From 8efcd245eacb0d3381d2358b8ad5ee2beae95b47 Mon Sep 17 00:00:00 2001 From: Mitch Vaughan Date: Wed, 4 Sep 2024 21:51:22 +0000 Subject: [PATCH 1/2] autovpn dg clab --- .../clab/clab-wan-autovpn-dg.yml | 54 +++++++++++++------ .../clab/configs/DC1-BORDER1.cfg | 27 +++++++++- .../clab/configs/DC1-BORDER2.cfg | 21 +++++++- .../zbackend-infra/clab/configs/DC1-LEAF.cfg | 33 +++++++++++- .../zbackend-infra/clab/configs/DC1-R1.cfg | 23 ++++++-- .../zbackend-infra/clab/configs/DC1-R2.cfg | 22 ++++++-- .../clab/configs/DC2-BORDER1.cfg | 40 ++++++++++---- .../clab/configs/DC2-BORDER2.cfg | 40 ++++++++++---- .../zbackend-infra/clab/configs/DC2-LEAF.cfg | 47 ++++++++++++---- .../zbackend-infra/clab/configs/DC2-R1.cfg | 23 ++++++-- .../zbackend-infra/clab/configs/DC2-R2.cfg | 22 ++++++-- .../zbackend-infra/clab/configs/S1-R1.cfg | 21 +++++++- .../zbackend-infra/clab/configs/S1-R2.cfg | 20 ++++++- .../zbackend-infra/clab/configs/S1-SW1.cfg | 20 +++---- .../zbackend-infra/clab/configs/S2-R1.cfg | 15 +++++- .../zbackend-infra/clab/configs/S2-SW1.cfg | 12 ++--- 16 files changed, 357 insertions(+), 83 deletions(-) diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml index 402cd59..af88f75 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml @@ -121,6 +121,15 @@ topology: exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.20.20.101/24 -i6 2001:db8:20:20::101/64 -g 10.20.20.1 + HostA3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.203 + ports: + - '22203:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + ########################### ##### DC2 ########################### @@ -198,20 +207,29 @@ topology: HostB1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.203 + mgmt-ipv4: 172.100.100.204 ports: - - '22203:22' + - '22204:22' exec: - bash /usr/local/bin/hostnetconfig.sh -i4 10.10.10.102/24 -i6 2001:db8:10:10::102/64 -g 10.10.10.1 HostB2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.204 + mgmt-ipv4: 172.100.100.205 ports: - - '22204:22' + - '22205:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::101/64 -g 10.40.40.1 + + HostB3: + kind: linux + image: mitchv85/devhost + mgmt-ipv4: 172.100.100.206 + ports: + - '22206:22' + exec: + - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 ########################### ##### SITE1 @@ -263,20 +281,20 @@ topology: HostC1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.205 + mgmt-ipv4: 172.100.100.207 ports: - - '22205:22' + - '22207:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::102/64 -g 10.40.40.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 HostC2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.206 + mgmt-ipv4: 172.100.100.208 ports: - - '22206:22' + - '22208:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 ########################### ##### SITE2 @@ -311,20 +329,20 @@ topology: HostD1: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.207 + mgmt-ipv4: 172.100.100.209 ports: - - '22207:22' + - '22209:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.80.80.101/24 -i6 2001:db8:80:80::102/64 -g 10.80.80.1 HostD2: kind: linux image: mitchv85/devhost - mgmt-ipv4: 172.100.100.208 + mgmt-ipv4: 172.100.100.210 ports: - - '22208:22' + - '22210:22' exec: - - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 + - bash /usr/local/bin/hostnetconfig.sh -i4 10.90.90.101/24 -i6 2001:db8:90:90::101/64 -g 10.90.90.1 ########################### ##### INTERNET @@ -363,6 +381,7 @@ topology: - endpoints: ["DC1-SPINE:et5", "DC1-BORDER2:et1"] - endpoints: ["DC1-LEAF:et2", "HostA1:eth1"] - endpoints: ["DC1-LEAF:et3", "HostA2:eth1"] + - endpoints: ["DC1-LEAF:et4", "HostA3:eth1"] ##################### ### DC1 2 ##################### @@ -373,6 +392,7 @@ topology: - endpoints: ["DC2-SPINE:et5", "DC2-BORDER2:et1"] - endpoints: ["DC2-LEAF:et2", "HostB1:eth1"] - endpoints: ["DC2-LEAF:et3", "HostB2:eth1"] + - endpoints: ["DC2-LEAF:et4", "HostB3:eth1"] ##################### ### Site1 ##################### diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg index a6ce597..43f62b4 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -80,11 +85,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -141,6 +153,11 @@ router bgp 65102 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.4:10030 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -152,7 +169,13 @@ router bgp 65102 rd 10.0.1.4:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.1.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! + router multicast ipv4 software-forwarding kernel @@ -164,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg index c87447e..069038d 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -80,11 +85,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -152,6 +164,11 @@ router bgp 65103 rd 10.0.1.5:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.1.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -164,4 +181,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg index 2215ac9..879c715 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg @@ -43,10 +43,15 @@ vlan 10 vlan 20 name Green ! +vlan 30 + name Pink +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -66,6 +71,12 @@ interface Ethernet3 switchport spanning-tree portfast ! +interface Ethernet4 + description HostA3 + switchport access vlan 30 + switchport + spanning-tree portfast +! interface Loopback0 description Globally Unique Address ip address 10.0.1.1/32 @@ -88,11 +99,17 @@ interface Vlan20 vrf PROD ip address virtual 10.20.20.1/24 ! +interface Vlan30 + mtu 9014 + vrf DEV + ip address virtual 10.30.30.1/24 +! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,20 vni 10010,10020 + vxlan vlan 10,20,30 vni 10010,10020,10030 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -101,6 +118,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -149,6 +167,11 @@ router bgp 65101 route-target both 10020:10020 redistribute learned ! + vlan 30 + rd 10.0.1.1:10023 + route-target both 10030:10030 + redistribute learned + ! address-family evpn neighbor LOCAL-EVPN-PEERS activate route import match-failure action discard @@ -161,6 +184,12 @@ router bgp 65101 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! router multicast ipv4 @@ -173,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index 1ef1d8b..28a1eea 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -130,6 +136,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -137,6 +144,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +194,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,6 +216,15 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.2:52 + rd evpn domain remote 10.0.1.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun client @@ -217,4 +234,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index 4d8edfe..b954302 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -42,6 +42,9 @@ router adaptive-virtual-topology vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 ! vrf default avt policy DEFAULT-AVT-POLICY @@ -73,6 +76,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -121,6 +126,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -128,6 +134,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,9 +186,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -201,9 +208,18 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected + ! + vrf DEV + rd 10.0.1.3:52 + rd evpn domain remote 10.0.1.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg index 990b377..f5dfda1 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg @@ -40,13 +40,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -63,7 +68,7 @@ interface Loopback0 ip address 10.0.2.4/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.4/32 ! interface Management0 @@ -75,16 +80,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -93,6 +104,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -136,9 +148,14 @@ router bgp 65202 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.4:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.4:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.4:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -152,6 +169,11 @@ router bgp 65202 rd 10.0.2.4:51 route-target import evpn 51:51 route-target export evpn 51:51 +! + vrf DEV + rd 10.0.2.4:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -164,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg index 3661110..fd30f93 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg @@ -41,13 +41,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -64,7 +69,7 @@ interface Loopback0 ip address 10.0.2.5/32 ! interface Loopback1 - description Shared VTEP IP + description VTEP IP ip address 10.1.2.5/32 ! interface Management0 @@ -76,16 +81,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -94,6 +105,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -137,9 +149,14 @@ router bgp 65203 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.5:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.5:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.5:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -153,6 +170,11 @@ router bgp 65203 rd 10.0.2.5:51 route-target import evpn 51:51 route-target export evpn 51:51 + ! + vrf DEV + rd 10.0.2.5:52 + route-target import evpn 52:52 + route-target export evpn 52:52 ! router multicast ipv4 @@ -165,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg index 8c4890b..ea746c7 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg @@ -40,13 +40,18 @@ system l1 vlan 10 name Blue ! -vlan 30 +vlan 40 name Orange ! +vlan 50 + name Yellow +! vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! interface Ethernet1 @@ -62,7 +67,13 @@ interface Ethernet2 ! interface Ethernet3 description HostB2 - switchport access vlan 30 + switchport access vlan 40 + switchport + spanning-tree portfast +! +interface Ethernet4 + description HostB3 + switchport access vlan 50 switchport spanning-tree portfast ! @@ -83,16 +94,22 @@ interface Vlan10 vrf PROD ip address virtual 10.10.10.1/24 ! -interface Vlan30 +interface Vlan40 mtu 9014 vrf PROD - ip address virtual 10.30.30.1/24 + ip address virtual 10.40.40.1/24 +! +interface Vlan50 + mtu 9014 + vrf DEV + ip address virtual 10.50.50.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 - vxlan vlan 10,30 vni 10010,10030 + vxlan vlan 10,40,50 vni 10010,10040,10050 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 ! mac address-table aging-time 1800 ! @@ -101,6 +118,7 @@ ip virtual-router mac-address 00:1c:73:00:00:01 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -144,9 +162,14 @@ router bgp 65201 route-target both 10010:10010 redistribute learned ! - vlan 30 - rd 10.0.2.1:10030 - route-target both 10030:10030 + vlan 40 + rd 10.0.2.1:10040 + route-target both 10040:10040 + redistribute learned + ! + vlan 50 + rd 10.0.2.1:10050 + route-target both 10050:10050 redistribute learned ! address-family evpn @@ -161,6 +184,12 @@ router bgp 65201 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.2.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! router multicast ipv4 @@ -173,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index fd7a8c9..40aecbb 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -130,6 +136,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -137,6 +144,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +194,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,6 +216,15 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected +! + vrf DEV + rd 10.0.2.2:52 + rd evpn domain remote 10.0.2.2:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun client @@ -217,4 +234,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 0a55fe6..191546f 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -73,6 +77,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -121,6 +127,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -128,6 +135,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,9 +187,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -200,9 +208,17 @@ router bgp 65000 route-target export evpn 51:51 route-target export evpn domain remote 51:51 redistribute connected +! + vrf DEV + rd evpn domain all 10.0.2.3:52 + route-target import evpn 52:52 + route-target import evpn domain remote 52:52 + route-target export evpn 52:52 + route-target export evpn domain remote 52:52 + redistribute connected ! stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 8f43d02..39c6d44 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -132,6 +138,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -139,6 +146,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.17 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -164,7 +172,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -181,6 +189,15 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.1 activate + ! + vrf DEV + rd 10.0.3.1:52 + rd evpn domain remote 10.0.3.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! + address-family ipv4 ! stun client @@ -190,4 +207,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index 2925b12..22b6dab 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -79,6 +83,8 @@ vrf instance MGMT ! vrf instance PROD ! +vrf instance DEV +! aaa authorization exec default local ! ip security @@ -133,6 +139,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -140,6 +147,7 @@ mac address-table aging-time 1800 ip routing no ip routing vrf MGMT ip routing vrf PROD +ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.21 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -160,7 +168,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -176,6 +184,14 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.5 activate + ! + vrf DEV + rd 10.0.3.2:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected + ! + address-family ipv4 ! stun client @@ -185,4 +201,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg index 546aee4..802f11f 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg @@ -32,10 +32,10 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 40 +vlan 60 name Purple ! -vlan 50 +vlan 70 name Red ! vrf instance DEV @@ -74,12 +74,14 @@ interface Ethernet2.102 ! interface Ethernet3 description HostC1 - switchport access vlan 40 + switchport access vlan 50 + spanning-tree portfast switchport ! interface Ethernet4 description HostC2 - switchport access vlan 50 + switchport access vlan 60 + spanning-tree portfast switchport ! interface Loopback0 @@ -94,13 +96,13 @@ interface Management0 vrf MGMT ip address 172.100.100.114/24 ! -interface Vlan40 +interface Vlan60 vrf PROD - ip address 10.40.40.1/24 + ip address 10.60.60.1/24 ! -interface Vlan50 +interface Vlan70 vrf DEV - ip address 10.50.50.1/24 + ip address 10.70.70.1/24 ! ip routing ip routing vrf DEV @@ -133,4 +135,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index b1442ff..9213e79 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -43,6 +43,10 @@ router adaptive-virtual-topology avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! + vrf DEV + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-PROFILE id 1 + ! vrf default avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 @@ -140,6 +144,7 @@ interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf PROD vni 51 + vxlan vrf DEV vni 52 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -168,7 +173,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -180,6 +185,12 @@ router bgp 65000 route-target import evpn 51:51 route-target export evpn 51:51 redistribute connected + ! + vrf DEV + rd 10.0.4.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + redistribute connected ! stun client @@ -189,4 +200,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg index b0bc7cb..4899054 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg @@ -32,11 +32,11 @@ system l1 unsupported speed action error unsupported error-correction action error ! -vlan 60 +vlan 80 name Brown ! -vlan 70 - name Pink +vlan 90 + name Gray ! vrf instance MGMT ! @@ -49,13 +49,13 @@ interface Ethernet1 ! interface Ethernet2 description HostD1 - switchport access vlan 60 + switchport access vlan 80 switchport spanning-tree portfast ! interface Ethernet3 description HostD2 - switchport access vlan 70 + switchport access vlan 90 switchport spanning-tree portfast ! @@ -82,4 +82,4 @@ management ssh vrf MGMT no shutdown ! -end \ No newline at end of file +end From a2f9e0cd37949cd671530d363db739f2d0f8f090 Mon Sep 17 00:00:00 2001 From: Mitch Vaughan Date: Wed, 4 Sep 2024 22:10:18 +0000 Subject: [PATCH 2/2] autovpn clab config updates --- .../clab/configs/DC1-BORDER1.cfg | 21 ++++----- .../clab/configs/DC1-BORDER2.cfg | 20 ++++---- .../zbackend-infra/clab/configs/DC1-LEAF.cfg | 22 ++++----- .../zbackend-infra/clab/configs/DC1-R1.cfg | 42 +++++++++-------- .../zbackend-infra/clab/configs/DC1-R2.cfg | 41 +++++++++------- .../clab/configs/DC2-BORDER1.cfg | 20 ++++---- .../clab/configs/DC2-BORDER2.cfg | 20 ++++---- .../zbackend-infra/clab/configs/DC2-LEAF.cfg | 22 ++++----- .../zbackend-infra/clab/configs/DC2-R1.cfg | 40 +++++++++------- .../zbackend-infra/clab/configs/DC2-R2.cfg | 38 ++++++++------- .../zbackend-infra/clab/configs/S1-R1.cfg | 47 ++++++++++++------- .../zbackend-infra/clab/configs/S1-R2.cfg | 43 ++++++++++------- .../zbackend-infra/clab/configs/S1-SW1.cfg | 10 ++-- .../zbackend-infra/clab/configs/S2-R1.cfg | 40 ++++++++-------- .../zbackend-infra/clab/configs/S2-SW1.cfg | 2 +- .../zbackend-infra/clab/push_license.yml | 10 ++-- 16 files changed, 239 insertions(+), 199 deletions(-) diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg index 43f62b4..8d2cd7d 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -165,17 +165,16 @@ router bgp 65102 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.4:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.1.4:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.1.4:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! - router multicast ipv4 software-forwarding kernel @@ -187,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg index 069038d..af0d23c 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -160,15 +160,15 @@ router bgp 65103 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.5:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.1.5:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.1.5:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -181,4 +181,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg index 879c715..b0061bd 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg @@ -46,12 +46,12 @@ vlan 20 vlan 30 name Pink ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -108,17 +108,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,20,30 vni 10010,10020,10030 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,17 +179,17 @@ router bgp 65101 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! router multicast ipv4 @@ -202,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index 28a1eea..d12cdbd 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -58,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 + stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 ! peer dynamic ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -128,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.102/24 @@ -135,16 +139,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -194,9 +198,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,15 +212,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.2:51 - rd evpn domain remote 10.0.1.2:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.2:52 rd evpn domain remote 10.0.1.2:52 @@ -225,6 +220,15 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.2:51 + rd evpn domain remote 10.0.1.2:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun client @@ -234,4 +238,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index b954302..2d04202 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -39,10 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 - vrf DEV + ! + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -72,12 +73,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -118,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.1.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.1.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.103/24 @@ -125,16 +130,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -186,9 +191,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -200,15 +205,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.1.3:51 - rd evpn domain remote 10.0.1.3:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected - ! vrf DEV rd 10.0.1.3:52 rd evpn domain remote 10.0.1.3:52 @@ -217,9 +213,18 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.1.3:51 + rd evpn domain remote 10.0.1.3:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun server local-interface Ethernet2 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg index f5dfda1..4bdb462 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER1.cfg @@ -46,12 +46,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -94,17 +94,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -165,15 +165,15 @@ router bgp 65202 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.4:51 - route-target import evpn 51:51 - route-target export evpn 51:51 -! vrf DEV rd 10.0.2.4:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.2.4:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -186,4 +186,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg index fd30f93..0d8fd67 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-BORDER2.cfg @@ -47,12 +47,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -95,17 +95,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -166,15 +166,15 @@ router bgp 65203 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.5:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - ! vrf DEV rd 10.0.2.5:52 route-target import evpn 52:52 route-target export evpn 52:52 + ! + vrf PROD + rd 10.0.2.5:51 + route-target import evpn 51:51 + route-target export evpn 51:51 ! router multicast ipv4 @@ -187,4 +187,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg index ea746c7..828e1c7 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-LEAF.cfg @@ -46,12 +46,12 @@ vlan 40 vlan 50 name Yellow ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! interface Ethernet1 @@ -108,17 +108,17 @@ interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 10,40,50 vni 10010,10040,10050 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 ! mac address-table aging-time 1800 ! ip virtual-router mac-address 00:1c:73:00:00:01 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -179,17 +179,17 @@ router bgp 65201 address-family ipv4 neighbor IPv4-UNDERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.2.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.2.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! router multicast ipv4 @@ -202,4 +202,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index 40aecbb..f6edf89 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -128,6 +128,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.108/24 @@ -135,16 +139,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -194,9 +198,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -208,15 +212,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.2.2:51 - rd evpn domain remote 10.0.2.2:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected -! vrf DEV rd 10.0.2.2:52 rd evpn domain remote 10.0.2.2:52 @@ -225,6 +220,15 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd 10.0.2.2:51 + rd evpn domain remote 10.0.2.2:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun client @@ -234,4 +238,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 191546f..73788d9 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -73,12 +73,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -119,6 +119,10 @@ interface Loopback101 vrf PROD ip address 10.2.101.3/32 ! +interface Loopback102 + vrf DEV + ip address 10.2.102.3/32 +! interface Management1 vrf MGMT ip address 172.100.100.109/24 @@ -126,16 +130,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip prefix-list PL-LOOPBACKS seq 10 permit 10.0.0.0/16 eq 32 @@ -187,9 +191,9 @@ router bgp 65000 ! address-family evpn neighbor DC1-EVPN-PEERS activate - neighbor DC1-EVPN-PEERS encapsulation vxlan + neighbor DC1-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -201,14 +205,6 @@ router bgp 65000 bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd evpn domain all 10.0.2.3:51 - route-target import evpn 51:51 - route-target import evpn domain remote 51:51 - route-target export evpn 51:51 - route-target export evpn domain remote 51:51 - redistribute connected -! vrf DEV rd evpn domain all 10.0.2.3:52 route-target import evpn 52:52 @@ -216,9 +212,17 @@ router bgp 65000 route-target export evpn 52:52 route-target export evpn domain remote 52:52 redistribute connected + ! + vrf PROD + rd evpn domain all 10.0.2.3:51 + route-target import evpn 51:51 + route-target import evpn domain remote 51:51 + route-target export evpn 51:51 + route-target export evpn domain remote 51:51 + redistribute connected ! stun server local-interface Ethernet2 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 39c6d44..90edefe 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -58,7 +58,7 @@ router path-selection ipsec profile IPSEC-PROFILE ! local interface Ethernet2 - stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2 + stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2 ! peer dynamic ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -118,6 +118,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.0/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.2/31 +! interface Ethernet2 no switchport ip address 192.0.2.18/30 @@ -130,6 +135,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.1/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.1/32 +! interface Management1 vrf MGMT ip address 172.100.100.112/24 @@ -137,16 +146,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.17 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -172,13 +181,24 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.1:52 + rd evpn domain remote 10.0.3.1:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.3 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.3 activate + ! vrf PROD rd 10.0.3.1:51 rd evpn domain remote 10.0.3.1:51 @@ -189,15 +209,6 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.1 activate - ! - vrf DEV - rd 10.0.3.1:52 - rd evpn domain remote 10.0.3.1:52 - route-target import evpn 52:52 - route-target export evpn 52:52 - redistribute connected - ! - address-family ipv4 ! stun client @@ -207,4 +218,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index 22b6dab..8d7e834 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -79,12 +79,12 @@ system l1 unsupported speed action error unsupported error-correction action error ! +vrf instance DEV +! vrf instance MGMT ! vrf instance PROD ! -vrf instance DEV -! aaa authorization exec default local ! ip security @@ -119,6 +119,11 @@ interface Ethernet1.101 vrf PROD ip address 172.20.3.4/31 ! +interface Ethernet1.102 + encapsulation dot1q vlan 102 + vrf DEV + ip address 172.20.3.6/31 +! interface Ethernet2 no switchport ip address 192.0.2.22/30 @@ -131,6 +136,10 @@ interface Loopback101 vrf PROD ip address 10.101.3.2/32 ! +interface Loopback102 + vrf DEV + ip address 10.102.3.2/32 +! interface Management1 vrf MGMT ip address 172.100.100.113/24 @@ -138,16 +147,16 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 ! ip routing +ip routing vrf DEV no ip routing vrf MGMT ip routing vrf PROD -ip routing vrf DEV ! ip route 0.0.0.0/0 192.0.2.21 ip route vrf MGMT 0.0.0.0/0 172.100.100.1 @@ -168,13 +177,23 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! + vrf DEV + rd 10.0.3.2:52 + route-target import evpn 52:52 + route-target export evpn 52:52 + neighbor 172.20.3.7 remote-as 65300 + redistribute connected + ! + address-family ipv4 + neighbor 172.20.3.7 activate + ! vrf PROD rd 10.0.3.2:51 route-target import evpn 51:51 @@ -184,14 +203,6 @@ router bgp 65000 ! address-family ipv4 neighbor 172.20.3.5 activate - ! - vrf DEV - rd 10.0.3.2:52 - route-target import evpn 52:52 - route-target export evpn 52:52 - redistribute connected - ! - address-family ipv4 ! stun client @@ -201,4 +212,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg index 802f11f..838b974 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-SW1.cfg @@ -74,15 +74,15 @@ interface Ethernet2.102 ! interface Ethernet3 description HostC1 - switchport access vlan 50 - spanning-tree portfast + switchport access vlan 60 switchport + spanning-tree portfast ! interface Ethernet4 description HostC2 - switchport access vlan 60 - spanning-tree portfast + switchport access vlan 70 switchport + spanning-tree portfast ! interface Loopback0 description Globally Unique Address @@ -135,4 +135,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index 9213e79..a090175 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -39,11 +39,11 @@ router adaptive-virtual-topology profile DEFAULT-AVT-PROFILE path-selection load-balance DEFAULT-LB-POLICY ! - vrf PROD + vrf DEV avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! - vrf DEV + vrf PROD avt policy DEFAULT-AVT-POLICY avt profile DEFAULT-AVT-PROFILE id 1 ! @@ -113,15 +113,15 @@ interface Dps1 interface Ethernet1 no switchport ! -interface Ethernet1.60 - encapsulation dot1q vlan 60 +interface Ethernet1.80 + encapsulation dot1q vlan 80 vrf PROD - ip address 10.60.60.1/24 + ip address 10.80.80.1/24 ! -interface Ethernet1.70 - encapsulation dot1q vlan 70 +interface Ethernet1.90 + encapsulation dot1q vlan 90 vrf DEV - ip address 10.70.70.1/24 + ip address 10.90.90.1/24 ! interface Ethernet2 description INET @@ -133,8 +133,10 @@ interface Loopback0 ip address 10.0.4.1/32 ! interface Loopback101 - vrf PROD - ip address 10.101.4.1/32 + vrf DEV + ip address 10.102.4.1/32 +! +interface Loopback102 ! interface Management1 vrf MGMT @@ -143,8 +145,8 @@ interface Management1 interface Vxlan1 vxlan source-interface Dps1 vxlan udp-port 4789 - vxlan vrf PROD vni 51 vxlan vrf DEV vni 52 + vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! mac address-table aging-time 1800 @@ -173,24 +175,24 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate ! - vrf PROD - rd 10.0.4.1:51 - route-target import evpn 51:51 - route-target export evpn 51:51 - redistribute connected - ! vrf DEV rd 10.0.4.1:52 route-target import evpn 52:52 route-target export evpn 52:52 redistribute connected + ! + vrf PROD + rd 10.0.4.1:51 + route-target import evpn 51:51 + route-target export evpn 51:51 + redistribute connected ! stun client @@ -200,4 +202,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg index 4899054..5fed35b 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-SW1.cfg @@ -82,4 +82,4 @@ management ssh vrf MGMT no shutdown ! -end +end \ No newline at end of file diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml index 33fd233..dc204e2 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml +++ b/tech-library/wan/autovpn/zbackend-infra/clab/push_license.yml @@ -8,11 +8,11 @@ tasks: - - name: Copy license file to {{ inventory_hostname }} - ansible.netcommon.net_put: - src: ./ipsec-license.json - protocol: sftp - dest: /mnt/flash/ipsec-license.json + # - name: Copy license file to {{ inventory_hostname }} + # ansible.netcommon.net_put: + # src: ./ipsec-license.json + # protocol: sftp + # dest: /mnt/flash/ipsec-license.json - name: Install license eos_command: