AutoVPN Deployment Guide - cLab Buildout

tech-library/wan/autovpn/zbackend-infra/clab/clab-wan-autovpn-dg.yml

@@ -121,6 +121,15 @@ topology:
       exec:
         - bash /usr/local/bin/hostnetconfig.sh -i4 10.20.20.101/24 -i6 2001:db8:20:20::101/64 -g 10.20.20.1
 
+    HostA3:
+      kind: linux
+      image: mitchv85/devhost
+      mgmt-ipv4: 172.100.100.203
+      ports:
+        - '22203:22'
+      exec:
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1
+
   ###########################
   ##### DC2
   ###########################
@@ -198,20 +207,29 @@ topology:
     HostB1:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.203
+      mgmt-ipv4: 172.100.100.204
       ports:
-        - '22203:22'
+        - '22204:22'
       exec:
         - bash /usr/local/bin/hostnetconfig.sh -i4 10.10.10.102/24 -i6 2001:db8:10:10::102/64 -g 10.10.10.1
 
     HostB2:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.204
+      mgmt-ipv4: 172.100.100.205
       ports:
-        - '22204:22'
+        - '22205:22'
       exec:
-        - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::101/64 -g 10.40.40.1
+
+    HostB3:
+      kind: linux
+      image: mitchv85/devhost
+      mgmt-ipv4: 172.100.100.206
+      ports:
+        - '22206:22'
+      exec:
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1
 
   ###########################
   ##### SITE1
@@ -263,20 +281,20 @@ topology:
     HostC1:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.205
+      mgmt-ipv4: 172.100.100.207
       ports:
-        - '22205:22'
+        - '22207:22'
       exec:
-        - bash /usr/local/bin/hostnetconfig.sh -i4 10.40.40.101/24 -i6 2001:db8:40:40::102/64 -g 10.40.40.1
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1
 
     HostC2:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.206
+      mgmt-ipv4: 172.100.100.208
       ports:
-        - '22206:22'
+        - '22208:22'
       exec:
-        - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1
 
   ###########################
   ##### SITE2
@@ -311,20 +329,20 @@ topology:
     HostD1:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.207
+      mgmt-ipv4: 172.100.100.209
       ports:
-        - '22207:22'
+        - '22209:22'
       exec:
-        - bash /usr/local/bin/hostnetconfig.sh -i4 10.60.60.101/24 -i6 2001:db8:60:60::102/64 -g 10.60.60.1
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.80.80.101/24 -i6 2001:db8:80:80::102/64 -g 10.80.80.1
 
     HostD2:
       kind: linux
       image: mitchv85/devhost
-      mgmt-ipv4: 172.100.100.208
+      mgmt-ipv4: 172.100.100.210
       ports:
-        - '22208:22'
+        - '22210:22'
       exec:
-        - bash /usr/local/bin/hostnetconfig.sh -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1
+        - bash /usr/local/bin/hostnetconfig.sh -i4 10.90.90.101/24 -i6 2001:db8:90:90::101/64 -g 10.90.90.1
 
   ###########################
   ##### INTERNET
@@ -363,6 +381,7 @@ topology:
     - endpoints: ["DC1-SPINE:et5", "DC1-BORDER2:et1"]
     - endpoints: ["DC1-LEAF:et2", "HostA1:eth1"]
     - endpoints: ["DC1-LEAF:et3", "HostA2:eth1"]
+    - endpoints: ["DC1-LEAF:et4", "HostA3:eth1"]
   #####################
   ### DC1 2
   #####################
@@ -373,6 +392,7 @@ topology:
     - endpoints: ["DC2-SPINE:et5", "DC2-BORDER2:et1"]
     - endpoints: ["DC2-LEAF:et2", "HostB1:eth1"]
     - endpoints: ["DC2-LEAF:et3", "HostB2:eth1"]
+    - endpoints: ["DC2-LEAF:et4", "HostB3:eth1"]
   #####################
   ### Site1
   #####################

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg

@@ -43,6 +43,11 @@ vlan 10
 vlan 20
    name Green
 !
+vlan 30
+   name Pink
+!
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
@@ -80,17 +85,24 @@ interface Vlan20
    vrf PROD
    ip address virtual 10.20.20.1/24
 !
+interface Vlan30
+   mtu 9014
+   vrf DEV
+   ip address virtual 10.30.30.1/24
+!
 interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
-   vxlan vlan 10,20 vni 10010,10020
+   vxlan vlan 10,20,30 vni 10010,10020,10030
+   vxlan vrf DEV vni 52
    vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
@@ -141,13 +153,23 @@ router bgp 65102
       route-target both 10020:10020
       redistribute learned
    !
+   vlan 30
+      rd 10.0.1.4:10030
+      route-target both 10030:10030
+      redistribute learned
+   !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
       route import match-failure action discard
    !
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
+   vrf DEV
+      rd 10.0.1.4:52
+      route-target import evpn 52:52
+      route-target export evpn 52:52
+   !
    vrf PROD
       rd 10.0.1.4:51
       route-target import evpn 51:51

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg

@@ -43,6 +43,11 @@ vlan 10
 vlan 20
    name Green
 !
+vlan 30
+   name Pink
+!
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
@@ -80,17 +85,24 @@ interface Vlan20
    vrf PROD
    ip address virtual 10.20.20.1/24
 !
+interface Vlan30
+   mtu 9014
+   vrf DEV
+   ip address virtual 10.30.30.1/24
+!
 interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
-   vxlan vlan 10,20 vni 10010,10020
+   vxlan vlan 10,20,30 vni 10010,10020,10030
+   vxlan vrf DEV vni 52
    vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
@@ -148,6 +160,11 @@ router bgp 65103
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
+   vrf DEV
+      rd 10.0.1.5:52
+      route-target import evpn 52:52
+      route-target export evpn 52:52
+   !
    vrf PROD
       rd 10.0.1.5:51
       route-target import evpn 51:51

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg

@@ -43,6 +43,11 @@ vlan 10
 vlan 20
    name Green
 !
+vlan 30
+   name Pink
+!
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
@@ -66,6 +71,12 @@ interface Ethernet3
    switchport
    spanning-tree portfast
 !
+interface Ethernet4
+   description HostA3
+   switchport access vlan 30
+   switchport
+   spanning-tree portfast
+!
 interface Loopback0
    description Globally Unique Address
    ip address 10.0.1.1/32
@@ -88,17 +99,24 @@ interface Vlan20
    vrf PROD
    ip address virtual 10.20.20.1/24
 !
+interface Vlan30
+   mtu 9014
+   vrf DEV
+   ip address virtual 10.30.30.1/24
+!
 interface Vxlan1
    vxlan source-interface Loopback1
    vxlan udp-port 4789
-   vxlan vlan 10,20 vni 10010,10020
+   vxlan vlan 10,20,30 vni 10010,10020,10030
+   vxlan vrf DEV vni 52
    vxlan vrf PROD vni 51
 !
 mac address-table aging-time 1800
 !
 ip virtual-router mac-address 00:1c:73:00:00:01
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
@@ -149,13 +167,24 @@ router bgp 65101
       route-target both 10020:10020
       redistribute learned
    !
+   vlan 30
+      rd 10.0.1.1:10023
+      route-target both 10030:10030
+      redistribute learned
+   !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
       route import match-failure action discard
    !
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
    !
+   vrf DEV
+      rd 10.0.1.1:52
+      route-target import evpn 52:52
+      route-target export evpn 52:52
+      redistribute connected
+   !
    vrf PROD
       rd 10.0.1.1:51
       route-target import evpn 51:51

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg

@@ -39,6 +39,10 @@ router adaptive-virtual-topology
    profile DEFAULT-AVT-PROFILE
       path-selection load-balance DEFAULT-LB-POLICY
    !
+   vrf DEV
+      avt policy DEFAULT-AVT-POLICY
+      avt profile DEFAULT-AVT-PROFILE id 1
+   !
    vrf PROD
       avt policy DEFAULT-AVT-POLICY
       avt profile DEFAULT-AVT-PROFILE id 1
@@ -54,7 +58,7 @@ router path-selection
       ipsec profile IPSEC-PROFILE
       !
       local interface Ethernet2
-         stun server-profile DC1-R2-Ethernet2 DC2-R2-Ethernet2
+         stun server-profile DC2-R2-Ethernet2 DC1-R2-Ethernet2
       !
       peer dynamic
       !
@@ -75,6 +79,8 @@ system l1
    unsupported speed action error
    unsupported error-correction action error
 !
+vrf instance DEV
+!
 vrf instance MGMT
 !
 vrf instance PROD
@@ -122,19 +128,25 @@ interface Loopback101
    vrf PROD
    ip address 10.1.101.2/32
 !
+interface Loopback102
+   vrf DEV
+   ip address 10.1.102.2/32
+!
 interface Management1
    vrf MGMT
    ip address 172.100.100.102/24
 !
 interface Vxlan1
    vxlan source-interface Dps1
    vxlan udp-port 4789
+   vxlan vrf DEV vni 52
    vxlan vrf PROD vni 51
    vxlan vrf default vni 50
 !
 mac address-table aging-time 1800
 !
 ip routing
+ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
@@ -200,6 +212,15 @@ router bgp 65000
       bgp additional-paths send any
       neighbor WAN-OVERLAY-PEERS activate
    !
+   vrf DEV
+      rd 10.0.1.2:52
+      rd evpn domain remote 10.0.1.2:52
+      route-target import evpn 52:52
+      route-target import evpn domain remote 52:52
+      route-target export evpn 52:52
+      route-target export evpn domain remote 52:52
+      redistribute connected
+   !
    vrf PROD
       rd 10.0.1.2:51
       rd evpn domain remote 10.0.1.2:51