diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml index 402cd59..af88f75 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml @@ -121,6 +121,15 @@ topology: exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.20.20.101/24 -i6 2001:db8:20:20::101/64 -g 10.20.20.1 + HostA3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.203 + ports: + - '22203:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + ########################### ##### DC2 ########################### @@ -198,20 +207,29 @@ topology: HostB1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.203 + mgmt-ipv4: 172.100.100.204 ports: - - '22203:22' + - '22204:22' exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.10.10.102/24 -i6 2001:db8:10:10::102/64 -g 10.10.10.1 HostB2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.204 + mgmt-ipv4: 172.100.100.205 ports: - - '22204:22' + - '22205:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::101/64 -g 10.40.40.1 + + HostB3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.206 + ports: + - '22206:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 ########################### ##### SITE1 @@ -263,20 +281,20 @@ topology: HostC1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.205 + mgmt-ipv4: 172.100.100.207 ports: - - '22205:22' + - '22207:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::102/64 -g 10.40.40.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 HostC2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.206 + mgmt-ipv4: 172.100.100.208 ports: - - '22206:22' + - '22208:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 ########################### ##### SITE2 @@ -311,20 +329,20 @@ topology: HostD1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.207 + mgmt-ipv4: 172.100.100.209 ports: - - '22207:22' + - '22209:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.80.80.101/24 -i6 2001:db8:80:80::102/64 -g 10.80.80.1 HostD2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.208 + mgmt-ipv4: 172.100.100.210 ports: - - '22208:22' + - '22210:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.90.90.101/24 -i6 2001:db8:90:90::101/64 -g 10.90.90.1 ########################### ##### INTERNET @@ -363,6 +381,7 @@ topology: - endpoints: ["DC1-SPINE:et5", "DC1-BORDER2:et1"] - endpoints: ["DC1-LEAF:et2", "HostA1:eth1"] - endpoints: ["DC1-LEAF:et3", "HostA2:eth1"] + - endpoints: ["DC1-LEAF:et4", "HostA3:eth1"] ##################### ### DC1 2 ##################### @@ -373,6 +392,7 @@ topology: - endpoints: ["DC2-SPINE:et5", "DC2-BORDER2:et1"] - endpoints: ["DC2-LEAF:et2", "HostB1:eth1"] - endpoints: ["DC2-LEAF:et3", "HostB2:eth1"] + - endpoints: ["DC2-LEAF:et4", "HostB3:eth1"] ##################### ### Site1 ##################### diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg index a6ce597..8d2cd7d 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg @@ -43,6 +43,11 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -80,10 +85,16 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -91,6 +102,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -141,6 +153,11 @@ router bgp 65102 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.4:10030 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -148,6 +165,11 @@ router bgp 65102 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.1.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + ! vrf PROD rd 10.0.1.4:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg index c87447e..af0d23c 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg @@ -43,6 +43,11 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -80,10 +85,16 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -91,6 +102,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -148,6 +160,11 @@ router bgp 65103 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.1.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + ! vrf PROD rd 10.0.1.5:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg index 2215ac9..b0061bd 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg @@ -43,6 +43,11 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -66,6 +71,12 @@ interface Ethernet3 switchport spanning-tree portfast ! +interface Ethernet4 + description HostA3 + switchport access vlan 30 + switchport + spanning-tree portfast +! interface Loopback0 description Globally Unique Address ip address 10.0.1.1/32 @@ -88,10 +99,16 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -99,6 +116,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -149,6 +167,11 @@ router bgp 65101 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.1:10023 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -156,6 +179,12 @@ router bgp 65101 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.1.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! vrf PROD rd 10.0.1.1:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index 1ef1d8b..d12cdbd 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -54,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 + stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 ! peer dynamic ! @@ -75,6 +79,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -122,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.102/24 @@ -129,12 +139,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -200,6 +212,15 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.1.2:52 + rd evpn domain remote 10.0.1.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected + ! vrf PROD rd 10.0.1.2:51 rd evpn domain remote 10.0.1.2:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index 4d8edfe..2d04202 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -69,6 +73,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -113,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.103/24 @@ -120,12 +130,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -193,6 +205,15 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.1.3:52 + rd evpn domain remote 10.0.1.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected + ! vrf PROD rd 10.0.1.3:51 rd evpn domain remote 10.0.1.3:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg index 990b377..4bdb462 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg @@ -40,9 +40,14 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -63,7 +68,7 @@ interface Loopback0 ip address 10.0.2.4/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.4/32 ! interface Management0 @@ -75,15 +80,21 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -91,6 +102,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -136,9 +148,14 @@ router bgp 65202 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.4:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.4:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.4:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -148,6 +165,11 @@ router bgp 65202 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.2.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + ! vrf PROD rd 10.0.2.4:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg index 3661110..0d8fd67 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg @@ -41,9 +41,14 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -64,7 +69,7 @@ interface Loopback0 ip address 10.0.2.5/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.5/32 ! interface Management0 @@ -76,15 +81,21 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -92,6 +103,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -137,9 +149,14 @@ router bgp 65203 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.5:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.5:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.5:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -149,6 +166,11 @@ router bgp 65203 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.2.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + ! vrf PROD rd 10.0.2.5:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg index 8c4890b..828e1c7 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg @@ -40,9 +40,14 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -62,7 +67,13 @@ interface Ethernet2 ! interface Ethernet3 description HostB2 - switchport access vlan 30 + switchport access vlan 40 + switchport + spanning-tree portfast +! +interface Ethernet4 + description HostB3 + switchport access vlan 50 switchport spanning-tree portfast ! @@ -83,15 +94,21 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 @@ -99,6 +116,7 @@ mac address-table aging-time 1800 ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -144,9 +162,14 @@ router bgp 65201 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.1:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.1:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.1:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -156,6 +179,12 @@ router bgp 65201 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! + vrf DEV + rd 10.0.2.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! vrf PROD rd 10.0.2.1:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index fd7a8c9..f6edf89 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -75,6 +79,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -122,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.108/24 @@ -129,12 +139,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -200,6 +212,15 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.2.2:52 + rd evpn domain remote 10.0.2.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected + ! vrf PROD rd 10.0.2.2:51 rd evpn domain remote 10.0.2.2:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 0a55fe6..73788d9 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -69,6 +73,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -113,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.109/24 @@ -120,12 +130,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -193,6 +205,14 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd evpn domain all 10.0.2.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected + ! vrf PROD rd evpn domain all 10.0.2.3:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 8f43d02..90edefe 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -54,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 + stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 ! peer dynamic ! @@ -75,6 +79,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -112,6 +118,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.0/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.2/31 +! interface Ethernet2 no switchport ip address 192.0.2.18/30 @@ -124,6 +135,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.1/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.1/32 +! interface Management1 vrf MGMT ip address 172.100.100.112/24 @@ -131,12 +146,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -171,6 +188,17 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.1:52 + rd evpn domain remote 10.0.3.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.3 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.3 activate + ! vrf PROD rd 10.0.3.1:51 rd evpn domain remote 10.0.3.1:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index 2925b12..8d7e834 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -75,6 +79,8 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD @@ -113,6 +119,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.4/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.6/31 +! interface Ethernet2 no switchport ip address 192.0.2.22/30 @@ -125,6 +136,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.113/24 @@ -132,12 +147,14 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD ! @@ -167,6 +184,16 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.2:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.7 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.7 activate + ! vrf PROD rd 10.0.3.2:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg index 546aee4..838b974 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg @@ -32,10 +32,10 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 40 +vlan 60 name Purple ! -vlan 50 +vlan 70 name Red ! vrf instance DEV @@ -74,13 +74,15 @@ interface Ethernet2.102 ! interface Ethernet3 description HostC1 - switchport access vlan 40 + switchport access vlan 60 switchport + spanning-tree portfast ! interface Ethernet4 description HostC2 - switchport access vlan 50 + switchport access vlan 70 switchport + spanning-tree portfast ! interface Loopback0 description Globally Unique Address @@ -94,13 +96,13 @@ interface Management0 vrf MGMT ip address 172.100.100.114/24 ! -interface Vlan40 +interface Vlan60 vrf PROD - ip address 10.40.40.1/24 + ip address 10.60.60.1/24 ! -interface Vlan50 +interface Vlan70 vrf DEV - ip address 10.50.50.1/24 + ip address 10.70.70.1/24 ! ip routing ip routing vrf DEV diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index b1442ff..a090175 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -39,6 +39,10 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -109,15 +113,15 @@ interface Dps1 interface Ethernet1 no switchport ! -interface Ethernet1.60 - encapsulation dot1q vlan 60 +interface Ethernet1.80 + encapsulation dot1q vlan 80 vrf PROD - ip address 10.60.60.1/24 + ip address 10.80.80.1/24 ! -interface Ethernet1.70 - encapsulation dot1q vlan 70 +interface Ethernet1.90 + encapsulation dot1q vlan 90 vrf DEV - ip address 10.70.70.1/24 + ip address 10.90.90.1/24 ! interface Ethernet2 description INET @@ -129,8 +133,10 @@ interface Loopback0 ip address 10.0.4.1/32 ! interface Loopback101 - vrf PROD - ip address 10.101.4.1/32 + vrf DEV + ip address 10.102.4.1/32 +! +interface Loopback102 ! interface Management1 vrf MGMT @@ -139,6 +145,7 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 + vxlan vrf DEV vni 52 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! @@ -175,6 +182,12 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.4.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! vrf PROD rd 10.0.4.1:51 route-target import evpn 51:51 diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg index b0bc7cb..5fed35b 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg @@ -32,11 +32,11 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 60 +vlan 80 name Brown ! -vlan 70 - name Pink +vlan 90 + name Gray ! vrf instance MGMT ! @@ -49,13 +49,13 @@ interface Ethernet1 ! interface Ethernet2 description HostD1 - switchport access vlan 60 + switchport access vlan 80 switchport spanning-tree portfast ! interface Ethernet3 description HostD2 - switchport access vlan 70 + switchport access vlan 90 switchport spanning-tree portfast ! diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml index 33fd233..dc204e2 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml @@ -8,11 +8,11 @@ tasks: - - name: Copy license file to {{ inventory_hostname }} - ansible.netcommon.net_put: - src: ./ipsec-license.json - protocol: sftp - dest: /mnt/flash/ipsec-license.json + # - name: Copy license file to {{ inventory_hostname }} + # ansible.netcommon.net_put: + # src: ./ipsec-license.json + # protocol: sftp + # dest: /mnt/flash/ipsec-license.json - name: Install license eos_command: