diff --git a/README.md b/README.md
index 81e6d88a..9e2918a2 100644
--- a/README.md
+++ b/README.md
@@ -3,26 +3,31 @@
![lab-version](https://img.shields.io/github/v/release/arista-netdevops-community/avd-cEOS-Lab?color=brightgreen&logo=appveyor&style=for-the-badge)
![cEOS-AVD](https://img.shields.io/badge/AVD-cEOS-brightgreen?logo=appveyor&style=for-the-badge)
-- [Overview](#overview)
-- [Installation](#installation)
+- [Arista Validated design with cEOS-lab](#arista-validated-design-with-ceos-lab)
+ - [Overview](#overview)
+ - [Installation](#installation)
- [Requirements](#requirements)
+ - [AVD](#avd)
+ - [cEOS-Lab Deployment](#ceos-lab-deployment)
- [Installing Arista cEOS-Lab image](#installing-arista-ceos-lab-image)
- [Installing the alpine-host image](#installing-the-alpine-host-image)
- [cEOS containerlab template](#ceos-containerlab-template)
- - [AWS AMI](#aws-ami)
-- [Labs](#labs)
-- [Demo](#demo)
-- [Improvements](#improvements)
- - [Alpine-host configuration](#alpine-host-configuration)
- - [Bonding Configuration](#bonding-configuration)
- - [L3 configuration](#l3-configuration)
+ - [AWS AMI](#aws-ami)
+ - [Labs](#labs)
+ - [Demo](#demo)
+ - [Using Makefile](#using-makefile)
+ - [Improvements](#improvements)
+ - [Alpine-host configuration](#alpine-host-configuration)
+ - [Bonding Configuration](#bonding-configuration)
+ - [Host L3 configuration](#host-l3-configuration)
+ - [Upcoming](#upcoming)
## Overview
This repository contains ansible playbooks which allow the user to quickly:
1. Deploy cEOS-Lab Leaf Spine topology using [containerlab](https://containerlab.dev/).
-2. Configure the Leaf Spine Fabric using Arista Ansible [AVD](https://avd.sh/en/latest/)
+2. Configure the Leaf Spine Fabric using Arista Ansible [AVD](https://avd.sh/en/stable/)
The same AVD templates can also be used with vEOS-Lab and physical Lab switches with slight changes to lab files.
@@ -32,16 +37,21 @@ Clone the repository and ensure to have the required libraries and software inst
### Requirements
-- Python 3.6.8 or above
-- ansible-core from 2.11.3 to 2.12.x
+#### AVD
+
+- Python 3.8 or above
+- `ansible-core` from 2.11.3 to 2.12.x
- arista.avd ansible collection (3.0.0 or above)
- containerlab (0.15 or above)
- arista.avd requirements
+
+#### cEOS-Lab Deployment
+
- docker
- Arista cEOS-Lab image (4.21.8M or above)
- Alpine-host image (optional)
-For arista.avd installation please refer to the [official](https://avd.sh/en/latest/docs/installation/requirements.html) documenation.
+For arista.avd installation please refer to the [official](https://avd.sh/en/stable/docs/installation/requirements.html) documenation.
For containerlab installation please refer to the [official](https://containerlab.dev/install/) documentation.
@@ -53,6 +63,8 @@ For Python3, docker and ansible installation please refer to the installation gu
- arista.avd v3.0.0 contains breaking changes to data models [`Release Notes`](https://avd.sh/en/latest/docs/release-notes/3.x.x.html). Latest release of this repository is arista.avd v3.0.0 and above compatible. For older avd compatible syntax download older release. [`Releases`](https://github.com/arista-netdevops-community/avd-cEOS-Lab/releases)
+- Starting Python 3.10 the default SSL/TLS ciphers have been [updated](https://bugs.python.org/issue43998). Latest [`release`](https://github.com/arista-netdevops-community/avd-cEOS-Lab/releases) of this repository updates the cipher suite on EOS via a security profile applied to eAPI to be compatible with Python 3.10.
+
### Installing Arista cEOS-Lab image
Download the image from www.arista.com > Software Downloads > cEOS-Lab > EOS-4.2x.y > cEOS-lab-4.2x.y.tar.xz
@@ -103,9 +115,9 @@ Alternatively you can use cEOS-Lab container or any other linux based container
### cEOS containerlab template
-**NOTE** :warning: This is no longer required starting containerlab v0.15. The v2.0.0 and above releases of this repository includes this template in the `topology.yaml` itself.
+**NOTE** :warning: This is no longer required starting containerlab v0.15. The v2.0.0 and above releases of this repository includes this template in the `topology.yaml` itself.
-For containerlab version less than v0.15, replace the containerlab cEOS default template with the `ceos.cfg.tpl` file from this repository. If the default template is not replaced with the one from this repository, then for the intial AVD config replace you will observe a timeout error.
+For containerlab version less than v0.15, replace the containerlab cEOS default template with the `ceos.cfg.tpl` file from this repository. If the default template is not replaced with the one from this repository, then for the intial AVD config replace you will observe a timeout error.
```shell
ceos_lab_template
@@ -157,18 +169,19 @@ This Demo will deploy `avd_sym_irb` lab using containerlab and configure the Fab
labs/evpn/avd_sym_irb
├── ansible.cfg
├── group_vars
-│ ├── AVD_LAB.yaml
-│ ├── DC1_FABRIC.yaml
-│ ├── DC1_L2_LEAFS.yaml
-│ ├── DC1_L3_LEAFS.yaml
-│ ├── DC1_SERVERS.yaml
-│ ├── DC1_SPINES.yaml
-│ └── DC1_TENANTS_NETWORKS.yaml
+│ ├── AVD_LAB.yaml
+│ ├── DC1_FABRIC.yaml
+│ ├── DC1_L2_LEAFS.yaml
+│ ├── DC1_L3_LEAFS.yaml
+│ ├── DC1_SERVERS.yaml
+│ ├── DC1_SPINES.yaml
+│ └── DC1_TENANTS_NETWORKS.yaml
├── host_l3_config
-│ └── l3_build.sh
+│ └── l3_build.sh
├── inventory.yaml
+├── Makefile
├── playbooks
-│ └── fabric-deploy-config.yaml
+│ └── fabric-deploy-config.yaml
└── topology.yaml
```
@@ -278,6 +291,19 @@ Vxlan1 is up, line protocol is up (connected)
MLAG Shared Router MAC is 021c.7313.b344
```
+### Using Makefile
+
+Each lab contains a `Makefile`, which simplifies the lab deployment steps using `make` command.
+
+To see available options
+
+```shell
+$ make help
+deploy Complete AVD & cEOS-Lab Deployment
+destroy Delete cEOS-Lab Deployment and AVD generated config and documentation
+help Display help message
+```
+
## Improvements
### Alpine-host configuration
@@ -320,9 +346,9 @@ Example:
`TACTIVE` sets the active interface (ex. `eth1`) and the other interface (ex. `eth2`) will be automatically set to backup.
-#### L3 configuration
+#### Host L3 configuration
-Currently L3 configuration can be done either:
+Currently end host L3 configuration can be done either:
- Using the `labs/evpn/avd_/host_l3_config/l3_build.sh`. The shell script contains the command to configure the VLAN, IP address, Gateway route on the alpine hosts.
- If VLAN/SVIs (on the switch) are different from default templates please edit the `l3_build.sh` accordingly.
@@ -365,3 +391,7 @@ round-trip min/avg/max = 5.946/13.238/20.531 ms
/ $ arp -a
? (10.1.10.1) at 00:00:00:00:00:01 [ether] on team0.110
```
+
+## Upcoming
+
+CVX VxLAN Lab
diff --git a/ceos_lab_template/ceos.cfg.tpl b/ceos_lab_template/ceos.cfg.tpl
index 5e974948..6143f090 100644
--- a/ceos_lab_template/ceos.cfg.tpl
+++ b/ceos_lab_template/ceos.cfg.tpl
@@ -11,8 +11,13 @@ interface Management0
{{ if .MgmtIPv4Address }} ip address {{ .MgmtIPv4Address }}/{{ .MgmtIPv4PrefixLength }}{{end}}
{{ if .MgmtIPv6Address }} ipv6 address {{ .MgmtIPv6Address }}/{{ .MgmtIPv6PrefixLength }}{{end}}
!
+management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+!
management api http-commands
- protocol https
+ protocol https ssl profile eAPI
no shutdown
!
vrf MGMT
diff --git a/labs/evpn/avd_asym_irb/Makefile b/labs/evpn/avd_asym_irb/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_asym_irb/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_asym_irb/group_vars/AVD_LAB.yaml b/labs/evpn/avd_asym_irb/group_vars/AVD_LAB.yaml
index 53330650..4600f16c 100644
--- a/labs/evpn/avd_asym_irb/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_asym_irb/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,28 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
+
+# cipher_list will be added in AVD rel 3.8.x till then using raw_eos_cli
+eos_cli: |
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_asym_irb/group_vars/DC1_FABRIC.yaml b/labs/evpn/avd_asym_irb/group_vars/DC1_FABRIC.yaml
index 2c4162c4..851c646d 100644
--- a/labs/evpn/avd_asym_irb/group_vars/DC1_FABRIC.yaml
+++ b/labs/evpn/avd_asym_irb/group_vars/DC1_FABRIC.yaml
@@ -28,7 +28,6 @@ spine:
- distance bgp 20 200 200
#- graceful-restart restart-time 300
#- graceful-restart
- leaf_as_range: 65101-65132
nodes:
DC1_SPINE1:
id: 1
@@ -40,7 +39,6 @@ spine:
l3leaf:
defaults:
platform: cEOS-LAB
- bgp_as: 65100
uplink_switches: [DC1_SPINE1, DC1_SPINE2]
uplink_interfaces: [Ethernet1, Ethernet2]
mlag_interfaces: [Ethernet3, Ethernet4]
diff --git a/labs/evpn/avd_asym_irb/topology.yaml b/labs/evpn/avd_asym_irb/topology.yaml
index da94a7ba..17a8d18c 100644
--- a/labs/evpn/avd_asym_irb/topology.yaml
+++ b/labs/evpn/avd_asym_irb/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/evpn/avd_asym_multihoming/Makefile b/labs/evpn/avd_asym_multihoming/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_asym_multihoming/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_asym_multihoming/group_vars/AVD_LAB.yaml b/labs/evpn/avd_asym_multihoming/group_vars/AVD_LAB.yaml
index 70b1e105..4600f16c 100644
--- a/labs/evpn/avd_asym_multihoming/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_asym_multihoming/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,28 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
+
+# cipher_list will be added in AVD rel 3.8.x till then using raw_eos_cli
+eos_cli: |
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
-# octa: true
\ No newline at end of file
+# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_asym_multihoming/group_vars/DC1_FABRIC.yaml b/labs/evpn/avd_asym_multihoming/group_vars/DC1_FABRIC.yaml
index 3fe34915..1a374374 100644
--- a/labs/evpn/avd_asym_multihoming/group_vars/DC1_FABRIC.yaml
+++ b/labs/evpn/avd_asym_multihoming/group_vars/DC1_FABRIC.yaml
@@ -26,7 +26,6 @@ spine:
- distance bgp 20 200 200
#- graceful-restart restart-time 300
#- graceful-restart
- leaf_as_range: 65101-65132
nodes:
DC1_SPINE1:
id: 1
diff --git a/labs/evpn/avd_asym_multihoming/topology.yaml b/labs/evpn/avd_asym_multihoming/topology.yaml
index b6630b46..7d6fa066 100644
--- a/labs/evpn/avd_asym_multihoming/topology.yaml
+++ b/labs/evpn/avd_asym_multihoming/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/evpn/avd_central_any_gw/Makefile b/labs/evpn/avd_central_any_gw/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_central_any_gw/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_central_any_gw/group_vars/AVD_LAB.yaml b/labs/evpn/avd_central_any_gw/group_vars/AVD_LAB.yaml
index 70b1e105..4600f16c 100644
--- a/labs/evpn/avd_central_any_gw/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_central_any_gw/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,28 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
+
+# cipher_list will be added in AVD rel 3.8.x till then using raw_eos_cli
+eos_cli: |
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
-# octa: true
\ No newline at end of file
+# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_central_any_gw/group_vars/DC1_FABRIC.yaml b/labs/evpn/avd_central_any_gw/group_vars/DC1_FABRIC.yaml
index 641a8a16..608d6699 100644
--- a/labs/evpn/avd_central_any_gw/group_vars/DC1_FABRIC.yaml
+++ b/labs/evpn/avd_central_any_gw/group_vars/DC1_FABRIC.yaml
@@ -30,7 +30,6 @@ spine:
- distance bgp 20 200 200
#- graceful-restart restart-time 300
#- graceful-restart
- leaf_as_range: 65101-65132
nodes:
DC1_SPINE1:
id: 1
diff --git a/labs/evpn/avd_central_any_gw/topology.yaml b/labs/evpn/avd_central_any_gw/topology.yaml
index fa3fb6f0..ec6a1564 100644
--- a/labs/evpn/avd_central_any_gw/topology.yaml
+++ b/labs/evpn/avd_central_any_gw/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/evpn/avd_sym_irb/Makefile b/labs/evpn/avd_sym_irb/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_sym_irb/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_sym_irb/group_vars/AVD_LAB.yaml b/labs/evpn/avd_sym_irb/group_vars/AVD_LAB.yaml
index 53330650..4600f16c 100644
--- a/labs/evpn/avd_sym_irb/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_sym_irb/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,28 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
+
+# cipher_list will be added in AVD rel 3.8.x till then using raw_eos_cli
+eos_cli: |
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_sym_irb/group_vars/DC1_FABRIC.yaml b/labs/evpn/avd_sym_irb/group_vars/DC1_FABRIC.yaml
index 2e4fddf7..2e285163 100644
--- a/labs/evpn/avd_sym_irb/group_vars/DC1_FABRIC.yaml
+++ b/labs/evpn/avd_sym_irb/group_vars/DC1_FABRIC.yaml
@@ -28,7 +28,6 @@ spine:
- distance bgp 20 200 200
#- graceful-restart restart-time 300
#- graceful-restart
- leaf_as_range: 65101-65132
nodes:
DC1_SPINE1:
id: 1
diff --git a/labs/evpn/avd_sym_irb/topology.yaml b/labs/evpn/avd_sym_irb/topology.yaml
index d2ffbb54..a23be3a8 100644
--- a/labs/evpn/avd_sym_irb/topology.yaml
+++ b/labs/evpn/avd_sym_irb/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/evpn/avd_sym_irb_ibgp/Makefile b/labs/evpn/avd_sym_irb_ibgp/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_sym_irb_ibgp/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_sym_irb_ibgp/group_vars/AVD_LAB.yaml b/labs/evpn/avd_sym_irb_ibgp/group_vars/AVD_LAB.yaml
index 53330650..4600f16c 100644
--- a/labs/evpn/avd_sym_irb_ibgp/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_sym_irb_ibgp/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,28 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
+
+# cipher_list will be added in AVD rel 3.8.x till then using raw_eos_cli
+eos_cli: |
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_sym_irb_ibgp/topology.yaml b/labs/evpn/avd_sym_irb_ibgp/topology.yaml
index 8e4e1ac1..0c64a65a 100644
--- a/labs/evpn/avd_sym_irb_ibgp/topology.yaml
+++ b/labs/evpn/avd_sym_irb_ibgp/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/evpn/avd_sym_sa_multihoming/Makefile b/labs/evpn/avd_sym_sa_multihoming/Makefile
new file mode 100644
index 00000000..c5f09277
--- /dev/null
+++ b/labs/evpn/avd_sym_sa_multihoming/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/ intended/
diff --git a/labs/evpn/avd_sym_sa_multihoming/group_vars/AVD_LAB.yaml b/labs/evpn/avd_sym_sa_multihoming/group_vars/AVD_LAB.yaml
index 70b1e105..a2f7c09e 100644
--- a/labs/evpn/avd_sym_sa_multihoming/group_vars/AVD_LAB.yaml
+++ b/labs/evpn/avd_sym_sa_multihoming/group_vars/AVD_LAB.yaml
@@ -18,7 +18,8 @@ ntp:
service_routing_protocols_model: multi-agent
-spanning_tree_mode: mstp
+spanning_tree:
+ mode: mstp
ip_routing: true
@@ -27,11 +28,21 @@ mgmt_interface: Management0
mgmt_gateway: 172.100.100.1
# Management eAPI | Required for this Lab
-management_eapi:
- enable_https: true
+custom_structured_configuration_management_api_http:
+ https_ssl_profile: eAPI
+
+# Management security required for SSL profile with strong ciphers
+#custom_structured_configuration_management_security:
+# ssl_profiles:
+# - name: eAPI
+# certificate:
+# file: eAPI.crt
+# key: eAPI.key
+# cipher_list: HIGH,!eNULL,!aNULL,!MD5,!ADH,!ANULL
# Management GNMI | Optional
#management_api_gnmi:
# enable_vrfs:
# MGMT:
-# octa: true
\ No newline at end of file
+# octa: true
+# provider: eos-native
diff --git a/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_FABRIC.yaml b/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_FABRIC.yaml
index b06e7501..4af74fef 100644
--- a/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_FABRIC.yaml
+++ b/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_FABRIC.yaml
@@ -26,7 +26,6 @@ spine:
- distance bgp 20 200 200
#- graceful-restart restart-time 300
#- graceful-restart
- leaf_as_range: 65101-65132
nodes:
DC1_SPINE1:
id: 1
@@ -89,6 +88,11 @@ l3leaf:
vlan 111
designated-forwarder election preference rule low
!
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
DC1_PE12:
id: 2
bgp_as: 65102
@@ -118,6 +122,11 @@ l3leaf:
vlan 111
designated-forwarder election preference rule low
!
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
POD_2:
mlag: false
@@ -154,6 +163,11 @@ l3leaf:
vlan 113
designated-forwarder election preference rule low
!
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
DC1_PE22:
id: 4
bgp_as: 65104
@@ -183,6 +197,11 @@ l3leaf:
vlan 113
designated-forwarder election preference rule low
!
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
# Enable Route Target Membership Constraint Address Family on EVPN overlay BGP peerings
evpn_overlay_bgp_rtc: true
\ No newline at end of file
diff --git a/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_SPINES.yaml b/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_SPINES.yaml
index 4d0c73f9..fe44eebb 100644
--- a/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_SPINES.yaml
+++ b/labs/evpn/avd_sym_sa_multihoming/group_vars/DC1_SPINES.yaml
@@ -1 +1,8 @@
-type: spine
\ No newline at end of file
+type: spine
+custom_structured_configuration_eos_cli: |-
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
diff --git a/labs/evpn/avd_sym_sa_multihoming/topology.yaml b/labs/evpn/avd_sym_sa_multihoming/topology.yaml
index e177129b..17829f3d 100644
--- a/labs/evpn/avd_sym_sa_multihoming/topology.yaml
+++ b/labs/evpn/avd_sym_sa_multihoming/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/Makefile b/labs/mpls_ldp_evpn/mpls_evpn_irb/Makefile
new file mode 100644
index 00000000..70fbdcbd
--- /dev/null
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/devices/*.md intended/configs/*.cfg
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P1.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P1.yml
index a365e3c1..56cffb66 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P1.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P1.yml
@@ -87,6 +87,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -197,4 +198,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P2.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P2.yml
index 2f5f019d..1efedeca 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P2.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_P2.yml
@@ -87,6 +87,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -197,4 +198,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE11.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE11.yml
index 7d5ec5a5..72fd08a7 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE11.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE11.yml
@@ -110,6 +110,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -267,4 +268,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE12.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE12.yml
index 886ce5b4..fb962e63 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE12.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE12.yml
@@ -110,6 +110,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -267,4 +268,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE21.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE21.yml
index ee46eb32..6d1d7311 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE21.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE21.yml
@@ -110,6 +110,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -267,4 +268,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE22.yml b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE22.yml
index c15ac16a..c4b0f5b3 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE22.yml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/intended/structured_configs/DC1_PE22.yml
@@ -110,6 +110,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -267,4 +268,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_evpn_irb/topology.yaml b/labs/mpls_ldp_evpn/mpls_evpn_irb/topology.yaml
index f7e55a1f..0f8a9c9a 100644
--- a/labs/mpls_ldp_evpn/mpls_evpn_irb/topology.yaml
+++ b/labs/mpls_ldp_evpn/mpls_evpn_irb/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes:
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/Makefile b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/Makefile
new file mode 100644
index 00000000..70fbdcbd
--- /dev/null
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/Makefile
@@ -0,0 +1,21 @@
+.PHONY: help
+help: ## Display help message
+ @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+deploy: ## Complete AVD & cEOS-Lab Deployment
+ @echo -e "\n############### \e[1;30;42mStarting cEOS-Lab topology\e[0m ###############\n"
+ @sudo containerlab deploy -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mGenerating and deploying switch configuration\e[0m ###############\n"
+ @ansible-playbook playbooks/fabric-deploy-config.yaml --flush-cache
+ @echo -e "\n############### \e[1;30;42mConfiguring client nodes\e[0m ###############\n"
+ @bash host_l3_config/l3_build.sh
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Topology\e[0m ###############\n"
+ @sudo containerlab inspect -t topology.yaml
+ @echo -e "\n############### \e[1;30;42mcEOS-Lab Deployment Complete\e[0m ###############\n"
+
+.PHONY: destroy
+destroy: ## Delete cEOS-Lab Deployment and AVD generated config and documentation
+ @echo -e "\n############### \e[1;30;42mWiping nodes and deleting AVD configuration\e[0m ###############\n"
+ @sudo containerlab destroy -t topology.yaml --cleanup
+ @rm -rf .topology.yml.bak config_backup/ snapshots/ reports/ documentation/devices/*.md intended/configs/*.cfg
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P1.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P1.yml
index a365e3c1..56cffb66 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P1.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P1.yml
@@ -87,6 +87,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -197,4 +198,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P2.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P2.yml
index 2f5f019d..1efedeca 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P2.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_P2.yml
@@ -87,6 +87,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -197,4 +198,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE11.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE11.yml
index 4241325d..300ed1cf 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE11.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE11.yml
@@ -102,6 +102,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -242,4 +243,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE12.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE12.yml
index 055516cc..e26e33d2 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE12.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE12.yml
@@ -102,6 +102,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -242,4 +243,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE21.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE21.yml
index 52eb63dc..b57fecec 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE21.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE21.yml
@@ -102,6 +102,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -242,4 +243,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE22.yml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE22.yml
index 32cc9b73..28b1fbfe 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE22.yml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/intended/structured_configs/DC1_PE22.yml
@@ -102,6 +102,7 @@ management_api_http:
enable_vrfs:
MGMT: {}
enable_https: true
+ https_ssl_profile: eAPI
loopback_interfaces:
Loopback0:
description: EVPN_Overlay_Peering
@@ -242,4 +243,11 @@ mpls:
ip: true
ldp:
router_id: interface Loopback0
- shutdown: false
\ No newline at end of file
+ shutdown: false
+eos_cli: |
+ !
+ management security
+ ssl profile eAPI
+ cipher-list HIGH:!eNULL:!aNULL:!MD5:!ADH:!ANULL
+ certificate eAPI.crt key eAPI.key
+ !
\ No newline at end of file
diff --git a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/topology.yaml b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/topology.yaml
index 3ea33290..68056ea1 100644
--- a/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/topology.yaml
+++ b/labs/mpls_ldp_evpn/mpls_ldp_l2evpn/topology.yaml
@@ -4,7 +4,11 @@ topology:
kinds:
ceos:
startup-config: ../../../ceos_lab_template/ceos.cfg.tpl
- image: ceosimage:4.27.3F
+ image: ceosimage:4.29.0.2F
+ exec:
+ - sleep 10
+ - FastCli -p 15 -c 'security pki key generate rsa 4096 eAPI.key'
+ - FastCli -p 15 -c 'security pki certificate generate self-signed eAPI.crt key eAPI.key generate rsa 4096 validity 30000 parameters common-name eAPI'
linux:
image: alpine-host
nodes: