diff --git a/.gitignore b/.gitignore
index 4b57c6b..514019f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,6 @@
 # clab auto-created directories and files
 **clab-*
 *.yml.bak
+
+# license files
+*license*.json
\ No newline at end of file
diff --git a/tech-library/datacenter/evpnvxlan/zbackend-infra/clab/inventory/group_vars/eos.yml b/tech-library/datacenter/evpnvxlan/zbackend-infra/clab/inventory/group_vars/eos.yml
index 0c54635..2a8a128 100644
--- a/tech-library/datacenter/evpnvxlan/zbackend-infra/clab/inventory/group_vars/eos.yml
+++ b/tech-library/datacenter/evpnvxlan/zbackend-infra/clab/inventory/group_vars/eos.yml
@@ -6,4 +6,5 @@ ansible_become: true
 ansible_become_method: enable
 ansible_httpapi_use_ssl: true
 ansible_httpapi_validate_certs: false
+ansible_httpapi_ciphers: AES256-SHA:DHE-RSA-AES256-SHA:AES128-SHA:DHE-RSA-AES128-SHA
 ansible_python_interpreter: $(which python3)
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/Makefile b/tech-library/wan/autovpn/zbackend-infra/act/Makefile
new file mode 100644
index 0000000..e6d09d1
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/Makefile
@@ -0,0 +1,16 @@
+.PHONY: help
+help: ## Display help message
+	@grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: push-configs
+push-configs: ## Push configs to lab
+	ansible-playbook config_push.yml
+
+.PHONY: grab-configs
+grab-configs: ## Grab configs from the lab
+	ansible-playbook config_grab.yml
+
+.PHONY: push-license
+push-license: ## Push license to CloudEOS nodes
+	pip3 install paramiko ansible-pylibssh
+	ansible-playbook push_license.yml -e ansible_connection=network_cli
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/act-wan-autovpn-dg.yml b/tech-library/wan/autovpn/zbackend-infra/act/act-wan-autovpn-dg.yml
new file mode 100644
index 0000000..b94d812
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/act-wan-autovpn-dg.yml
@@ -0,0 +1,328 @@
+---
+
+veos:
+    password: Arista123!
+    username: arista
+    version: 4.32.2F
+    switchport_default_mode_routed: true
+
+cloudeos:
+    password: Arista123!
+    username: arista
+    version: 4.32.2F
+
+generic:
+    password: ansible
+    username: ansible
+    version: ubuntu-2204-lts
+
+tools-server:
+    password: ansible
+    username: ansible
+    version: ubuntu-2204-lts
+
+nodes:
+##############################
+##############################
+### DC 1
+##############################
+##############################
+    - DC1-SPINE:
+        ip_addr: 192.168.0.11
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC1-LEAF:
+        ip_addr: 192.168.0.12
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC1-R1:
+        ip_addr: 192.168.0.13
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - DC1-R2:
+        ip_addr: 192.168.0.14
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - DC1-BORDER1:
+        ip_addr: 192.168.0.15
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC1-BORDER2:
+        ip_addr: 192.168.0.16
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - A1:
+        ip_addr: 192.168.0.201
+        node_type: generic
+    - A2:
+        ip_addr: 192.168.0.202
+        node_type: generic
+##############################
+##############################
+### DC 2
+##############################
+##############################
+    - DC2-SPINE:
+        ip_addr: 192.168.0.17
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC2-LEAF:
+        ip_addr: 192.168.0.18
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC2-R1:
+        ip_addr: 192.168.0.19
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - DC2-R2:
+        ip_addr: 192.168.0.20
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - DC2-BORDER1:
+        ip_addr: 192.168.0.21
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - DC2-BORDER2:
+        ip_addr: 192.168.0.22
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - B1:
+        ip_addr: 192.168.0.203
+        node_type: generic
+    - B2:
+        ip_addr: 192.168.0.204
+        node_type: generic
+##############################
+##############################
+### Site 1
+##############################
+##############################
+    - S1-R1:
+        ip_addr: 192.168.0.23
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - S1-R2:
+        ip_addr: 192.168.0.24
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - S1-SW1:
+        ip_addr: 192.168.0.25
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - C1:
+        ip_addr: 192.168.0.205
+        node_type: generic
+    - C2:
+        ip_addr: 192.168.0.206
+        node_type: generic
+##############################
+##############################
+### Site 2
+##############################
+##############################
+    - S2-R1:
+        ip_addr: 192.168.0.26
+        node_type: cloudeos
+        instance_type: xlarge
+        # ports:
+        #     - Ethernet1-10
+    - S2-SW1:
+        ip_addr: 192.168.0.27
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+    - D1:
+        ip_addr: 192.168.0.207
+        node_type: generic
+    - D2:
+        ip_addr: 192.168.0.208
+        node_type: generic
+##############################
+##############################
+### Internet
+##############################
+##############################
+    - INTERNET:
+        ip_addr: 192.168.0.28
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+##############################
+##############################
+### DCI-MPLS
+##############################
+##############################
+    - DCI-MPLS:
+        ip_addr: 192.168.0.29
+        node_type: veos
+        instance_type: xlarge
+        ports:
+            - Ethernet1-10
+##############################
+##############################
+### Tools Server
+##############################
+##############################
+    - tools:
+        ip_addr: 192.168.0.9
+        node_type: tools-server
+        instance_type: xlarge
+links:
+##############################
+##############################
+### DC1
+##############################
+##############################
+    - connection:
+        - DC1-SPINE:Ethernet1
+        - DC1-LEAF:Ethernet1
+    - connection:
+        - DC1-SPINE:Ethernet2
+        - DC1-R1:Ethernet1
+    - connection:
+        - DC1-SPINE:Ethernet3
+        - DC1-R2:Ethernet1
+    - connection:
+        - DC1-SPINE:Ethernet4
+        - DC1-BORDER1:Ethernet1
+    - connection:
+        - DC1-SPINE:Ethernet5
+        - DC1-BORDER2:Ethernet1
+    - connection:
+        - DC1-LEAF:Ethernet2
+        - A1:Ethernet1
+    - connection:
+        - DC1-LEAF:Ethernet3
+        - A2:Ethernet1
+##############################
+##############################
+### DC2
+##############################
+##############################
+    - connection:
+        - DC2-SPINE:Ethernet1
+        - DC2-LEAF:Ethernet1
+    - connection:
+        - DC2-SPINE:Ethernet2
+        - DC2-R1:Ethernet1
+    - connection:
+        - DC2-SPINE:Ethernet3
+        - DC2-R2:Ethernet1
+    - connection:
+        - DC2-SPINE:Ethernet4
+        - DC2-BORDER1:Ethernet1
+    - connection:
+        - DC2-SPINE:Ethernet5
+        - DC2-BORDER2:Ethernet1
+    - connection:
+        - DC2-LEAF:Ethernet2
+        - B1:Ethernet1
+    - connection:
+        - DC2-LEAF:Ethernet3
+        - B2:Ethernet1
+##############################
+##############################
+### SITE1
+##############################
+##############################
+    - connection:
+        - S1-R1:Ethernet1
+        - S1-SW1:Ethernet1
+    - connection:
+        - S1-R2:Ethernet1
+        - S1-SW1:Ethernet2
+    - connection:
+        - S1-SW1:Ethernet3
+        - C1:Ethernet1
+    - connection:
+        - S1-SW1:Ethernet4
+        - C2:Ethernet1
+##############################
+##############################
+### SITE2
+##############################
+##############################
+    - connection:
+        - S2-R1:Ethernet1
+        - S2-SW1:Ethernet1
+    - connection:
+        - S2-SW1:Ethernet2
+        - D1:Ethernet1
+    - connection:
+        - S2-SW1:Ethernet3
+        - D2:Ethernet1
+##############################
+##############################
+### INTERNET
+##############################
+##############################
+    - connection:
+        - INTERNET:Ethernet1
+        - DC1-R1:Ethernet2
+    - connection:
+        - INTERNET:Ethernet2
+        - DC1-R2:Ethernet2
+    - connection:
+        - INTERNET:Ethernet3
+        - DC2-R2:Ethernet2
+    - connection:
+        - INTERNET:Ethernet4
+        - DC2-R1:Ethernet2
+    - connection:
+        - INTERNET:Ethernet5
+        - S1-R1:Ethernet2
+    - connection:
+        - INTERNET:Ethernet6
+        - S1-R2:Ethernet2
+    - connection:
+        - INTERNET:Ethernet7
+        - S2-R1:Ethernet2
+##############################
+##############################
+### DCI-MPLS
+##############################
+##############################
+    - connection:
+        - DCI-MPLS:Ethernet1
+        - DC1-BORDER1:Ethernet2
+    - connection:
+        - DCI-MPLS:Ethernet2
+        - DC1-BORDER2:Ethernet2
+    - connection:
+        - DCI-MPLS:Ethernet3
+        - DC2-BORDER2:Ethernet2
+    - connection:
+        - DCI-MPLS:Ethernet4
+        - DC2-BORDER1:Ethernet2
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/ansible.cfg b/tech-library/wan/autovpn/zbackend-infra/act/ansible.cfg
new file mode 100644
index 0000000..203d1ef
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/ansible.cfg
@@ -0,0 +1,45 @@
+[defaults]
+
+# Disable host key checking by the underlying tools Ansible uses to connect to target hosts
+host_key_checking = False
+
+# Location of inventory file containing target hosts
+inventory = ./inventory/inventory.yml
+
+# Only gather Ansible facts if explicity directed to in a given play
+gathering = explicit
+
+# Disable the creation of .retry files if a playbook fails
+retry_files_enabled = False
+
+# Path(s) to search for installed Ansible Galaxy Collections
+collections_paths = ~/.ansible/collections
+
+# Enable additional Jinja2 Extensions (https://jinja.palletsprojects.com/en/3.1.x/extensions/)
+jinja2_extensions =  jinja2.ext.loopcontrols,jinja2.ext.do,jinja2.ext.i18n
+
+# Enable the YAML callback plugin, providing much easier to read terminal output. (https://docs.ansible.com/ansible/latest/plugins/callback.html#callback-plugins)
+# stdout_callback = yaml
+
+# Permit the use of callback plugins when running ad-hoc commands
+bin_ansible_callbacks = True
+
+# List of enabled callbacks. Many callbacks shipped with Ansible are not enabled by default
+callbacks_enabled = profile_roles, profile_tasks, timer
+
+# Maximum number of forks that Ansible will use to execute tasks on target hosts
+forks = 15
+
+# Disable cowsay (Why?)
+nocows = True
+
+[paramiko_connection]
+# Automatically add the keys of target hosts to known hosts
+host_key_auto_add = True
+
+[persistent_connection]
+# Set the amount of time, in seconds, to wait for response from remote device before timing out persistent connection.
+command_timeout = 60
+
+# Set the amount of time, in seconds, that a persistent connection will remain idle before it is destroyed.
+connect_timeout = 60
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/config_grab.yml b/tech-library/wan/autovpn/zbackend-infra/act/config_grab.yml
new file mode 100644
index 0000000..0c3d858
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/config_grab.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Get configs from all switches in topology
+  connection: httpapi
+  hosts: all
+  gather_facts: false
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    config_dir: "{{ playbook_dir }}/../configs/"
+
+  tasks:
+
+    - name: "Save running config to {{ config_dir }}"
+      eos_config:
+        backup: yes
+        backup_options:
+          dir_path: "{{ config_dir }}"
+          filename: "{{ inventory_hostname }}.cfg"
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/config_push.yml b/tech-library/wan/autovpn/zbackend-infra/act/config_push.yml
new file mode 100644
index 0000000..98df966
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/config_push.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Push switch configs
+  connection: httpapi
+  hosts: all
+  gather_facts: false
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    config_dir: "{{ playbook_dir }}/../configs/"
+
+  tasks:
+
+    - name: "Configs from {{ config_dir }}"
+      eos_config:
+        src: "{{ config_dir }}{{ inventory_hostname }}.cfg"
+        replace: config
+        save_when: changed
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/inventory/group_vars/eos.yml b/tech-library/wan/autovpn/zbackend-infra/act/inventory/group_vars/eos.yml
new file mode 100644
index 0000000..82306eb
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/inventory/group_vars/eos.yml
@@ -0,0 +1,10 @@
+ansible_network_os: eos
+ansible_connection: httpapi
+ansible_user: arista
+ansible_password: Arista123!
+ansible_become: true
+ansible_become_method: enable
+ansible_httpapi_use_ssl: true
+ansible_httpapi_validate_certs: false
+ansible_httpapi_ciphers: AES256-SHA:DHE-RSA-AES256-SHA:AES128-SHA:DHE-RSA-AES128-SHA
+ansible_python_interpreter: $(which python3)
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/inventory/inventory.yml b/tech-library/wan/autovpn/zbackend-infra/act/inventory/inventory.yml
new file mode 100644
index 0000000..3169ee5
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/inventory/inventory.yml
@@ -0,0 +1,47 @@
+---
+all:
+  children:
+    eos:
+      children:
+        switches:
+          hosts:
+            DC1-SPINE:
+              ansible_host: 192.168.0.11
+            DC1-LEAF:
+              ansible_host: 192.168.0.12
+            DC1-BORDER1:
+              ansible_host: 192.168.0.15
+            DC1-BORDER2:
+              ansible_host: 192.168.0.16
+            DC2-SPINE:
+              ansible_host: 192.168.0.17
+            DC2-LEAF:
+              ansible_host: 192.168.0.18
+            DC2-BORDER1:
+              ansible_host: 192.168.0.21
+            DC2-BORDER2:
+              ansible_host: 192.168.0.22
+            S1-SW1:
+              ansible_host: 192.168.0.25
+            S2-SW1:
+              ansible_host: 192.168.0.27
+            INTERNET:
+              ansible_host: 192.168.0.28
+            DCI-MPLS:
+              ansible_host: 192.168.0.29
+        routers:
+          hosts:
+            DC1-R1:
+              ansible_host: 192.168.0.13
+            DC1-R2:
+              ansible_host: 192.168.0.14
+            DC2-R1:
+              ansible_host: 192.168.0.19
+            DC2-R2:
+              ansible_host: 192.168.0.20
+            S1-R1:
+              ansible_host: 192.168.0.23
+            S1-R2:
+              ansible_host: 192.168.0.24
+            S2-R1:
+              ansible_host: 192.168.0.26
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/act/push_license.yml b/tech-library/wan/autovpn/zbackend-infra/act/push_license.yml
new file mode 100644
index 0000000..3bd5464
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/act/push_license.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Copy license file
+  hosts: routers
+  gather_facts: false
+  become: yes
+  become_method: enable
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+  tasks:
+
+  - name: Copy license file to {{ inventory_hostname }}
+    ansible.netcommon.net_put:
+      src: ./ipsec-license.json
+      protocol: sftp
+      dest: /mnt/flash/ipsec-license.json
+
+  - name: Install license
+    eos_command:
+      commands:
+        - "license import flash:ipsec-license.json"
+        - "license update"
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER1.cfg
new file mode 100644
index 0000000..50957dd
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER1.cfg
@@ -0,0 +1,192 @@
+! Command: show running-config
+! device: DC1-BORDER1 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$OLWZvAbQ.tHTYv52$uUeLuT1gUOOLy.GDYF/SP0PAq2z8SJhJTQVuhy/uWZaNzHe3EXcnA6HhuuIDcVlWS1Sx3aLRDW2IWMmxetSuw0
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$N5OWcCzWgWrs7bEB$WbejTa44DIoAL84xTBZHHYBp3aIL1824HHkcQdGBxRLazdy86mqOKKn2XuQXhjxIJ48hg6Flu.pf4lZHf04pr.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-BORDER1
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 20
+   name Green
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC1-SPINE1
+   no switchport
+   ip address 172.20.1.7/31
+!
+interface Ethernet2
+   description DCI-MPLS
+   no switchport
+!
+interface Ethernet3
+   no switchport
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.4/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.1.4/32
+!
+interface Management1
+   ip address 192.168.0.15/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan20
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.20.20.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,20 vni 10010,10020
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.1.0/24 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65102
+   router-id 10.0.1.4
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65100
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.1.6 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.1.4:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 20
+      rd 10.0.1.4:10020
+      route-target both 10020:10020
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.1.4:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER2.cfg
new file mode 100644
index 0000000..d87a264
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-BORDER2.cfg
@@ -0,0 +1,192 @@
+! Command: show running-config
+! device: DC1-BORDER2 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$ZESV1V08Bcq1S5sh$5rnC7JjzJgSQEe6P2zUFMCJguvusnM8H1TUmIS5XsLnzfPb.Ir0aAR7RRpPWHFknjWQYFXaiasH6aM.G14vy//
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$xK/zsF8qfbGdfvNe$4/oCM2HwZEwuajUqEF11rF58XEy.Rhea178uzeAeNM7Sm6C.pMwPclIbJeMUfJg7d/IIj0Y0dSV79zAJVzg/i0
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-BORDER2
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 20
+   name Green
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC1-SPINE1
+   no switchport
+   ip address 172.20.1.9/31
+!
+interface Ethernet2
+   description DCI-MPLS
+   no switchport
+!
+interface Ethernet3
+   no switchport
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.5/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.1.5/32
+!
+interface Management1
+   ip address 192.168.0.16/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan20
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.20.20.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,20 vni 10010,10020
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.1.0/24 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65103
+   router-id 10.0.1.5
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65100
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.1.8 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.1.5:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 20
+      rd 10.0.1.5:10020
+      route-target both 10020:10020
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.1.5:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-LEAF.cfg
new file mode 100644
index 0000000..9105b65
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-LEAF.cfg
@@ -0,0 +1,198 @@
+! Command: show running-config
+! device: DC1-LEAF (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$s1jxzmjW2ttON6kg$OxC.aNvL3J9vj2WvB4BzZfEBdZSN6JHNJmIO7TZ.n0bdKX6.kN9DFV4I8xtGYQhQlcDbD6C58yTdz6o//CfTY.
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$uuunx2kWnyts3A9O$PAcugKcEaVM3reh1GMOlt1xDJvRa9P4YVfy/pPh1/dqbeL46bE1FKDMJ1pBjKa/PMhRY0Hww9UJKu5pMSNd3W.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-LEAF
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 20
+   name Green
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC1-SPINE1
+   no switchport
+   ip address 172.20.1.1/31
+!
+interface Ethernet2
+   description HostA1
+   switchport access vlan 10
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet3
+   description HostA2
+   switchport access vlan 20
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.1/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.1.1/32
+!
+interface Management1
+   ip address 192.168.0.12/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan20
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.20.20.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,20 vni 10010,10020
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.1.0/24 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65101
+   router-id 10.0.1.1
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 128
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65100
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.1.0 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.1.1:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 20
+      rd 10.0.1.1:10020
+      route-target both 10020:10020
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.1.1:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      redistribute connected
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R1.cfg
new file mode 100644
index 0000000..c9fedc8
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R1.cfg
@@ -0,0 +1,225 @@
+! Command: show running-config
+! device: DC1-R1 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$ED1xnm7UrjdWxK4w$ccInCZney34BwzKmIkwyy1Jwbf2NZLtAunUieMAckQ0/qvOvcc0320S3KXGFBAPHUXTLpJ1B6jJik0MEdWU/I1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$ITI8L.maOVAZ1LcU$Gx5.fwU2ajz6c69aLixY3DPIYv.WXQ4zAdOqtQkbMMfzZWYaEaCY.ku.wwP.lbC6xRL0tW7UnAoYe9TmfuM9Z/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-R1
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site DC1 id 1
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+      !
+      peer dynamic
+      !
+      peer static router-ip 10.1.1.3
+         name DC1-R2
+         ipv4 address 192.0.2.6
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.1.2
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+   !
+   key controller
+      profile IPSEC-PROFILE
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.1.2/32
+!
+interface Ethernet1
+   description DC1-SPINE1
+   no switchport
+   ip address 172.20.1.3/31
+!
+interface Ethernet2
+   description INTERNET
+   no switchport
+   ip address 192.0.2.2/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.2/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.1.101.2/32
+!
+interface Management1
+   ip address 192.168.0.13/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.1.0/24 le 31
+!
+ip route 0.0.0.0/0 192.0.2.1
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65000
+   router-id 10.0.1.2
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   neighbor default send-community
+   neighbor DC1-EVPN-PEERS peer group
+   neighbor DC1-EVPN-PEERS remote-as 65100
+   neighbor DC1-EVPN-PEERS update-source Loopback0
+   neighbor DC1-EVPN-PEERS ebgp-multihop 3
+   neighbor DC1-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.0.1.201 peer group DC1-EVPN-PEERS
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   neighbor 172.20.1.2 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor DC1-EVPN-PEERS activate
+      neighbor DC1-EVPN-PEERS encapsulation vxlan 
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+      neighbor WAN-OVERLAY-PEERS domain remote
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.1.2:51
+      rd evpn domain remote 10.0.1.2:51
+      route-target import evpn 51:51
+      route-target import evpn domain remote 51:51
+      route-target export evpn 51:51
+      route-target export evpn domain remote 51:51
+      redistribute connected
+!
+stun
+   client
+      server-profile DC1-R2-Ethernet2
+         ip address 192.0.2.6
+      !
+      server-profile DC2-R2-Ethernet2
+         ip address 192.0.2.14
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R2.cfg
new file mode 100644
index 0000000..ddbe624
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-R2.cfg
@@ -0,0 +1,214 @@
+! Command: show running-config
+! device: DC1-R2 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$zhSZX7.hohXlUrld$icgKXAEpiPj7pznIpi3STVQENtX8ma5Ss2yfmNL1BjY/VQ0GPvmjzgHOtj.SxzD2MvEa/mpu0U.m2i3VN6unJ0
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$okkhaL/bsZDz0Rc8$Jcjow0Hb9n70HOxbhZIXAgsVSP/Zzeu7z1F4yjqoowo39StBarr9NdHnEXl2f2QSZNBjIXkP/RnchvQCVvhqa/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-R2
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site DC1 id 1
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   peer dynamic source stun
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.1.3
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.1.3/32
+!
+interface Ethernet1
+   description DC1-SPINE1
+   no switchport
+   ip address 172.20.1.5/31
+!
+interface Ethernet2
+   description INTERNET
+   no switchport
+   ip address 192.0.2.6/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.3/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.1.101.3/32
+!
+interface Management1
+   ip address 192.168.0.14/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.1.0/24 le 31
+!
+ip route 0.0.0.0/0 192.0.2.5
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65000
+   router-id 10.0.1.3
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   bgp cluster-id 10.1.255.255
+   graceful-restart
+   bgp listen range 10.0.0.0/8 peer-group WAN-OVERLAY-PEERS remote-as 65000
+   neighbor default send-community
+   neighbor DC1-EVPN-PEERS peer group
+   neighbor DC1-EVPN-PEERS remote-as 65100
+   neighbor DC1-EVPN-PEERS update-source Loopback0
+   neighbor DC1-EVPN-PEERS ebgp-multihop 3
+   neighbor DC1-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65100
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS route-reflector-client
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.0.1.201 peer group DC1-EVPN-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   neighbor 172.20.1.4 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor DC1-EVPN-PEERS activate
+      neighbor DC1-EVPN-PEERS encapsulation vxlan 
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+      neighbor WAN-OVERLAY-PEERS domain remote
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.1.3:51
+      rd evpn domain remote 10.0.1.3:51
+      route-target import evpn 51:51
+      route-target import evpn domain remote 51:51
+      route-target export evpn 51:51
+      route-target export evpn domain remote 51:51
+      redistribute connected
+!
+stun
+   server
+      local-interface Ethernet2
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC1-SPINE.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-SPINE.cfg
new file mode 100644
index 0000000..8938654
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC1-SPINE.cfg
@@ -0,0 +1,173 @@
+! Command: show running-config
+! device: DC1-SPINE (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$o3r6dfaAROaVU9IZ$E68vVDIZrh0l0RpgxuHEJskVBmyyEGdYveuY5qPvNyRBbiWLc5I6gOBF0846CFVAbRGfZ18j8Wg/hiQPq261z1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$iG2GmcBVTc3h7Axz$HMU63HLvHDy7RIDWwFb6OqnOGdjodLpeNDRMOk9VIf4o0mZWq8SUfSFu57r/orMQb/z0L7R5DH.3s6Uqq9RiP0
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC1-SPINE
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC1-LEAF
+   no switchport
+   ip address 172.20.1.0/31
+!
+interface Ethernet2
+   description DC1-R1
+   no switchport
+   ip address 172.20.1.2/31
+!
+interface Ethernet3
+   description DC1-R2
+   no switchport
+   ip address 172.20.1.4/31
+!
+interface Ethernet4
+   description DC1-BORDER1
+   no switchport
+   ip address 172.20.1.6/31
+!
+interface Ethernet5
+   description DC1-BORDER2
+   no switchport
+   ip address 172.20.1.8/31
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.1.201/32
+!
+interface Management1
+   ip address 192.168.0.11/24
+!
+mac address-table aging-time 1800
+!
+ip routing
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65100
+   router-id 10.0.1.201
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS next-hop-unchanged
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor LOCAL-IPV4-PEERS peer group
+   neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ==
+   neighbor 10.0.1.1 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.1.1 remote-as 65101
+   neighbor 10.0.1.1 description DC1-LEAF.EVPN
+   neighbor 10.0.1.2 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.1.2 remote-as 65000
+   neighbor 10.0.1.2 description DC1-R1.EVPN
+   neighbor 10.0.1.3 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.1.3 remote-as 65000
+   neighbor 10.0.1.3 description DC1-R2.EVPN
+   neighbor 10.0.1.4 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.1.4 remote-as 65102
+   neighbor 10.0.1.4 description DC1-BORDER1.EVPN
+   neighbor 10.0.1.5 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.1.5 remote-as 65103
+   neighbor 10.0.1.5 description DC1-BORDER2.EVPN
+   neighbor 172.20.1.1 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.1.1 remote-as 65101
+   neighbor 172.20.1.1 description DC1-LEAF1.IPV4
+   neighbor 172.20.1.3 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.1.3 remote-as 65000
+   neighbor 172.20.1.3 description DC1-R1.IPV4
+   neighbor 172.20.1.5 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.1.5 remote-as 65000
+   neighbor 172.20.1.5 description DC1-R2.IPV4
+   neighbor 172.20.1.7 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.1.7 remote-as 65102
+   neighbor 172.20.1.7 description DC1-BORDER1.IPV4
+   neighbor 172.20.1.9 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.1.9 remote-as 65103
+   neighbor 172.20.1.9 description DC1-BORDER2.IPV4
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+   !
+   address-family ipv4
+      neighbor LOCAL-IPV4-PEERS activate
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER1.cfg
new file mode 100644
index 0000000..ef9b412
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER1.cfg
@@ -0,0 +1,192 @@
+! Command: show running-config
+! device: DC2-BORDER1 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$jCoot6aZ5dO3P9rU$rrJAJZODdGgFc4LkMYCazwGuB5eA59zlyLe4vGzEP5kD289vfV5v23HGmx68DopBu9pQzoR4kH/ZV1sZuaG3k1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$FXvh9gCzCZVsWmtQ$An7S8i/tJZvH9U1tym5/5fxYp3IMy.qwkBtSV7Zn0yaG4hlPihjAOC2.YjoYfs.XJi8vt/r7HOQ./0l/TAkFh.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-BORDER1
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 30
+   name Orange
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC2-SPINE1
+   no switchport
+   ip address 172.20.2.7/31
+!
+interface Ethernet2
+   description DCI-MPLS
+   no switchport
+!
+interface Ethernet3
+   no switchport
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.4/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.2.4/32
+!
+interface Management1
+   ip address 192.168.0.21/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan30
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.30.30.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,30 vni 10010,10030
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65202
+   router-id 10.0.2.4
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65200
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.2.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.2.6 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.2.4:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 30
+      rd 10.0.2.4:10030
+      route-target both 10030:10030
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.2.4:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER2.cfg
new file mode 100644
index 0000000..51ff9e5
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-BORDER2.cfg
@@ -0,0 +1,192 @@
+! Command: show running-config
+! device: DC2-BORDER2 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$bVdqPMgJBs7/iXm3$jzbHb9LFnC9vY87O27FLq/fuhuL2/QLPzOxwXI/yfoVVPtyc3Yb1aiEzw3yU93WG.8YksQ/UaKN0MCmVh1WKC1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$OZ.nrOQpePDtcO3s$LptxlDmhFawyNtoR9eCGu2AElGUZU1HYzMcGowO9bRRWi3P4Dd8srH.arMOhAPxdhe50N1nU.iuA1NBnf6VC4/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-BORDER2
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 30
+   name Orange
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC2-SPINE1
+   no switchport
+   ip address 172.20.2.9/31
+!
+interface Ethernet2
+   description DCI-MPLS
+   no switchport
+!
+interface Ethernet3
+   no switchport
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.5/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.2.5/32
+!
+interface Management1
+   ip address 192.168.0.22/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan30
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.30.30.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,30 vni 10010,10030
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65203
+   router-id 10.0.2.5
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65200
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.2.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.2.8 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.2.5:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 30
+      rd 10.0.2.5:10030
+      route-target both 10030:10030
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.2.5:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-LEAF.cfg
new file mode 100644
index 0000000..6d06714
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-LEAF.cfg
@@ -0,0 +1,198 @@
+! Command: show running-config
+! device: DC2-LEAF (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$RMkrIrcheDfwp0Hg$1K2LtO3V83ZG6q00NzSAhu7vewDS7gU6erHHIVQML4ueVfRI8dXdpf/o2IgXhSvM5ob5rEL6Ycvd7uutPvnm/1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$xIHmWqNuOdMWuI0k$wsJKgmCFOXjc3.lsoQ.bV1GzXWlUumBKcuQuKh.nxjnoxIsmD9zh4PKxT4HI454oTG5nhlFQ6.B.Sn/GX6SsH.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+dhcp relay
+   tunnel requests disabled
+   mlag peer-link requests disabled
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-LEAF
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree edge-port bpduguard default
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 10
+   name Blue
+!
+vlan 30
+   name Orange
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC2-SPINE1
+   no switchport
+   ip address 172.20.2.1/31
+!
+interface Ethernet2
+   description HostB1
+   switchport access vlan 10
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet3
+   description HostB2
+   switchport access vlan 30
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.1/32
+!
+interface Loopback1
+   description Shared VTEP IP
+   ip address 10.1.2.1/32
+!
+interface Management1
+   ip address 192.168.0.18/24
+!
+interface Vlan10
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.10.10.1/24
+!
+interface Vlan30
+   mtu 9014
+   vrf PROD
+   ip address virtual 10.30.30.1/24
+!
+interface Vxlan1
+   vxlan source-interface Loopback1
+   vxlan udp-port 4789
+   vxlan vlan 10,30 vni 10010,10030
+   vxlan vrf PROD vni 51
+!
+mac address-table aging-time 1800
+!
+ip virtual-router mac-address 00:1c:73:00:00:01
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65201
+   router-id 10.0.2.1
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS remote-as 65200
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor 10.0.2.201 peer group LOCAL-EVPN-PEERS
+   neighbor 172.20.2.0 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 10
+      rd 10.0.2.1:10010
+      route-target both 10010:10010
+      redistribute learned
+   !
+   vlan 30
+      rd 10.0.2.1:10030
+      route-target both 10030:10030
+      redistribute learned
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.2.1:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      redistribute connected
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R1.cfg
new file mode 100644
index 0000000..fc27c42
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R1.cfg
@@ -0,0 +1,225 @@
+! Command: show running-config
+! device: DC2-R1 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$4WN6U7STPUI4kBXy$iQW04yKUlROj9ystlGzHGD/cCD3ZdtRjAVDJV98Aq4uCgcTqu9vVH9ptTcfMMJW56Tx2iXCV/pAP0RfU20uul1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$OE0j/Rvs.DYgIfhT$kH6kxmOomu7sTPA5Qw1q6cXb5mPB2Gv7BhS2h4RvsDL4JsAl4KpC5dN4fTyejuNoToQtGv3NGddpQM0DZdOT0/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-R1
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site DC2 id 2
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
+      !
+      peer dynamic
+      !
+      peer static router-ip 10.1.1.3
+         name DC1-R2
+         ipv4 address 192.0.2.6
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.2.2
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+   !
+   key controller
+      profile IPSEC-PROFILE
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.2.2/32
+!
+interface Ethernet1
+   description DC2-SPINE1
+   no switchport
+   ip address 172.20.2.3/31
+!
+interface Ethernet2
+   description INTERNET
+   no switchport
+   ip address 192.0.2.10/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.2/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.2.101.2/32
+!
+interface Management1
+   ip address 192.168.0.19/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+ip route 0.0.0.0/0 192.0.2.9
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65000
+   router-id 10.0.2.2
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   neighbor default send-community
+   neighbor DC1-EVPN-PEERS peer group
+   neighbor DC1-EVPN-PEERS remote-as 65200
+   neighbor DC1-EVPN-PEERS update-source Loopback0
+   neighbor DC1-EVPN-PEERS ebgp-multihop 3
+   neighbor DC1-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.0.2.201 peer group DC1-EVPN-PEERS
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   neighbor 172.20.2.2 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor DC1-EVPN-PEERS activate
+      neighbor DC1-EVPN-PEERS encapsulation vxlan 
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+      neighbor WAN-OVERLAY-PEERS domain remote
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.2.2:51
+      rd evpn domain remote 10.0.2.2:51
+      route-target import evpn 51:51
+      route-target import evpn domain remote 51:51
+      route-target export evpn 51:51
+      route-target export evpn domain remote 51:51
+      redistribute connected
+!
+stun
+   client
+      server-profile DC1-R2-Ethernet2
+         ip address 192.0.2.6
+      !
+      server-profile DC2-R2-Ethernet2
+         ip address 192.0.2.14
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R2.cfg
new file mode 100644
index 0000000..7e49d57
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-R2.cfg
@@ -0,0 +1,213 @@
+! Command: show running-config
+! device: DC2-R2 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$3vNDO8U.ZqawVSWI$CD/REWB.dLCdnrLFzPBMvGcdTeSUIuL6dEd.eI3pclecLLo3Q6BMYdaV2Yw9gprlw/9F0V80nJrj36BcVU6Ca1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$LHEbj5FwvJlt5hty$h2LLI3RaAyxzMy5Km5xwMQf8Bosr1YE9lFpN3.epMUGREEJaFTbgpAtZfkExlJkEVJ9swMyF2OuqpMbpsgsNk/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-R2
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site DC2 id 2
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   peer dynamic source stun
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+      !
+      peer static router-ip 10.1.1.3
+         name DC2-R2
+         ipv4 address 192.0.2.6
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.2.3
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.2.3/32
+!
+interface Ethernet1
+   description DC2-SPINE1
+   no switchport
+   ip address 172.20.2.5/31
+!
+interface Ethernet2
+   description INTERNET
+   no switchport
+   ip address 192.0.2.14/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.3/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.2.101.3/32
+!
+interface Management1
+   ip address 192.168.0.20/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+ip route 0.0.0.0/0 192.0.2.13
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65000
+   router-id 10.0.2.3
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   bgp cluster-id 10.1.255.255
+   graceful-restart
+   bgp listen range 10.0.0.0/8 peer-group WAN-OVERLAY-PEERS remote-as 65000
+   neighbor default send-community
+   neighbor DC1-EVPN-PEERS peer group
+   neighbor DC1-EVPN-PEERS remote-as 65200
+   neighbor DC1-EVPN-PEERS update-source Loopback0
+   neighbor DC1-EVPN-PEERS ebgp-multihop 3
+   neighbor DC1-EVPN-PEERS password 7 RxqKJj2uKvzsECQR+ApqjA==
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS remote-as 65200
+   neighbor IPv4-UNDERLAY-PEERS password 7 t7gEXzNemRRE24Du53hBEA==
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS route-reflector-client
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.0.2.201 peer group DC1-EVPN-PEERS
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 172.20.2.4 peer group IPv4-UNDERLAY-PEERS
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor DC1-EVPN-PEERS activate
+      neighbor DC1-EVPN-PEERS encapsulation vxlan 
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+      neighbor WAN-OVERLAY-PEERS domain remote
+      route import match-failure action discard
+   !
+   address-family ipv4
+      neighbor IPv4-UNDERLAY-PEERS activate
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd evpn domain all 10.0.2.3:51
+      route-target import evpn 51:51
+      route-target import evpn domain remote 51:51
+      route-target export evpn 51:51
+      route-target export evpn domain remote 51:51
+      redistribute connected
+!
+stun
+   server
+      local-interface Ethernet2
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DC2-SPINE.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-SPINE.cfg
new file mode 100644
index 0000000..94ccc1c
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DC2-SPINE.cfg
@@ -0,0 +1,173 @@
+! Command: show running-config
+! device: DC2-SPINE (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$6EV7vEdpRWGf2Fbo$AdgBhPH3O0Z7GdgYG0dgVTCy3m/GL3QNxl03Khg29u/gRgFOXEXw5EYYiN8AAQeZPBV61GooOZhkLmmy3XnPD.
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$kBap2oocOmseJS1.$wc9/FeeZUHjXOGRJ22HM1ANeXfif/ifTuT3BfdXwvPNuHlRl2J5IgAV.1Y5X15.CXilDTuBQEc8ysWq6mY5J7.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname DC2-SPINE
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description DC2-LEAF
+   no switchport
+   ip address 172.20.2.0/31
+!
+interface Ethernet2
+   description DC2-R1
+   no switchport
+   ip address 172.20.2.2/31
+!
+interface Ethernet3
+   description DC2-R2
+   no switchport
+   ip address 172.20.2.4/31
+!
+interface Ethernet4
+   description DC2-BORDER1
+   no switchport
+   ip address 172.20.2.6/31
+!
+interface Ethernet5
+   description DC2-BORDER2
+   no switchport
+   ip address 172.20.2.8/31
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.2.201/32
+!
+interface Management1
+   ip address 192.168.0.17/24
+!
+mac address-table aging-time 1800
+!
+ip routing
+!
+ip prefix-list PL-LOOPBACKS
+   seq 10 permit 10.0.0.0/16 eq 32
+   seq 20 permit 10.1.0.0/16 eq 32
+!
+ip prefix-list PL-P2P-UNDERLAY
+   seq 10 permit 172.20.0.0/16 le 31
+!
+arp aging timeout default 1500
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS
+!
+route-map RM-CONN-2-BGP permit 20
+   match ip address prefix-list PL-P2P-UNDERLAY
+!
+router bgp 65200
+   router-id 10.0.2.201
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   maximum-paths 4
+   neighbor default send-community
+   neighbor LOCAL-EVPN-PEERS peer group
+   neighbor LOCAL-EVPN-PEERS next-hop-unchanged
+   neighbor LOCAL-EVPN-PEERS update-source Loopback0
+   neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
+   neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor LOCAL-IPV4-PEERS peer group
+   neighbor LOCAL-IPV4-PEERS password 7 DGMjRCIj8IZAFhehikpUIQ==
+   neighbor 10.0.2.1 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.2.1 remote-as 65201
+   neighbor 10.0.2.1 description DC2-LEAF.EVPN
+   neighbor 10.0.2.2 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.2.2 remote-as 65000
+   neighbor 10.0.2.2 description DC2-R1.EVPN
+   neighbor 10.0.2.3 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.2.3 remote-as 65000
+   neighbor 10.0.2.3 description DC2-R2.EVPN
+   neighbor 10.0.2.4 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.2.4 remote-as 65202
+   neighbor 10.0.2.4 description DC2-BORDER1.EVPN
+   neighbor 10.0.2.5 peer group LOCAL-EVPN-PEERS
+   neighbor 10.0.2.5 remote-as 65203
+   neighbor 10.0.2.5 description DC2-BORDER2.EVPN
+   neighbor 172.20.2.1 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.2.1 remote-as 65201
+   neighbor 172.20.2.1 description DC2-LEAF1.IPV4
+   neighbor 172.20.2.3 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.2.3 remote-as 65000
+   neighbor 172.20.2.3 description DC2-R1.IPV4
+   neighbor 172.20.2.5 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.2.5 remote-as 65000
+   neighbor 172.20.2.5 description DC2-R2.IPV4
+   neighbor 172.20.2.7 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.2.7 remote-as 65202
+   neighbor 172.20.2.7 description DC2-BORDER1.IPV4
+   neighbor 172.20.2.9 peer group LOCAL-IPV4-PEERS
+   neighbor 172.20.2.9 remote-as 65203
+   neighbor 172.20.2.9 description DC2-BORDER2.IPV4
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   address-family evpn
+      neighbor LOCAL-EVPN-PEERS activate
+   !
+   address-family ipv4
+      neighbor LOCAL-IPV4-PEERS activate
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/DCI-MPLS.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/DCI-MPLS.cfg
new file mode 100644
index 0000000..c42acea
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/DCI-MPLS.cfg
@@ -0,0 +1,86 @@
+! Command: show running-config
+! device: DCI-MPLS (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$0RA3tWDRnjG90HoO$foLfferp/sMxSPoEMB.YuEibi1w25L2poToA/4npJK4TXAE5ET90P.9XQLy3UiFep6wawhXBXILMFD1K9L1wF.
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$H55VLaJcprSjJb0U$xoN65aYlsQYdW2NhwFHnJ/5f9xa0EOzrjY/Q/ynDWYl8AKvOoI.jcii5aWJKNeN9NdsmH3apS1RLau1PAak9./
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+service routing protocols model multi-agent
+!
+hostname DCI-MPLS
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   no switchport
+!
+interface Ethernet2
+   no switchport
+!
+interface Ethernet3
+   no switchport
+!
+interface Ethernet4
+   no switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Management1
+   ip address 192.168.0.29/24
+!
+ip routing
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/INTERNET.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/INTERNET.cfg
new file mode 100644
index 0000000..1af5e81
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/INTERNET.cfg
@@ -0,0 +1,106 @@
+! Command: show running-config
+! device: INTERNET (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$ILBc9cgYS3nlvPa2$LEJCzXVon9twI8QV4e6qjlpH9vI27GV1oyM74tkaClTiMh17tLm8JEwVcmBW/kb/XkngOgbadgb.HGoSOLEUx.
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$XyTRPOsbkE9SRt2R$tsoSxSmV/CHp9bpsTQxCG98GM6k41X7NbtgLXMWhPGeff.PUbSkFJToYksc6ARmA.muQUI9RKI18GKghau43z.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname INTERNET
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance INET
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   no switchport
+   vrf INET
+   ip address 192.0.2.1/30
+!
+interface Ethernet2
+   no switchport
+   vrf INET
+   ip address 192.0.2.5/30
+!
+interface Ethernet3
+   no switchport
+   vrf INET
+   ip address 192.0.2.13/30
+!
+interface Ethernet4
+   no switchport
+   vrf INET
+   ip address 192.0.2.9/30
+!
+interface Ethernet5
+   no switchport
+   vrf INET
+   ip address 192.0.2.17/30
+!
+interface Ethernet6
+   no switchport
+   vrf INET
+   ip address 192.0.2.21/30
+!
+interface Ethernet7
+   no switchport
+   vrf INET
+   ip address 192.0.2.25/30
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Management1
+   ip address 192.168.0.28/24
+!
+ip routing
+ip routing vrf INET
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/S1-R1.cfg
new file mode 100644
index 0000000..217c510
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/S1-R1.cfg
@@ -0,0 +1,198 @@
+! Command: show running-config
+! device: S1-R1 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$F/QBjsTcXLJ6YOde$0KNpWW/XV0rC4pVntK3paljMlSlelVPlAW4am9sc/3iV6nlf4Mto/YxN43SugZXOUsjzwb0ly3Oj7JkajAGP91
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$H2wqHgRgkPNhW52Z$5Da1CfJr7XYpOlml3YAgHBU76mO4ar.HhrGL7VD6Qn0Yl2HxCRuntCIfxYWgJQ/KDsWBvgG3jm8DqvUjJQXk/0
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname S1-R1
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site SITE1 id 3
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+      !
+      peer dynamic
+      !
+      peer static router-ip 10.1.1.3
+         name DC1-R2
+         ipv4 address 192.0.2.6
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.3.1
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+   !
+   key controller
+      profile IPSEC-PROFILE
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.3.1/32
+!
+interface Ethernet1
+   no switchport
+!
+interface Ethernet1.101
+   encapsulation dot1q vlan 101
+   vrf PROD
+   ip address 172.20.3.0/31
+!
+interface Ethernet2
+   no switchport
+   ip address 192.0.2.18/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.3.1/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.101.3.1/32
+!
+interface Management1
+   ip address 192.168.0.23/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip route 0.0.0.0/0 192.0.2.17
+!
+arp aging timeout default 1500
+!
+router bgp 65000
+   router-id 10.0.3.1
+   no bgp default ipv4-unicast
+   distance bgp 20 200 200
+   graceful-restart restart-time 300
+   graceful-restart
+   neighbor default send-community
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   !
+   address-family evpn
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.3.1:51
+      rd evpn domain remote 10.0.3.1:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      neighbor 172.20.3.1 remote-as 65300
+      redistribute connected
+      !
+      address-family ipv4
+         neighbor 172.20.3.1 activate
+!
+stun
+   client
+      server-profile DC1-R2-Ethernet2
+         ip address 192.0.2.6
+      !
+      server-profile DC2-R2-Ethernet2
+         ip address 192.0.2.14
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/S1-R2.cfg
new file mode 100644
index 0000000..d7dc733
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/S1-R2.cfg
@@ -0,0 +1,193 @@
+! Command: show running-config
+! device: S1-R2 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$BoImpOzZYKooLwq0$u88px.izKzEL/wFg0RBIeRhul4dd3BP.ywfqkH3xYRQ9kzjXp8mHJU/SMbQI7ilMBSzoZ67hTVNB35FnUG0RV0
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$qvd1MQvPbgWV3zpP$P4SW29RVT7420A7T2n.rl9MKwzjzXdSGrU/5zugODlThwoEaM/LfLQWjziAzALOHj5.aElhzMtI0EtwYxXttH.
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname S1-R2
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site SITE1 id 3
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+      !
+      peer dynamic
+      !
+      peer static router-ip 10.1.1.3
+         name DC1-R2
+         ipv4 address 192.0.2.6
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.3.2
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+   !
+   key controller
+      profile IPSEC-PROFILE
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.3.2/32
+!
+interface Ethernet1
+   no switchport
+   ip address 172.20.3.2/31
+!
+interface Ethernet1.101
+   encapsulation dot1q vlan 101
+   vrf PROD
+   ip address 172.20.3.4/31
+!
+interface Ethernet2
+   no switchport
+   ip address 192.0.2.22/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.3.2/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.101.3.2/32
+!
+interface Management1
+   ip address 192.168.0.24/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf PROD
+!
+ip route 0.0.0.0/0 192.0.2.21
+!
+arp aging timeout default 1500
+!
+router bgp 65000
+   neighbor default send-community
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   !
+   address-family evpn
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.3.2:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      neighbor 172.20.3.5 remote-as 65300
+      redistribute connected
+      !
+      address-family ipv4
+         neighbor 172.20.3.5 activate
+!
+stun
+   client
+      server-profile DC1-R2-Ethernet2
+         ip address 192.0.2.6
+      !
+      server-profile DC2-R2-Ethernet2
+         ip address 192.0.2.14
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/S1-SW1.cfg
new file mode 100644
index 0000000..1b9f5e1
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/S1-SW1.cfg
@@ -0,0 +1,155 @@
+! Command: show running-config
+! device: S1-SW1 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$ML8DgQjfYaReQRlI$qzZb6r7JAdDSQojguEIzONRD.zCfSrnaoC4PyToKngh/vFfvrKaA0iA.28glog4puRqz7/YF2a8/aLcj4Ysab.
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$7k1t6daMzDccVNQS$YqAASXZtAC5FCpHr8cd1iV3KTRHvWo75uyM/X.E0txvGYQzi2/JiDveVRMxUJeQQp.z2x7.fm/guAsepgY7Q.0
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname S1-SW1
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 40
+   name Purple
+!
+vlan 50
+   name Red
+!
+vrf instance DEV
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   no switchport
+!
+interface Ethernet1.101
+   encapsulation dot1q vlan 101
+   vrf PROD
+   ip address 172.20.3.1/31
+!
+interface Ethernet1.102
+   encapsulation dot1q vlan 102
+   vrf DEV
+   ip address 172.20.3.3/31
+!
+interface Ethernet2
+   no switchport
+!
+interface Ethernet2.101
+   encapsulation dot1q vlan 101
+   vrf PROD
+   ip address 172.20.3.5/31
+!
+interface Ethernet2.102
+   encapsulation dot1q vlan 102
+   vrf DEV
+   ip address 172.20.3.7/31
+!
+interface Ethernet3
+   description HostC1
+   switchport access vlan 40
+   switchport
+!
+interface Ethernet4
+   description HostC2
+   switchport access vlan 50
+   switchport
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.3.3/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.101.3.3/32
+!
+interface Management1
+   ip address 192.168.0.25/24
+!
+interface Vlan40
+   vrf PROD
+   ip address 10.40.40.1/24
+!
+interface Vlan50
+   vrf DEV
+   ip address 10.50.50.1/24
+!
+ip routing
+ip routing vrf DEV
+ip routing vrf PROD
+!
+router bgp 65300
+   router-id 10.0.3.3
+   !
+   vrf DEV
+      neighbor 172.20.3.2 remote-as 65000
+      neighbor 172.20.3.6 remote-as 65000
+      redistribute connected
+   !
+   vrf PROD
+      neighbor 172.20.3.0 remote-as 65000
+      neighbor 172.20.3.4 remote-as 65000
+      redistribute connected
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/S2-R1.cfg
new file mode 100644
index 0000000..cb3d687
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/S2-R1.cfg
@@ -0,0 +1,197 @@
+! Command: show running-config
+! device: S2-R1 (vEOS, EOS-4.32.2F-cloud)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$lDAaeA/nIYLnKO8l$aod/IYOTml.zrXd2YHshiR2DSgsvMpEYFZmT0I44LRL.8ybKIFPG/SIuPPvAY6ocuFr14w2./unRCuLzDVda8/
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$N1GB.m6ket/jP8s7$EocAvZznuVWcyq2rbHv5CugPZy3ra6q8hpjyzZO4brux90vAfOY8Fr6kij4exCgGQxpuZ3thnS5Og8Qa7/.GQ/
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+interface defaults
+   mtu 9214
+!
+service routing protocols model multi-agent
+!
+hostname S2-R1
+ip name-server vrf default 169.254.169.254
+!
+router adaptive-virtual-topology
+   topology role edge gateway vxlan
+   region REGION1 id 1
+   zone REGION1-ZONE1 id 1
+   site SITE2 id 4
+   !
+   policy DEFAULT-AVT-POLICY
+      match application-profile default
+         avt profile DEFAULT-AVT-PROFILE
+   !
+   profile DEFAULT-AVT-PROFILE
+      path-selection load-balance DEFAULT-LB-POLICY
+   !
+   vrf PROD
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
+   vrf default
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   path-group INET id 1
+      ipsec profile IPSEC-PROFILE
+      !
+      local interface Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
+      !
+      peer dynamic
+      !
+      peer static router-ip 10.1.1.3
+         name DC1-R2
+         ipv4 address 192.0.2.6
+      !
+      peer static router-ip 10.1.2.3
+         name DC2-R2
+         ipv4 address 192.0.2.14
+   !
+   load-balance policy DEFAULT-LB-POLICY
+      path-group INET
+!
+spanning-tree mode none
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vrf instance DEV
+!
+vrf instance PROD
+!
+aaa authorization exec default local
+!
+ip security
+   ike policy IPSEC-IKE-POLICY
+      local-id 10.1.4.1
+   !
+   sa policy IPSEC-SA-POLICY
+   !
+   profile IPSEC-PROFILE
+      ike-policy IPSEC-IKE-POLICY
+      sa-policy IPSEC-SA-POLICY
+      connection start
+      shared-key 7 0110100A480E0A0E231D1E
+      dpd 10 50 clear
+      mode transport
+      !
+      flow entropy udp
+   !
+   key controller
+      profile IPSEC-PROFILE
+!
+interface Dps1
+   description TEP IP
+   ip address 10.1.4.1/32
+!
+interface Ethernet1
+   no switchport
+!
+interface Ethernet1.60
+   encapsulation dot1q vlan 60
+   vrf PROD
+   ip address 10.60.60.1/24
+!
+interface Ethernet1.70
+   encapsulation dot1q vlan 70
+   vrf DEV
+   ip address 10.70.70.1/24
+!
+interface Ethernet2
+   description INET
+   no switchport
+   ip address 192.0.2.26/30
+!
+interface Loopback0
+   description Globally Unique Address
+   ip address 10.0.4.1/32
+!
+interface Loopback101
+   vrf PROD
+   ip address 10.101.4.1/32
+!
+interface Management1
+   ip address 192.168.0.26/24
+!
+interface Vxlan1
+   vxlan source-interface Dps1
+   vxlan udp-port 4789
+   vxlan vrf PROD vni 51
+   vxlan vrf default vni 50
+!
+mac address-table aging-time 1800
+!
+ip routing
+ip routing vrf DEV
+ip routing vrf PROD
+!
+ip route 0.0.0.0/0 192.0.2.25
+!
+arp aging timeout default 1500
+!
+router bgp 65000
+   neighbor default send-community
+   neighbor WAN-OVERLAY-PEERS peer group
+   neighbor WAN-OVERLAY-PEERS remote-as 65000
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
+   neighbor WAN-OVERLAY-PEERS bfd
+   neighbor WAN-OVERLAY-PEERS bfd interval 5000 min-rx 5000 multiplier 3
+   neighbor WAN-OVERLAY-PEERS password 7 Jasxt4q1i1EVo3kE0U5v4w==
+   neighbor WAN-OVERLAY-PEERS maximum-routes 0
+   neighbor 10.1.1.3 peer group WAN-OVERLAY-PEERS
+   neighbor 10.1.2.3 peer group WAN-OVERLAY-PEERS
+   !
+   address-family evpn
+      neighbor WAN-OVERLAY-PEERS activate
+      neighbor WAN-OVERLAY-PEERS encapsulation path-selection 
+   !
+   address-family path-selection
+      bgp additional-paths receive
+      bgp additional-paths send any
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf PROD
+      rd 10.0.4.1:51
+      route-target import evpn 51:51
+      route-target export evpn 51:51
+      redistribute connected
+!
+stun
+   client
+      server-profile DC1-R2-Ethernet2
+         ip address 192.0.2.6
+      !
+      server-profile DC2-R2-Ethernet2
+         ip address 192.0.2.14
+!
+end
\ No newline at end of file
diff --git a/tech-library/wan/autovpn/zbackend-infra/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/configs/S2-SW1.cfg
new file mode 100644
index 0000000..cd3cc5b
--- /dev/null
+++ b/tech-library/wan/autovpn/zbackend-infra/configs/S2-SW1.cfg
@@ -0,0 +1,101 @@
+! Command: show running-config
+! device: S2-SW1 (vEOS-lab, EOS-4.32.2F)
+!
+! boot system flash:/CloudEOS.swi
+!
+no aaa root
+no username admin
+!
+username arista privilege 15 role network-admin secret sha512 $6$eZ1EdT0cIIhn07u6$I9X3.3DhgL/sslTvTCoEqP9ZljL6.UR7G6.7EfZskKNZjJp0.nXr633uZ8L0p1axZFMDk.dnIVInTmzL0hACg1
+username ec2-user shell /bin/bash nopassword
+username ec2-user ssh-key ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqYRiarL05QtzFXECvfDf/ca7UMj5F4S5AgYYvEKGYEVscfW5cV7PD2zfxbd6IuMs33Z4yFllxfRGJWlz5FwSGaR5BNlDyKPjKTGq9CBkCAQuRwR9B9htpDGqz0j5SKNSUWwSV4XXkHSoAs19FN4oMWRW0bY8ji8NXSX02Anz9vPFbogHKCfRpEN2CCkY2qHGwOpPDNozIztMPFv6Hy9UirJFkgNI3ofMce0HoOlRlwL7h018uEGoUC0wTq9YqzGOKLLv8JpRhXiubMydl+X6IMdpVt7zvVt+JmYc2DUB5aCTupSDq1Sbz8i2B8ZkQ56To/HoG+Ihl9tcYBC/ZrSoRK+1fYM7HnwLwdVI4wkdW1LCRw0tVgVtHuo7/7Js1s2sjjEOv0kYnuk3QCMj17Og2qbggOs9Cwk3gOmEC6/N2Rbw5NFBChqmYLD74uZb5M3RMa4RJqnaV6WuoDiY89+4GzOs0dxv/fNACfXDXXrmC//Hp0Q7OHTJxOfs87vka+sk= root@buildkitsandbox
+username gcp-user secret *
+username gcp-user ssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGPEoZ2l67eEEwrlGfBAHPMx44IoqhyfjqXj2Ka4PxLuHgi1mv131VuCRlyWjOjddccyFUilfR1Bprdmd1Tj7o4Q11YQ138LOqFWJT3h0pxgHFdIHo70y4rI8aL15ixukZYa+g9KX8qTN+ZpFfea2d3CEFzMp+Y3xVPiWwLKzalq1JwT5J4MK2VHCbcnpN3zRON+gca/iZH9upA0WaXWJXNBnYXrgXFVGCJFk6Yl1ZXIGnEcKGe44c77zWgF4C66VhltsW999XD5vF31f6TTs25qxGScsiKMDg2uM1AzVg5KfxxhVy5HKd23YJJMytvUXL9h5Wq1HEEluSCcFtNI81
+username service shell /bin/bash secret sha512 $6$6cYVhyANa9OQVGY6$7aDWDxMmuAB5NJeNef0pLyzFuR/4Yhd007TAgj14RJYtwlgc2A8IeLdvEbwpn5V3wm0FiBO4jvx3T0cJ1ngyC1
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP='true'
+!
+management api http-commands
+   no shutdown
+!
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -cvaddr=192.168.0.5:9910 -cvauth=token,/tmp/token -cvvrf=default -taillogs
+   no shutdown
+!
+switchport default mode routed
+!
+no service interface inactive port-id allocation disabled
+!
+transceiver qsfp default-mode 4x10G
+!
+service routing protocols model multi-agent
+!
+hostname S2-SW1
+ip name-server vrf default 169.254.169.254
+!
+spanning-tree mode mstp
+spanning-tree mst 0 priority 0
+!
+system l1
+   unsupported speed action error
+   unsupported error-correction action error
+!
+vlan 60
+   name Brown
+!
+vlan 70
+   name Pink
+!
+aaa authorization exec default local
+!
+interface Ethernet1
+   description S2-R1
+   switchport mode trunk
+   switchport
+!
+interface Ethernet2
+   no switchport
+!
+interface Ethernet3
+   description HostD1
+   switchport access vlan 60
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet4
+   description HostD2
+   switchport access vlan 70
+   switchport
+   spanning-tree portfast
+!
+interface Ethernet5
+   no switchport
+!
+interface Ethernet6
+   no switchport
+!
+interface Ethernet7
+   no switchport
+!
+interface Ethernet8
+   no switchport
+!
+interface Ethernet9
+   no switchport
+!
+interface Ethernet10
+   no switchport
+!
+interface Management1
+   ip address 192.168.0.27/24
+!
+ip routing
+!
+router multicast
+   ipv4
+      software-forwarding kernel
+   !
+   ipv6
+      software-forwarding kernel
+!
+end
\ No newline at end of file