:1 150 | route-target import evpn 1:100001 151 | route-target export evpn 1:100001 152 | redistribute connected 153 | ! 154 | end 155 | -------------------------------------------------------------------------------- /clab-clos/leaf2/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:75:be:ab 2 | -------------------------------------------------------------------------------- /clab-clos/leaf3/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:12 2022 by root 2 | ! device: leaf3 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf3 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 34,900 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.5/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.5/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client3 65 | switchport access vlan 40 66 | ! 67 | interface Ethernet5 68 | description ext 69 | switchport access vlan 900 70 | ! 71 | interface Loopback0 72 | ip address 10.0.250.13/32 73 | ! 74 | interface Loopback1 75 | ip address 10.0.255.12/32 76 | ! 77 | interface Management0 78 | ip address 172.100.100.23/24 79 | ! 80 | interface Vlan34 81 | vrf gold 82 | ip address 10.34.34.2/24 83 | ip virtual-router address 10.34.34.1 84 | ! 85 | interface Vlan900 86 | vrf gold 87 | ip address 10.90.90.2/29 88 | ! 89 | interface Vlan4090 90 | description mlag peer link 91 | no autostate 92 | ip address 10.0.199.254/31 93 | ! 94 | interface Vlan4091 95 | mtu 9214 96 | ip address 10.0.3.2/31 97 | ! 98 | interface Vxlan1 99 | vxlan source-interface Loopback1 100 | vxlan udp-port 4789 101 | vxlan vlan 40 vni 100040 102 | vxlan vrf gold vni 100001 103 | vxlan learn-restrict any 104 | ! 105 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 106 | ! 107 | ip routing 108 | ip routing vrf gold 109 | ! 110 | mlag configuration 111 | domain-id leafs 112 | local-interface Vlan4090 113 | peer-address 10.0.199.255 114 | peer-address heartbeat 172.100.100.24 115 | peer-link Port-Channel999 116 | dual-primary detection delay 10 action errdisable all-interfaces 117 | ! 118 | router bgp 65002 119 | router-id 10.0.250.13 120 | no bgp default ipv4-unicast 121 | distance bgp 20 200 200 122 | maximum-paths 4 ecmp 64 123 | neighbor evpn peer group 124 | neighbor evpn remote-as 65000 125 | neighbor evpn update-source Loopback0 126 | neighbor evpn ebgp-multihop 3 127 | neighbor evpn send-community extended 128 | neighbor evpn maximum-routes 12000 warning-only 129 | neighbor underlay peer group 130 | neighbor underlay remote-as 65000 131 | neighbor underlay maximum-routes 12000 warning-only 132 | neighbor underlay_ibgp peer group 133 | neighbor underlay_ibgp remote-as 65001 134 | neighbor underlay_ibgp next-hop-self 135 | neighbor underlay_ibgp maximum-routes 12000 warning-only 136 | neighbor 10.0.1.4 peer group underlay 137 | neighbor 10.0.2.4 peer group underlay 138 | neighbor 10.0.3.3 peer group underlay_ibgp 139 | neighbor 10.0.250.1 peer group evpn 140 | neighbor 10.0.250.2 peer group evpn 141 | ! 142 | vlan 40 143 | rd auto 144 | route-target both 40:100040 145 | redistribute learned 146 | ! 147 | address-family evpn 148 | neighbor evpn activate 149 | ! 150 | address-family ipv4 151 | neighbor underlay activate 152 | neighbor underlay_ibgp activate 153 | network 10.0.250.13/32 154 | network 10.0.255.12/32 155 | ! 156 | vrf gold 157 | rd 10.0.250.13:1 158 | route-target import evpn 1:100001 159 | route-target export evpn 1:100001 160 | neighbor 10.90.90.1 remote-as 64999 161 | redistribute connected 162 | ! 163 | address-family ipv4 164 | neighbor 10.90.90.1 activate 165 | ! 166 | end 167 | -------------------------------------------------------------------------------- /clab-clos/leaf3/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:bc:38:09 2 | -------------------------------------------------------------------------------- /clab-clos/leaf4/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:29 2022 by root 2 | ! device: leaf4 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf4 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 34,900 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.7/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.7/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client4 65 | switchport access vlan 34 66 | ! 67 | interface Ethernet5 68 | description ext 69 | switchport access vlan 900 70 | ! 71 | interface Loopback0 72 | ip address 10.0.250.14/32 73 | ! 74 | interface Loopback1 75 | ip address 10.0.255.12/32 76 | ! 77 | interface Management0 78 | ip address 172.100.100.24/24 79 | ! 80 | interface Vlan34 81 | vrf gold 82 | ip address 10.34.34.3/24 83 | ip virtual-router address 10.34.34.1 84 | ! 85 | interface Vlan900 86 | vrf gold 87 | ip address 10.90.90.3/29 88 | ! 89 | interface Vlan4090 90 | description mlag peer link 91 | no autostate 92 | ip address 10.0.199.255/31 93 | ! 94 | interface Vlan4091 95 | mtu 9214 96 | ip address 10.0.3.3/31 97 | ! 98 | interface Vxlan1 99 | vxlan source-interface Loopback1 100 | vxlan udp-port 4789 101 | vxlan vlan 40 vni 100040 102 | vxlan vrf gold vni 100001 103 | vxlan learn-restrict any 104 | ! 105 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 106 | ! 107 | ip routing 108 | ip routing vrf gold 109 | ! 110 | mlag configuration 111 | domain-id leafs 112 | local-interface Vlan4090 113 | peer-address 10.0.199.254 114 | peer-address heartbeat 172.100.100.23 115 | peer-link Port-Channel999 116 | dual-primary detection delay 10 action errdisable all-interfaces 117 | ! 118 | router bgp 65002 119 | router-id 10.0.250.14 120 | no bgp default ipv4-unicast 121 | distance bgp 20 200 200 122 | maximum-paths 4 ecmp 64 123 | neighbor evpn peer group 124 | neighbor evpn remote-as 65000 125 | neighbor evpn update-source Loopback0 126 | neighbor evpn ebgp-multihop 3 127 | neighbor evpn send-community extended 128 | neighbor evpn maximum-routes 12000 warning-only 129 | neighbor underlay peer group 130 | neighbor underlay remote-as 65000 131 | neighbor underlay maximum-routes 12000 warning-only 132 | neighbor underlay_ibgp peer group 133 | neighbor underlay_ibgp remote-as 65001 134 | neighbor underlay_ibgp next-hop-self 135 | neighbor underlay_ibgp maximum-routes 12000 warning-only 136 | neighbor 10.0.1.6 peer group underlay 137 | neighbor 10.0.2.6 peer group underlay 138 | neighbor 10.0.3.2 peer group underlay_ibgp 139 | neighbor 10.0.250.1 peer group evpn 140 | neighbor 10.0.250.2 peer group evpn 141 | ! 142 | vlan 40 143 | rd auto 144 | route-target both 40:100040 145 | redistribute learned 146 | ! 147 | address-family evpn 148 | neighbor evpn activate 149 | ! 150 | address-family ipv4 151 | neighbor underlay activate 152 | neighbor underlay_ibgp activate 153 | network 10.0.250.14/32 154 | network 10.0.255.12/32 155 | ! 156 | vrf gold 157 | rd 10.0.250.14:1 158 | route-target import evpn 1:100001 159 | route-target export evpn 1:100001 160 | neighbor 10.90.90.1 remote-as 64999 161 | redistribute connected 162 | ! 163 | address-family ipv4 164 | neighbor 10.90.90.1 activate 165 | ! 166 | end 167 | -------------------------------------------------------------------------------- /clab-clos/leaf4/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:31:73:3c 2 | -------------------------------------------------------------------------------- /clab-clos/spine1/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:09 2022 by root 2 | ! device: spine1 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$nCwey3kN2kxjWlTy$Jm2XPhpnslNApB6NxRtPpMOqwyfdHnnsiyDe7THb1QCIpaRiQIoYfWNOixElZ9JJ0QoqouRge2K0V93Vh8qmc. 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname spine1 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description leaf1 27 | mtu 9214 28 | no switchport 29 | ip address 10.0.1.0/31 30 | ! 31 | interface Ethernet2 32 | description leaf2 33 | mtu 9214 34 | no switchport 35 | ip address 10.0.1.2/31 36 | ! 37 | interface Ethernet3 38 | description leaf3 39 | mtu 9214 40 | no switchport 41 | ip address 10.0.1.4/31 42 | ! 43 | interface Ethernet4 44 | description leaf4 45 | mtu 9214 46 | no switchport 47 | ip address 10.0.1.6/31 48 | ! 49 | interface Loopback0 50 | ip address 10.0.250.1/32 51 | ! 52 | interface Management0 53 | ip address 172.100.100.11/24 54 | ! 55 | ip routing 56 | ! 57 | router bgp 65000 58 | router-id 10.0.250.1 59 | no bgp default ipv4-unicast 60 | distance bgp 20 200 200 61 | neighbor evpn peer group 62 | neighbor evpn next-hop-unchanged 63 | neighbor evpn update-source Loopback0 64 | neighbor evpn ebgp-multihop 3 65 | neighbor evpn send-community extended 66 | neighbor evpn maximum-routes 12000 warning-only 67 | neighbor 10.0.1.1 remote-as 65001 68 | neighbor 10.0.1.3 remote-as 65001 69 | neighbor 10.0.1.5 remote-as 65002 70 | neighbor 10.0.1.7 remote-as 65002 71 | neighbor 10.0.250.11 peer group evpn 72 | neighbor 10.0.250.11 remote-as 65001 73 | neighbor 10.0.250.12 peer group evpn 74 | neighbor 10.0.250.12 remote-as 65001 75 | neighbor 10.0.250.13 peer group evpn 76 | neighbor 10.0.250.13 remote-as 65002 77 | neighbor 10.0.250.14 peer group evpn 78 | neighbor 10.0.250.14 remote-as 65002 79 | ! 80 | address-family evpn 81 | neighbor evpn activate 82 | ! 83 | address-family ipv4 84 | neighbor 10.0.1.1 activate 85 | neighbor 10.0.1.3 activate 86 | neighbor 10.0.1.5 activate 87 | neighbor 10.0.1.7 activate 88 | network 10.0.250.1/32 89 | ! 90 | end 91 | -------------------------------------------------------------------------------- /clab-clos/spine1/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:2a:da:39 2 | -------------------------------------------------------------------------------- /clab-clos/spine2/flash/startup-config: -------------------------------------------------------------------------------- 1 | ! Startup-config last modified at Tue Jan 18 21:14:01 2022 by root 2 | ! device: spine2 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$T/CGZM5F5rG1XgNQ$FfsFsB7b.MOaZQMPMx35tkQPg2WpnywRah4EMVS2c73x8vkzYxVPbijG6C3ClTi66G6wY.0nUWVg62z5/IIMV1 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname spine2 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description leaf1 27 | mtu 9214 28 | no switchport 29 | ip address 10.0.2.0/31 30 | ! 31 | interface Ethernet2 32 | description leaf2 33 | mtu 9214 34 | no switchport 35 | ip address 10.0.2.2/31 36 | ! 37 | interface Ethernet3 38 | description leaf3 39 | mtu 9214 40 | no switchport 41 | ip address 10.0.2.4/31 42 | ! 43 | interface Ethernet4 44 | description leaf4 45 | mtu 9214 46 | no switchport 47 | ip address 10.0.2.6/31 48 | ! 49 | interface Loopback0 50 | ip address 10.0.250.2/32 51 | ! 52 | interface Management0 53 | ip address 172.100.100.12/24 54 | ! 55 | ip routing 56 | ! 57 | router bgp 65000 58 | router-id 10.0.250.2 59 | no bgp default ipv4-unicast 60 | distance bgp 20 200 200 61 | neighbor evpn peer group 62 | neighbor evpn next-hop-unchanged 63 | neighbor evpn update-source Loopback0 64 | neighbor evpn ebgp-multihop 3 65 | neighbor evpn send-community extended 66 | neighbor evpn maximum-routes 12000 warning-only 67 | neighbor 10.0.2.1 remote-as 65001 68 | neighbor 10.0.2.3 remote-as 65001 69 | neighbor 10.0.2.5 remote-as 65002 70 | neighbor 10.0.2.7 remote-as 65002 71 | neighbor 10.0.250.11 peer group evpn 72 | neighbor 10.0.250.11 remote-as 65001 73 | neighbor 10.0.250.12 peer group evpn 74 | neighbor 10.0.250.12 remote-as 65001 75 | neighbor 10.0.250.13 peer group evpn 76 | neighbor 10.0.250.13 remote-as 65002 77 | neighbor 10.0.250.14 peer group evpn 78 | neighbor 10.0.250.14 remote-as 65002 79 | ! 80 | address-family evpn 81 | neighbor evpn activate 82 | ! 83 | address-family ipv4 84 | neighbor 10.0.2.1 activate 85 | neighbor 10.0.2.3 activate 86 | neighbor 10.0.2.5 activate 87 | neighbor 10.0.2.7 activate 88 | ! 89 | end 90 | -------------------------------------------------------------------------------- /clab-clos/spine2/flash/system_mac_address: -------------------------------------------------------------------------------- 1 | 00:1c:73:fe:9b:89 2 | -------------------------------------------------------------------------------- /clos.clab.yaml: -------------------------------------------------------------------------------- 1 | name: clos 2 | prefix: "" 3 | 4 | mgmt: 5 | network: statics 6 | ipv4_subnet: 172.100.100.0/24 7 | 8 | topology: 9 | kinds: 10 | ceos: 11 | image: ceos:4.27.0F 12 | linux: 13 | image: ghcr.io/hellt/network-multitool 14 | nodes: 15 | spine1: 16 | kind: ceos 17 | mgmt_ipv4: 172.100.100.11 18 | spine2: 19 | kind: ceos 20 | mgmt_ipv4: 172.100.100.12 21 | leaf1: 22 | kind: ceos 23 | mgmt_ipv4: 172.100.100.21 24 | leaf2: 25 | kind: ceos 26 | mgmt_ipv4: 172.100.100.22 27 | leaf3: 28 | kind: ceos 29 | mgmt_ipv4: 172.100.100.23 30 | leaf4: 31 | kind: ceos 32 | mgmt_ipv4: 172.100.100.24 33 | ext: 34 | kind: ceos 35 | mgmt_ipv4: 172.100.100.25 36 | client1: 37 | kind: linux 38 | mgmt_ipv4: 172.100.100.101 39 | client2: 40 | kind: linux 41 | mgmt_ipv4: 172.100.100.102 42 | client3: 43 | kind: linux 44 | mgmt_ipv4: 172.100.100.103 45 | client4: 46 | kind: linux 47 | mgmt_ipv4: 172.100.100.104 48 | links: 49 | # Spine to leaf 50 | - endpoints: ["spine1:eth1", "leaf1:eth1"] 51 | - endpoints: ["spine1:eth2", "leaf2:eth1"] 52 | - endpoints: ["spine1:eth3", "leaf3:eth1"] 53 | - endpoints: ["spine1:eth4", "leaf4:eth1"] 54 | - endpoints: ["spine2:eth1", "leaf1:eth2"] 55 | - endpoints: ["spine2:eth2", "leaf2:eth2"] 56 | - endpoints: ["spine2:eth3", "leaf3:eth2"] 57 | - endpoints: ["spine2:eth4", "leaf4:eth2"] 58 | # leaf to leaf iBGP and MLAG 59 | - endpoints: ["leaf1:eth3", "leaf2:eth3"] 60 | - endpoints: ["leaf3:eth3", "leaf4:eth3"] 61 | # leaf to clients 62 | - endpoints: ["leaf1:eth4", "client1:eth1"] 63 | - endpoints: ["leaf2:eth4", "client2:eth1"] 64 | - endpoints: ["leaf3:eth4", "client3:eth1"] 65 | - endpoints: ["leaf4:eth4", "client4:eth1"] 66 | # External connectivity, default route 67 | - endpoints: ["leaf3:eth5", "ext:eth1"] 68 | - endpoints: ["leaf4:eth5", "ext:eth2"] 69 | -------------------------------------------------------------------------------- /clos_config/ext.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: ext (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$EKtAoouaqkzEjLF6$ooRidjSST98aVaRrPTW4/T51nwsUQskiBrnW4d.qUPfb8tkb418tXosshP3OPiAAgdZudQEakrp5Hr6A75GZJ0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname ext 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | vlan 900 17 | ! 18 | management api http-commands 19 | no shutdown 20 | ! 21 | management api gnmi 22 | transport grpc default 23 | ! 24 | management api netconf 25 | transport ssh default 26 | ! 27 | interface Ethernet1 28 | description leaf3 29 | switchport access vlan 900 30 | ! 31 | interface Ethernet2 32 | description leaf4 33 | switchport access vlan 900 34 | ! 35 | interface Loopback0 36 | ip address 10.80.40.1/32 37 | ! 38 | interface Management0 39 | ip address 172.100.100.25/24 40 | ! 41 | interface Vlan900 42 | ip address 10.90.90.1/29 43 | ! 44 | ip routing 45 | ! 46 | ip route 0.0.0.0/0 Null0 47 | ! 48 | router bgp 64999 49 | neighbor 10.90.90.2 remote-as 65002 50 | neighbor 10.90.90.3 remote-as 65002 51 | redistribute static 52 | ! 53 | end -------------------------------------------------------------------------------- /clos_config/inventory.yaml: -------------------------------------------------------------------------------- 1 | all: 2 | children: 3 | ceos: 4 | hosts: 5 | ext: 6 | ansible_host: 172.100.100.25 7 | leaf1: 8 | ansible_host: 172.100.100.21 9 | leaf2: 10 | ansible_host: 172.100.100.22 11 | leaf3: 12 | ansible_host: 172.100.100.23 13 | leaf4: 14 | ansible_host: 172.100.100.24 15 | spine1: 16 | ansible_host: 172.100.100.11 17 | spine2: 18 | ansible_host: 172.100.100.12 19 | linux: 20 | hosts: 21 | client1: 22 | ansible_host: 172.100.100.101 23 | client2: 24 | ansible_host: 172.100.100.102 25 | client3: 26 | ansible_host: 172.100.100.103 27 | client4: 28 | ansible_host: 172.100.100.104 29 | -------------------------------------------------------------------------------- /clos_config/leaf1.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: leaf1 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf1 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 12 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.1/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.1/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client1 65 | switchport access vlan 40 66 | ! 67 | interface Loopback0 68 | ip address 10.0.250.11/32 69 | ! 70 | interface Loopback1 71 | ip address 10.0.255.11/32 72 | ! 73 | interface Management0 74 | ip address 172.100.100.21/24 75 | ! 76 | interface Vlan12 77 | vrf gold 78 | ip address 10.12.12.2/24 79 | ip virtual-router address 10.12.12.1 80 | ! 81 | interface Vlan4090 82 | description mlag peer link 83 | no autostate 84 | ip address 10.0.199.254/31 85 | ! 86 | interface Vlan4091 87 | mtu 9214 88 | ip address 10.0.3.0/31 89 | ! 90 | interface Vxlan1 91 | vxlan source-interface Loopback1 92 | vxlan udp-port 4789 93 | vxlan vlan 40 vni 100040 94 | vxlan vrf gold vni 100001 95 | vxlan learn-restrict any 96 | ! 97 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 98 | ! 99 | ip routing 100 | ip routing vrf gold 101 | ! 102 | mlag configuration 103 | domain-id leafs 104 | local-interface Vlan4090 105 | peer-address 10.0.199.255 106 | peer-address heartbeat 172.100.100.22 107 | peer-link Port-Channel999 108 | dual-primary detection delay 10 action errdisable all-interfaces 109 | ! 110 | router bgp 65001 111 | router-id 10.0.250.11 112 | no bgp default ipv4-unicast 113 | distance bgp 20 200 200 114 | maximum-paths 4 ecmp 64 115 | neighbor evpn peer group 116 | neighbor evpn remote-as 65000 117 | neighbor evpn update-source Loopback0 118 | neighbor evpn ebgp-multihop 3 119 | neighbor evpn send-community extended 120 | neighbor evpn maximum-routes 12000 warning-only 121 | neighbor underlay peer group 122 | neighbor underlay remote-as 65000 123 | neighbor underlay maximum-routes 12000 warning-only 124 | neighbor underlay_ibgp peer group 125 | neighbor underlay_ibgp remote-as 65001 126 | neighbor underlay_ibgp next-hop-self 127 | neighbor underlay_ibgp maximum-routes 12000 warning-only 128 | neighbor 10.0.1.0 peer group underlay 129 | neighbor 10.0.2.0 peer group underlay 130 | neighbor 10.0.3.1 peer group underlay_ibgp 131 | neighbor 10.0.250.1 peer group evpn 132 | neighbor 10.0.250.2 peer group evpn 133 | ! 134 | vlan 40 135 | rd auto 136 | route-target both 40:100040 137 | redistribute learned 138 | ! 139 | address-family evpn 140 | neighbor evpn activate 141 | ! 142 | address-family ipv4 143 | neighbor underlay activate 144 | neighbor underlay_ibgp activate 145 | network 10.0.250.11/32 146 | network 10.0.255.11/32 147 | ! 148 | vrf gold 149 | rd 10.0.250.11:1 150 | route-target import evpn 1:100001 151 | route-target export evpn 1:100001 152 | redistribute connected 153 | ! 154 | end -------------------------------------------------------------------------------- /clos_config/leaf2.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: leaf2 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf2 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 12 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.3/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.3/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client2 65 | switchport access vlan 12 66 | ! 67 | interface Loopback0 68 | ip address 10.0.250.12/32 69 | ! 70 | interface Loopback1 71 | ip address 10.0.255.11/32 72 | ! 73 | interface Management0 74 | ip address 172.100.100.22/24 75 | ! 76 | interface Vlan12 77 | vrf gold 78 | ip address 10.12.12.2/24 79 | ip virtual-router address 10.12.12.1 80 | ! 81 | interface Vlan4090 82 | description mlag peer link 83 | no autostate 84 | ip address 10.0.199.255/31 85 | ! 86 | interface Vlan4091 87 | mtu 9214 88 | ip address 10.0.3.1/31 89 | ! 90 | interface Vxlan1 91 | vxlan source-interface Loopback1 92 | vxlan udp-port 4789 93 | vxlan vlan 40 vni 100040 94 | vxlan vrf gold vni 100001 95 | vxlan learn-restrict any 96 | ! 97 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 98 | ! 99 | ip routing 100 | ip routing vrf gold 101 | ! 102 | mlag configuration 103 | domain-id leafs 104 | local-interface Vlan4090 105 | peer-address 10.0.199.254 106 | peer-address heartbeat 172.100.100.21 107 | peer-link Port-Channel999 108 | dual-primary detection delay 10 action errdisable all-interfaces 109 | ! 110 | router bgp 65001 111 | router-id 10.0.250.12 112 | no bgp default ipv4-unicast 113 | distance bgp 20 200 200 114 | maximum-paths 4 ecmp 64 115 | neighbor evpn peer group 116 | neighbor evpn remote-as 65000 117 | neighbor evpn update-source Loopback0 118 | neighbor evpn ebgp-multihop 3 119 | neighbor evpn send-community extended 120 | neighbor evpn maximum-routes 12000 warning-only 121 | neighbor underlay peer group 122 | neighbor underlay remote-as 65000 123 | neighbor underlay maximum-routes 12000 warning-only 124 | neighbor underlay_ibgp peer group 125 | neighbor underlay_ibgp remote-as 65001 126 | neighbor underlay_ibgp next-hop-self 127 | neighbor underlay_ibgp maximum-routes 12000 warning-only 128 | neighbor 10.0.1.2 peer group underlay 129 | neighbor 10.0.2.2 peer group underlay 130 | neighbor 10.0.3.0 peer group underlay_ibgp 131 | neighbor 10.0.250.1 peer group evpn 132 | neighbor 10.0.250.2 peer group evpn 133 | ! 134 | vlan 40 135 | rd auto 136 | route-target both 40:100040 137 | redistribute learned 138 | ! 139 | address-family evpn 140 | neighbor evpn activate 141 | ! 142 | address-family ipv4 143 | neighbor underlay activate 144 | neighbor underlay_ibgp activate 145 | network 10.0.250.12/32 146 | network 10.0.255.11/32 147 | ! 148 | vrf gold 149 | rd 10.0.250.12:1 150 | route-target import evpn 1:100001 151 | route-target export evpn 1:100001 152 | redistribute connected 153 | ! 154 | end -------------------------------------------------------------------------------- /clos_config/leaf3.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: leaf3 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf3 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 34,900 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.5/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.5/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client3 65 | switchport access vlan 40 66 | ! 67 | interface Ethernet5 68 | description ext 69 | switchport access vlan 900 70 | ! 71 | interface Loopback0 72 | ip address 10.0.250.13/32 73 | ! 74 | interface Loopback1 75 | ip address 10.0.255.12/32 76 | ! 77 | interface Management0 78 | ip address 172.100.100.23/24 79 | ! 80 | interface Vlan34 81 | vrf gold 82 | ip address 10.34.34.2/24 83 | ip virtual-router address 10.34.34.1 84 | ! 85 | interface Vlan900 86 | vrf gold 87 | ip address 10.90.90.2/29 88 | ! 89 | interface Vlan4090 90 | description mlag peer link 91 | no autostate 92 | ip address 10.0.199.254/31 93 | ! 94 | interface Vlan4091 95 | mtu 9214 96 | ip address 10.0.3.2/31 97 | ! 98 | interface Vxlan1 99 | vxlan source-interface Loopback1 100 | vxlan udp-port 4789 101 | vxlan vlan 40 vni 100040 102 | vxlan vrf gold vni 100001 103 | vxlan learn-restrict any 104 | ! 105 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 106 | ! 107 | ip routing 108 | ip routing vrf gold 109 | ! 110 | mlag configuration 111 | domain-id leafs 112 | local-interface Vlan4090 113 | peer-address 10.0.199.255 114 | peer-address heartbeat 172.100.100.24 115 | peer-link Port-Channel999 116 | dual-primary detection delay 10 action errdisable all-interfaces 117 | ! 118 | router bgp 65002 119 | router-id 10.0.250.13 120 | no bgp default ipv4-unicast 121 | distance bgp 20 200 200 122 | maximum-paths 4 ecmp 64 123 | neighbor evpn peer group 124 | neighbor evpn remote-as 65000 125 | neighbor evpn update-source Loopback0 126 | neighbor evpn ebgp-multihop 3 127 | neighbor evpn send-community extended 128 | neighbor evpn maximum-routes 12000 warning-only 129 | neighbor underlay peer group 130 | neighbor underlay remote-as 65000 131 | neighbor underlay maximum-routes 12000 warning-only 132 | neighbor underlay_ibgp peer group 133 | neighbor underlay_ibgp remote-as 65001 134 | neighbor underlay_ibgp next-hop-self 135 | neighbor underlay_ibgp maximum-routes 12000 warning-only 136 | neighbor 10.0.1.4 peer group underlay 137 | neighbor 10.0.2.4 peer group underlay 138 | neighbor 10.0.3.3 peer group underlay_ibgp 139 | neighbor 10.0.250.1 peer group evpn 140 | neighbor 10.0.250.2 peer group evpn 141 | ! 142 | vlan 40 143 | rd auto 144 | route-target both 40:100040 145 | redistribute learned 146 | ! 147 | address-family evpn 148 | neighbor evpn activate 149 | ! 150 | address-family ipv4 151 | neighbor underlay activate 152 | neighbor underlay_ibgp activate 153 | network 10.0.250.13/32 154 | network 10.0.255.12/32 155 | ! 156 | vrf gold 157 | rd 10.0.250.13:1 158 | route-target import evpn 1:100001 159 | route-target export evpn 1:100001 160 | neighbor 10.90.90.1 remote-as 64999 161 | redistribute connected 162 | ! 163 | address-family ipv4 164 | neighbor 10.90.90.1 activate 165 | ! 166 | end -------------------------------------------------------------------------------- /clos_config/leaf4.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: leaf4 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$FnNUTqeWxtfUPoRu$Ft9r26DsSm8RJHHskoy1.txm8ZjOFUTMPhbN//STqO51noSIKe6ul9e5liadMpSxl2pc.gcm9HwUyptrTs8cS0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname leaf4 13 | ! 14 | spanning-tree mode mstp 15 | no spanning-tree vlan-id 4090-4091 16 | ! 17 | vlan 34,900 18 | ! 19 | vlan 40 20 | name test-l2-vxlan 21 | ! 22 | vlan 4090 23 | name mlag-peer 24 | trunk group mlag-peer 25 | ! 26 | vlan 4091 27 | name mlag-ibgp 28 | trunk group mlag-peer 29 | ! 30 | vrf instance gold 31 | ! 32 | management api http-commands 33 | no shutdown 34 | ! 35 | management api gnmi 36 | transport grpc default 37 | ! 38 | management api netconf 39 | transport ssh default 40 | ! 41 | interface Port-Channel999 42 | description MLAG Peer 43 | switchport mode trunk 44 | switchport trunk group mlag-peer 45 | spanning-tree link-type point-to-point 46 | ! 47 | interface Ethernet1 48 | description spine1 49 | mtu 9214 50 | no switchport 51 | ip address 10.0.1.7/31 52 | ! 53 | interface Ethernet2 54 | description spine2 55 | mtu 9214 56 | no switchport 57 | ip address 10.0.2.7/31 58 | ! 59 | interface Ethernet3 60 | description mlag peer link 61 | channel-group 999 mode active 62 | ! 63 | interface Ethernet4 64 | description client4 65 | switchport access vlan 34 66 | ! 67 | interface Ethernet5 68 | description ext 69 | switchport access vlan 900 70 | ! 71 | interface Loopback0 72 | ip address 10.0.250.14/32 73 | ! 74 | interface Loopback1 75 | ip address 10.0.255.12/32 76 | ! 77 | interface Management0 78 | ip address 172.100.100.24/24 79 | ! 80 | interface Vlan34 81 | vrf gold 82 | ip address 10.34.34.3/24 83 | ip virtual-router address 10.34.34.1 84 | ! 85 | interface Vlan900 86 | vrf gold 87 | ip address 10.90.90.3/29 88 | ! 89 | interface Vlan4090 90 | description mlag peer link 91 | no autostate 92 | ip address 10.0.199.255/31 93 | ! 94 | interface Vlan4091 95 | mtu 9214 96 | ip address 10.0.3.3/31 97 | ! 98 | interface Vxlan1 99 | vxlan source-interface Loopback1 100 | vxlan udp-port 4789 101 | vxlan vlan 40 vni 100040 102 | vxlan vrf gold vni 100001 103 | vxlan learn-restrict any 104 | ! 105 | ip virtual-router mac-address c0:fe:c0:fe:c0:fe 106 | ! 107 | ip routing 108 | ip routing vrf gold 109 | ! 110 | mlag configuration 111 | domain-id leafs 112 | local-interface Vlan4090 113 | peer-address 10.0.199.254 114 | peer-address heartbeat 172.100.100.23 115 | peer-link Port-Channel999 116 | dual-primary detection delay 10 action errdisable all-interfaces 117 | ! 118 | router bgp 65002 119 | router-id 10.0.250.14 120 | no bgp default ipv4-unicast 121 | distance bgp 20 200 200 122 | maximum-paths 4 ecmp 64 123 | neighbor evpn peer group 124 | neighbor evpn remote-as 65000 125 | neighbor evpn update-source Loopback0 126 | neighbor evpn ebgp-multihop 3 127 | neighbor evpn send-community extended 128 | neighbor evpn maximum-routes 12000 warning-only 129 | neighbor underlay peer group 130 | neighbor underlay remote-as 65000 131 | neighbor underlay maximum-routes 12000 warning-only 132 | neighbor underlay_ibgp peer group 133 | neighbor underlay_ibgp remote-as 65001 134 | neighbor underlay_ibgp next-hop-self 135 | neighbor underlay_ibgp maximum-routes 12000 warning-only 136 | neighbor 10.0.1.6 peer group underlay 137 | neighbor 10.0.2.6 peer group underlay 138 | neighbor 10.0.3.2 peer group underlay_ibgp 139 | neighbor 10.0.250.1 peer group evpn 140 | neighbor 10.0.250.2 peer group evpn 141 | ! 142 | vlan 40 143 | rd auto 144 | route-target both 40:100040 145 | redistribute learned 146 | ! 147 | address-family evpn 148 | neighbor evpn activate 149 | ! 150 | address-family ipv4 151 | neighbor underlay activate 152 | neighbor underlay_ibgp activate 153 | network 10.0.250.14/32 154 | network 10.0.255.12/32 155 | ! 156 | vrf gold 157 | rd 10.0.250.14:1 158 | route-target import evpn 1:100001 159 | route-target export evpn 1:100001 160 | neighbor 10.90.90.1 remote-as 64999 161 | redistribute connected 162 | ! 163 | address-family ipv4 164 | neighbor 10.90.90.1 activate 165 | ! 166 | end -------------------------------------------------------------------------------- /clos_config/spine1.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: spine1 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$nCwey3kN2kxjWlTy$Jm2XPhpnslNApB6NxRtPpMOqwyfdHnnsiyDe7THb1QCIpaRiQIoYfWNOixElZ9JJ0QoqouRge2K0V93Vh8qmc. 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname spine1 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description leaf1 27 | mtu 9214 28 | no switchport 29 | ip address 10.0.1.0/31 30 | ! 31 | interface Ethernet2 32 | description leaf2 33 | mtu 9214 34 | no switchport 35 | ip address 10.0.1.2/31 36 | ! 37 | interface Ethernet3 38 | description leaf3 39 | mtu 9214 40 | no switchport 41 | ip address 10.0.1.4/31 42 | ! 43 | interface Ethernet4 44 | description leaf4 45 | mtu 9214 46 | no switchport 47 | ip address 10.0.1.6/31 48 | ! 49 | interface Loopback0 50 | ip address 10.0.250.1/32 51 | ! 52 | interface Management0 53 | ip address 172.100.100.11/24 54 | ! 55 | ip routing 56 | ! 57 | router bgp 65000 58 | router-id 10.0.250.1 59 | no bgp default ipv4-unicast 60 | distance bgp 20 200 200 61 | neighbor evpn peer group 62 | neighbor evpn next-hop-unchanged 63 | neighbor evpn update-source Loopback0 64 | neighbor evpn ebgp-multihop 3 65 | neighbor evpn send-community extended 66 | neighbor evpn maximum-routes 12000 warning-only 67 | neighbor 10.0.1.1 remote-as 65001 68 | neighbor 10.0.1.3 remote-as 65001 69 | neighbor 10.0.1.5 remote-as 65002 70 | neighbor 10.0.1.7 remote-as 65002 71 | neighbor 10.0.250.11 peer group evpn 72 | neighbor 10.0.250.11 remote-as 65001 73 | neighbor 10.0.250.12 peer group evpn 74 | neighbor 10.0.250.12 remote-as 65001 75 | neighbor 10.0.250.13 peer group evpn 76 | neighbor 10.0.250.13 remote-as 65002 77 | neighbor 10.0.250.14 peer group evpn 78 | neighbor 10.0.250.14 remote-as 65002 79 | ! 80 | address-family evpn 81 | neighbor evpn activate 82 | ! 83 | address-family ipv4 84 | neighbor 10.0.1.1 activate 85 | neighbor 10.0.1.3 activate 86 | neighbor 10.0.1.5 activate 87 | neighbor 10.0.1.7 activate 88 | network 10.0.250.1/32 89 | ! 90 | end -------------------------------------------------------------------------------- /clos_config/spine2.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: spine2 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$T/CGZM5F5rG1XgNQ$FfsFsB7b.MOaZQMPMx35tkQPg2WpnywRah4EMVS2c73x8vkzYxVPbijG6C3ClTi66G6wY.0nUWVg62z5/IIMV1 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname spine2 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description leaf1 27 | mtu 9214 28 | no switchport 29 | ip address 10.0.2.0/31 30 | ! 31 | interface Ethernet2 32 | description leaf2 33 | mtu 9214 34 | no switchport 35 | ip address 10.0.2.2/31 36 | ! 37 | interface Ethernet3 38 | description leaf3 39 | mtu 9214 40 | no switchport 41 | ip address 10.0.2.4/31 42 | ! 43 | interface Ethernet4 44 | description leaf4 45 | mtu 9214 46 | no switchport 47 | ip address 10.0.2.6/31 48 | ! 49 | interface Loopback0 50 | ip address 10.0.250.2/32 51 | ! 52 | interface Management0 53 | ip address 172.100.100.12/24 54 | ! 55 | ip routing 56 | ! 57 | router bgp 65000 58 | router-id 10.0.250.2 59 | no bgp default ipv4-unicast 60 | distance bgp 20 200 200 61 | neighbor evpn peer group 62 | neighbor evpn next-hop-unchanged 63 | neighbor evpn update-source Loopback0 64 | neighbor evpn ebgp-multihop 3 65 | neighbor evpn send-community extended 66 | neighbor evpn maximum-routes 12000 warning-only 67 | neighbor 10.0.2.1 remote-as 65001 68 | neighbor 10.0.2.3 remote-as 65001 69 | neighbor 10.0.2.5 remote-as 65002 70 | neighbor 10.0.2.7 remote-as 65002 71 | neighbor 10.0.250.11 peer group evpn 72 | neighbor 10.0.250.11 remote-as 65001 73 | neighbor 10.0.250.12 peer group evpn 74 | neighbor 10.0.250.12 remote-as 65001 75 | neighbor 10.0.250.13 peer group evpn 76 | neighbor 10.0.250.13 remote-as 65002 77 | neighbor 10.0.250.14 peer group evpn 78 | neighbor 10.0.250.14 remote-as 65002 79 | ! 80 | address-family evpn 81 | neighbor evpn activate 82 | ! 83 | address-family ipv4 84 | neighbor 10.0.2.1 activate 85 | neighbor 10.0.2.3 activate 86 | neighbor 10.0.2.5 activate 87 | neighbor 10.0.2.7 activate 88 | network 10.0.250.2/32 89 | ! 90 | end -------------------------------------------------------------------------------- /configs/post/cicd-pdx-rtr-eos-01.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-01 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$RxQ5ae0GOW6SAiCU$7qzQNGX2pSIqWIYBIYGF8Xh30lo/s418/diYEEZj9rPrTJiAkYv0s6AvjpTfUHMGz.a58Hg29Yy/nV0Zvplux0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-01 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description connection to pdx-rtr-eos-02 27 | no switchport 28 | ip address 10.0.12.1/24 29 | ip ospf network point-to-point 30 | ip ospf area 0.0.0.0 31 | ! 32 | ! 33 | interface Ethernet2 34 | no switchport 35 | ip address 192.168.1.1/24 36 | ip ospf area 0.0.0.0 37 | ! 38 | interface Loopback1 39 | ip address 10.0.0.1/32 40 | ip ospf area 0.0.0.0 41 | ! 42 | interface Management0 43 | ip address 172.100.100.11/24 44 | ! 45 | ip routing 46 | ! 47 | router bgp 65001 48 | router-id 10.0.0.1 49 | timers bgp 10 30 50 | neighbor 10.0.0.4 remote-as 65004 51 | neighbor 10.0.0.4 update-source Loopback1 52 | neighbor 10.0.0.4 ebgp-multihop 3 53 | ! 54 | router ospf 1 55 | router-id 10.0.0.1 56 | passive-interface Ethernet2 57 | passive-interface Loopback1 58 | max-lsa 12000 59 | ! 60 | end -------------------------------------------------------------------------------- /configs/post/cicd-pdx-rtr-eos-02.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-02 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$xE.nuLMQpnBSm7fM$F1ZS4f6LWG1y6Fvl2Yf7p8gEO0UoLArBMSU2RlvIu0x50BY//m9sdLPI4.fzOdVWSx2S7T7mP4stSYo752/w11 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-02 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description connection to pdx-rtr-eos-01 27 | no switchport 28 | ip address 10.0.12.2/24 29 | ip ospf network point-to-point 30 | ip ospf area 0.0.0.0 31 | ! 32 | interface Ethernet2 33 | description connection to pdx-rtr-eos-03 34 | no switchport 35 | ip address 10.0.23.2/24 36 | ip ospf network point-to-point 37 | ip ospf area 0.0.0.0 38 | ! 39 | interface Management0 40 | ip address 172.100.100.12/24 41 | ! 42 | ip routing 43 | ! 44 | router ospf 1 45 | router-id 10.0.0.2 46 | max-lsa 12000 47 | ! 48 | end -------------------------------------------------------------------------------- /configs/post/cicd-pdx-rtr-eos-03.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-03 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$UO9BShdfuG166FSU$KjzpvNGhRlgbW2OqvHstOM0oO6VzHXaZ7.mpBe2uw6QxtBI61akWlmNbLhM8MqENOzKjgwnjFXF4qOCN0najd0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-03 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | ! 26 | interface Ethernet1 27 | description connection to pdx-rtr-eos-02 28 | no switchport 29 | ip address 10.0.23.3/24 30 | ip ospf network point-to-point 31 | ip ospf area 0.0.0.0 32 | ! 33 | interface Ethernet2 34 | description connection to pdx-rtr-eos-04 35 | no switchport 36 | ip address 10.0.34.3/24 37 | ip ospf network point-to-point 38 | ip ospf area 0.0.0.0 39 | ! 40 | interface Management0 41 | ip address 172.100.100.13/24 42 | ! 43 | ip routing 44 | ! 45 | router ospf 1 46 | router-id 10.0.0.3 47 | max-lsa 12000 48 | ! 49 | end -------------------------------------------------------------------------------- /configs/post/cicd-pdx-rtr-eos-04.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-04 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$RxQ5ae0GOW6SAiCU$7qzQNGX2pSIqWIYBIYGF8Xh30lo/s418/diYEEZj9rPrTJiAkYv0s6AvjpTfUHMGz.a58Hg29Yy/nV0Zvplux0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-04 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | description connection to pdx-rtr-eos-03 27 | no switchport 28 | ip address 10.0.34.4/24 29 | ip ospf network point-to-point 30 | ip ospf area 0.0.0.0 31 | ! 32 | interface Ethernet2 33 | no switchport 34 | ip address 192.168.4.1/24 35 | ip ospf area 0.0.0.0 36 | ! 37 | interface Loopback1 38 | ip address 10.0.0.4/32 39 | ip ospf area 0.0.0.0 40 | ! 41 | interface Management0 42 | ip address 172.100.100.14/24 43 | ! 44 | ip routing 45 | ! 46 | router bgp 65004 47 | router-id 10.0.0.4 48 | timers bgp 10 30 49 | neighbor 10.0.0.1 remote-as 65001 50 | neighbor 10.0.0.1 update-source Loopback1 51 | neighbor 10.0.0.1 ebgp-multihop 3 52 | ! 53 | router ospf 1 54 | router-id 10.0.0.4 55 | passive-interface Ethernet2 56 | passive-interface Loopback1 57 | max-lsa 12000 58 | ! 59 | end -------------------------------------------------------------------------------- /configs/pre/cicd-pdx-rtr-eos-01.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-01 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$RxQ5ae0GOW6SAiCU$7qzQNGX2pSIqWIYBIYGF8Xh30lo/s418/diYEEZj9rPrTJiAkYv0s6AvjpTfUHMGz.a58Hg29Yy/nV0Zvplux0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-01 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | ! 27 | interface Ethernet2 28 | ! 29 | interface Management0 30 | ip address 172.100.100.11/24 31 | ! 32 | no ip routing 33 | ! 34 | end -------------------------------------------------------------------------------- /configs/pre/cicd-pdx-rtr-eos-02.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-02 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$xE.nuLMQpnBSm7fM$F1ZS4f6LWG1y6Fvl2Yf7p8gEO0UoLArBMSU2RlvIu0x50BY//m9sdLPI4.fzOdVWSx2S7T7mP4stSYo752/w11 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-02 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | ! 27 | interface Ethernet2 28 | ! 29 | interface Management0 30 | ip address 172.100.100.12/24 31 | ! 32 | no ip routing 33 | ! 34 | end -------------------------------------------------------------------------------- /configs/pre/cicd-pdx-rtr-eos-03.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-03 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$UO9BShdfuG166FSU$KjzpvNGhRlgbW2OqvHstOM0oO6VzHXaZ7.mpBe2uw6QxtBI61akWlmNbLhM8MqENOzKjgwnjFXF4qOCN0najd0 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-03 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | ! 27 | interface Ethernet2 28 | ! 29 | interface Management0 30 | ip address 172.100.100.13/24 31 | ! 32 | no ip routing 33 | ! 34 | end -------------------------------------------------------------------------------- /configs/pre/cicd-pdx-rtr-eos-04.cfg: -------------------------------------------------------------------------------- 1 | ! Command: show running-config 2 | ! device: pdx-rtr-eos-04 (cEOSLab, EOS-4.27.0F-24305004.4270F (engineering build)) 3 | ! 4 | no aaa root 5 | ! 6 | username admin privilege 15 role network-admin secret sha512 $6$80vAK4C7egYGmMCr$aQs6Oe1HPzToV9KkGBQozUNUzaelo8cM6EXUzDfsjPF4q/LJDb3WOtP01uqrCzKJWk3KpOMno40Df1nsilfwI/ 7 | ! 8 | transceiver qsfp default-mode 4x10G 9 | ! 10 | service routing protocols model multi-agent 11 | ! 12 | hostname pdx-rtr-eos-04 13 | ! 14 | spanning-tree mode mstp 15 | ! 16 | management api http-commands 17 | no shutdown 18 | ! 19 | management api gnmi 20 | transport grpc default 21 | ! 22 | management api netconf 23 | transport ssh default 24 | ! 25 | interface Ethernet1 26 | ! 27 | interface Ethernet2 28 | ! 29 | interface Management0 30 | ip address 172.100.100.14/24 31 | ! 32 | no ip routing 33 | ! 34 | end -------------------------------------------------------------------------------- /deploy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """Script used to configure the network""" 4 | 5 | from nornir import InitNornir 6 | from nornir_utils.plugins.functions import print_result 7 | from nornir_napalm.plugins.tasks import napalm_configure 8 | from tools import nornir_set_creds 9 | 10 | 11 | def deploy_network(task): 12 | """Configures network with NAPALM""" 13 | if "client" in task.host.name: 14 | pass 15 | else: 16 | # task1_result = task.run( 17 | # name=f"Configuring {task.host.name}!", 18 | # task=napalm_configure, 19 | # filename=f"configs/post/{task.host.name}.cfg", 20 | # replace=True, 21 | # ) 22 | task1_result = task.run( 23 | name=f"Configuring {task.host.name}!", 24 | task=napalm_configure, 25 | filename=f"clos_config/{task.host.name}.cfg", 26 | replace=True, 27 | ) 28 | 29 | 30 | def main(): 31 | """Used to run all the things""" 32 | norn = InitNornir(config_file="nornir_settings/config.yaml") 33 | nornir_set_creds(norn) 34 | result = norn.run(task=deploy_network) 35 | print_result(result) 36 | 37 | 38 | if __name__ == "__main__": 39 | main() 40 | -------------------------------------------------------------------------------- /images/topo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JulioPDX/gcl/66d1282c2a7023a6c8cb6cdda2cdcbd337bf8e74/images/topo.png -------------------------------------------------------------------------------- /mikro.clab.yaml: -------------------------------------------------------------------------------- 1 | name: mikro 2 | # prefix: "" 3 | 4 | mgmt: 5 | network: mikrostatics 6 | ipv4_subnet: 172.100.101.0/24 7 | 8 | topology: 9 | kinds: 10 | vr-ros: 11 | image: vrnetlab/vr-routeros:7.1 12 | linux: 13 | image: ghcr.io/hellt/network-multitool 14 | nodes: 15 | ros01: 16 | kind: vr-ros 17 | startup-config: ros01.txt 18 | mgmt_ipv4: 172.100.101.11 19 | ros02: 20 | kind: vr-ros 21 | startup-config: ros02.txt 22 | mgmt_ipv4: 172.100.101.12 23 | ros03: 24 | kind: vr-ros 25 | startup-config: ros03.txt 26 | mgmt_ipv4: 172.100.101.13 27 | client1: 28 | kind: linux 29 | mgmt_ipv4: 172.100.101.21 30 | client2: 31 | kind: linux 32 | mgmt_ipv4: 172.100.101.22 33 | links: 34 | - endpoints: ["ros01:eth1", "ros02:eth1"] 35 | - endpoints: ["ros02:eth2", "ros03:eth1"] 36 | - endpoints: ["ros03:eth2", "ros01:eth2"] 37 | # Client connections 38 | - endpoints: ["client1:eth1", "ros01:eth3"] 39 | - endpoints: ["client2:eth1", "ros03:eth3"] -------------------------------------------------------------------------------- /net.clab.yaml: -------------------------------------------------------------------------------- 1 | name: cicd 2 | prefix: "" 3 | 4 | mgmt: 5 | network: statics 6 | ipv4_subnet: 172.100.100.0/24 7 | 8 | topology: 9 | kinds: 10 | ceos: 11 | image: ceos:4.27.0F 12 | linux: 13 | image: ghcr.io/hellt/network-multitool 14 | nodes: 15 | pdx-rtr-eos-01: 16 | kind: ceos 17 | mgmt_ipv4: 172.100.100.11 18 | pdx-rtr-eos-02: 19 | kind: ceos 20 | mgmt_ipv4: 172.100.100.12 21 | pdx-rtr-eos-03: 22 | kind: ceos 23 | mgmt_ipv4: 172.100.100.13 24 | pdx-rtr-eos-04: 25 | kind: ceos 26 | image: ceos:4.27.0F 27 | mgmt_ipv4: 172.100.100.14 28 | client1: 29 | kind: linux 30 | mgmt_ipv4: 172.100.100.21 31 | client2: 32 | kind: linux 33 | mgmt_ipv4: 172.100.100.22 34 | # junos3: 35 | # kind: crpd 36 | # image: hub.juniper.net/routing/crpd:19.4R1.10 37 | # mgmt_ipv4: 172.100.100.13 38 | # license: junos-lic 39 | links: 40 | - endpoints: ["pdx-rtr-eos-01:eth1", "pdx-rtr-eos-02:eth1"] 41 | - endpoints: ["pdx-rtr-eos-02:eth2", "pdx-rtr-eos-03:eth1"] 42 | - endpoints: ["pdx-rtr-eos-03:eth2", "pdx-rtr-eos-04:eth1"] 43 | # Client connections 44 | - endpoints: ["client1:eth1", "pdx-rtr-eos-01:eth2"] 45 | - endpoints: ["client2:eth1", "pdx-rtr-eos-04:eth2"] 46 | -------------------------------------------------------------------------------- /nornir_settings/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | inventory: 3 | plugin: AnsibleInventory 4 | options: 5 | hostsfile: "clos_config/inventory.yaml" 6 | 7 | runner: 8 | plugin: threaded 9 | options: 10 | num_workers: 10 -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | nornir==3.2.0 2 | nornir_ansible==2021.7.30 3 | nornir_napalm==0.1.2 -------------------------------------------------------------------------------- /tools.py: -------------------------------------------------------------------------------- 1 | """Tools script that holds a variety of functions""" 2 | 3 | import os 4 | 5 | 6 | def nornir_set_creds(norn, username="admin", password="admin", platform="eos"): 7 | """ 8 | Handler for settings credentials and platform 9 | """ 10 | if not username: 11 | username = os.environ.get("NORNIR_USER") 12 | if not password: 13 | password = os.environ.get("MY_SECRET") 14 | 15 | for host_obj in norn.inventory.hosts.values(): 16 | host_obj.username = username 17 | host_obj.password = password 18 | host_obj.platform = platform 19 | # host_obj.connection_options = { 20 | # "scrapli": {"extras": {"auth_strict_key": False}} 21 | # } 22 | --------------------------------------------------------------------------------