diff --git a/EVPN/ebgp-ebgp/README.md b/EVPN/ebgp-ebgp/README.md index 2769923..3431f30 100644 --- a/EVPN/ebgp-ebgp/README.md +++ b/EVPN/ebgp-ebgp/README.md @@ -2,11 +2,15 @@ This directory contains the lab topology described in the [EVPN Designs: EBGP-over-EBGP](https://blog.ipspace.net/2024/10/evpn-designs-ebgp-ebgp/) blog -post. The switches run EBGP (IPv4 AF) on physical interfaces and EBGP (EVPN AF) -between lopback interfaces advertised via EBGP IIPv4 AF. +post. ![](http://blog.ipspace.net/2024/04/evpn-design-fabric.png) +The switches run EBGP (IPv4 AF) on physical interfaces and EBGP (EVPN AF) +between lopback interfaces advertised via EBGP IPv4 AF. + +![](https://blog.ipspace.net/2024/10/evpn-design-ebgp-over-ebgp.png) + The lab topology uses a custom EBGP ECMP configuration template that is provided for Arista EOS and FRRouting and reports a warning if you're using another device for the leaf switches. diff --git a/EVPN/ibgp-ebgp/README.md b/EVPN/ibgp-ebgp/README.md new file mode 100644 index 0000000..16e5d00 --- /dev/null +++ b/EVPN/ibgp-ebgp/README.md @@ -0,0 +1,15 @@ +# EVPN Designs: IBGP-over-EBGP + +This directory contains the lab topology described in the [EVPN Designs: +IBGP-over-EBGP](https://blog.ipspace.net/2024/11/evpn-designs-ibgp-ebgp/) blog +post. + +![](http://blog.ipspace.net/2024/04/evpn-design-fabric.png) + +The switches run EBGP (IPv4 AF) on physical interfaces and IBGP (EVPN AF) +between lopback interfaces advertised via EBGP IPv4 AF. + +![](https://blog.ipspace.net/2024/11/evpn-design-ibgp-over-ebgp-asn.png) + +The `eos` and `frr` directories contain the device configurations for leaf- +and spine switches running Arista EOS or FRRouting. diff --git a/EVPN/ibgp-ebgp/eos/L1.cfg b/EVPN/ibgp-ebgp/eos/L1.cfg new file mode 100644 index 0000000..432e091 --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/L1.cfg @@ -0,0 +1,133 @@ +! Command: show running-config +! device: L1 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$QHeqncGaKYvzUyjs$CRP4QxdKFybWLvlgyM326sZ0OLIE0Gjxqpvss8TxQcMg.rQmeQF33KiiKI6pOuoIsYILq7zDPIKL2W3PhJT550 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname L1 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L2 10.0.0.2 10.1.0.9 10.1.0.13 +ip host L3 10.0.0.3 10.1.0.17 10.1.0.21 +ip host L4 10.0.0.4 10.1.0.25 10.1.0.29 +ip host S1 10.0.0.5 10.1.0.2 10.1.0.10 10.1.0.18 10.1.0.26 +ip host S2 10.0.0.6 10.1.0.6 10.1.0.14 10.1.0.22 10.1.0.30 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 1000 + name orange +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description L1 -> S1 + mac-address 52:dc:ca:fe:01:01 + no switchport + ip address 10.1.0.1/30 +! +interface Ethernet2 + description L1 -> S2 + mac-address 52:dc:ca:fe:01:02 + no switchport + ip address 10.1.0.5/30 +! +interface Ethernet3 + description [Access VLAN orange] L1 -> H1 + mac-address 52:dc:ca:fe:01:03 + switchport access vlan 1000 +! +interface Loopback0 + ip address 10.0.0.1/32 +! +interface Management0 + vrf management + ip address 192.168.121.101/24 + no lldp transmit + no lldp receive +! +interface Vlan1000 + description VLAN orange (1000) -> [H1,H2,L3] +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vlan 1000 vni 101000 +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.1 + no bgp default ipv4-unicast + bgp advertise-inactive + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 update-source Loopback0 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 send-community standard extended large + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 update-source Loopback0 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 send-community standard extended large + neighbor 10.1.0.2 remote-as 65200 + neighbor 10.1.0.2 local-as 65101 no-prepend replace-as + neighbor 10.1.0.2 description S1 + neighbor 10.1.0.2 send-community standard large + neighbor 10.1.0.6 remote-as 65200 + neighbor 10.1.0.6 local-as 65101 no-prepend replace-as + neighbor 10.1.0.6 description S2 + neighbor 10.1.0.6 send-community standard large + ! + vlan 1000 + rd 10.0.0.1:1000 + route-target import 65000:1000 + route-target export 65000:1000 + redistribute learned + ! + address-family evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.6 activate + ! + address-family ipv4 + neighbor 10.1.0.2 activate + neighbor 10.1.0.6 activate + network 10.0.0.1/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/eos/L2.cfg b/EVPN/ibgp-ebgp/eos/L2.cfg new file mode 100644 index 0000000..f970baa --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/L2.cfg @@ -0,0 +1,133 @@ +! Command: show running-config +! device: L2 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$L9nJajXe8oaRmP6J$SxDTd5Vf4TT6ncOqOdixaRqhHJfgnxIui8KyYyx7vevfVcBqDrGEpD5O5ZJFQ9TvBBQVUD7IiW9IvkknkKHop0 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname L2 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L1 10.0.0.1 10.1.0.1 10.1.0.5 +ip host L3 10.0.0.3 10.1.0.17 10.1.0.21 +ip host L4 10.0.0.4 10.1.0.25 10.1.0.29 +ip host S1 10.0.0.5 10.1.0.2 10.1.0.10 10.1.0.18 10.1.0.26 +ip host S2 10.0.0.6 10.1.0.6 10.1.0.14 10.1.0.22 10.1.0.30 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 1001 + name blue +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description L2 -> S1 + mac-address 52:dc:ca:fe:02:01 + no switchport + ip address 10.1.0.9/30 +! +interface Ethernet2 + description L2 -> S2 + mac-address 52:dc:ca:fe:02:02 + no switchport + ip address 10.1.0.13/30 +! +interface Ethernet3 + description [Access VLAN blue] L2 -> H3 + mac-address 52:dc:ca:fe:02:03 + switchport access vlan 1001 +! +interface Loopback0 + ip address 10.0.0.2/32 +! +interface Management0 + vrf management + ip address 192.168.121.102/24 + no lldp transmit + no lldp receive +! +interface Vlan1001 + description VLAN blue (1001) -> [H3,H4,L4] +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vlan 1001 vni 101001 +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.2 + no bgp default ipv4-unicast + bgp advertise-inactive + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 update-source Loopback0 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 send-community standard extended large + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 update-source Loopback0 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 send-community standard extended large + neighbor 10.1.0.10 remote-as 65200 + neighbor 10.1.0.10 local-as 65102 no-prepend replace-as + neighbor 10.1.0.10 description S1 + neighbor 10.1.0.10 send-community standard large + neighbor 10.1.0.14 remote-as 65200 + neighbor 10.1.0.14 local-as 65102 no-prepend replace-as + neighbor 10.1.0.14 description S2 + neighbor 10.1.0.14 send-community standard large + ! + vlan 1001 + rd 10.0.0.2:1001 + route-target import 65000:1001 + route-target export 65000:1001 + redistribute learned + ! + address-family evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.6 activate + ! + address-family ipv4 + neighbor 10.1.0.10 activate + neighbor 10.1.0.14 activate + network 10.0.0.2/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/eos/L3.cfg b/EVPN/ibgp-ebgp/eos/L3.cfg new file mode 100644 index 0000000..1c4bd18 --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/L3.cfg @@ -0,0 +1,133 @@ +! Command: show running-config +! device: L3 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$BGbYGe8t/1HkIgeo$lMBX9H7LiEf/fAa5SBuWqroib8ThBA5E/qTJd9GwOA7zjN7uJyWajhomlQb9EszYGwPkP1x.m52xcKj1HYs0x1 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname L3 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L1 10.0.0.1 10.1.0.1 10.1.0.5 +ip host L2 10.0.0.2 10.1.0.9 10.1.0.13 +ip host L4 10.0.0.4 10.1.0.25 10.1.0.29 +ip host S1 10.0.0.5 10.1.0.2 10.1.0.10 10.1.0.18 10.1.0.26 +ip host S2 10.0.0.6 10.1.0.6 10.1.0.14 10.1.0.22 10.1.0.30 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 1000 + name orange +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description L3 -> S1 + mac-address 52:dc:ca:fe:03:01 + no switchport + ip address 10.1.0.17/30 +! +interface Ethernet2 + description L3 -> S2 + mac-address 52:dc:ca:fe:03:02 + no switchport + ip address 10.1.0.21/30 +! +interface Ethernet3 + description [Access VLAN orange] L3 -> H2 + mac-address 52:dc:ca:fe:03:03 + switchport access vlan 1000 +! +interface Loopback0 + ip address 10.0.0.3/32 +! +interface Management0 + vrf management + ip address 192.168.121.103/24 + no lldp transmit + no lldp receive +! +interface Vlan1000 + description VLAN orange (1000) -> [H1,L1,H2] +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vlan 1000 vni 101000 +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.3 + no bgp default ipv4-unicast + bgp advertise-inactive + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 update-source Loopback0 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 send-community standard extended large + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 update-source Loopback0 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 send-community standard extended large + neighbor 10.1.0.18 remote-as 65200 + neighbor 10.1.0.18 local-as 65103 no-prepend replace-as + neighbor 10.1.0.18 description S1 + neighbor 10.1.0.18 send-community standard large + neighbor 10.1.0.22 remote-as 65200 + neighbor 10.1.0.22 local-as 65103 no-prepend replace-as + neighbor 10.1.0.22 description S2 + neighbor 10.1.0.22 send-community standard large + ! + vlan 1000 + rd 10.0.0.3:1000 + route-target import 65000:1000 + route-target export 65000:1000 + redistribute learned + ! + address-family evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.6 activate + ! + address-family ipv4 + neighbor 10.1.0.18 activate + neighbor 10.1.0.22 activate + network 10.0.0.3/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/eos/L4.cfg b/EVPN/ibgp-ebgp/eos/L4.cfg new file mode 100644 index 0000000..4135899 --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/L4.cfg @@ -0,0 +1,133 @@ +! Command: show running-config +! device: L4 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$SccfvdUfFLA6odZJ$4fsbfaq552rpaXqza7VVdEBOZ4iRrD3ZJ5EwCByRE.PXo2ZMiGyyQgVk/gbKuUY/dKxQypJWgW1VrIeqTqpFW1 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname L4 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L1 10.0.0.1 10.1.0.1 10.1.0.5 +ip host L2 10.0.0.2 10.1.0.9 10.1.0.13 +ip host L3 10.0.0.3 10.1.0.17 10.1.0.21 +ip host S1 10.0.0.5 10.1.0.2 10.1.0.10 10.1.0.18 10.1.0.26 +ip host S2 10.0.0.6 10.1.0.6 10.1.0.14 10.1.0.22 10.1.0.30 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vlan 1001 + name blue +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description L4 -> S1 + mac-address 52:dc:ca:fe:04:01 + no switchport + ip address 10.1.0.25/30 +! +interface Ethernet2 + description L4 -> S2 + mac-address 52:dc:ca:fe:04:02 + no switchport + ip address 10.1.0.29/30 +! +interface Ethernet3 + description [Access VLAN blue] L4 -> H4 + mac-address 52:dc:ca:fe:04:03 + switchport access vlan 1001 +! +interface Loopback0 + ip address 10.0.0.4/32 +! +interface Management0 + vrf management + ip address 192.168.121.104/24 + no lldp transmit + no lldp receive +! +interface Vlan1001 + description VLAN blue (1001) -> [H3,L2,H4] +! +interface Vxlan1 + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vlan 1001 vni 101001 +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.4 + no bgp default ipv4-unicast + bgp advertise-inactive + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 update-source Loopback0 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 send-community standard extended large + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 update-source Loopback0 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 send-community standard extended large + neighbor 10.1.0.26 remote-as 65200 + neighbor 10.1.0.26 local-as 65104 no-prepend replace-as + neighbor 10.1.0.26 description S1 + neighbor 10.1.0.26 send-community standard large + neighbor 10.1.0.30 remote-as 65200 + neighbor 10.1.0.30 local-as 65104 no-prepend replace-as + neighbor 10.1.0.30 description S2 + neighbor 10.1.0.30 send-community standard large + ! + vlan 1001 + rd 10.0.0.4:1001 + route-target import 65000:1001 + route-target export 65000:1001 + redistribute learned + ! + address-family evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.6 activate + ! + address-family ipv4 + neighbor 10.1.0.26 activate + neighbor 10.1.0.30 activate + network 10.0.0.4/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/eos/S1.cfg b/EVPN/ibgp-ebgp/eos/S1.cfg new file mode 100644 index 0000000..877cc78 --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/S1.cfg @@ -0,0 +1,153 @@ +! Command: show running-config +! device: S1 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$4K8lsWCT5hsgwJYo$SUxQELrN68cQZayhz8R47uWuvrOkrjVuYvY2oPuZMOPcPbCxzVwEqLrNU0FhyBq6wVz5LnMjOIjPNzI89VW0/. +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname S1 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L1 10.0.0.1 10.1.0.1 10.1.0.5 +ip host L2 10.0.0.2 10.1.0.9 10.1.0.13 +ip host L3 10.0.0.3 10.1.0.17 10.1.0.21 +ip host L4 10.0.0.4 10.1.0.25 10.1.0.29 +ip host S2 10.0.0.6 10.1.0.6 10.1.0.14 10.1.0.22 10.1.0.30 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description S1 -> L1 + mac-address 52:dc:ca:fe:05:01 + no switchport + ip address 10.1.0.2/30 +! +interface Ethernet2 + description S1 -> L2 + mac-address 52:dc:ca:fe:05:02 + no switchport + ip address 10.1.0.10/30 +! +interface Ethernet3 + description S1 -> L3 + mac-address 52:dc:ca:fe:05:03 + no switchport + ip address 10.1.0.18/30 +! +interface Ethernet4 + description S1 -> L4 + mac-address 52:dc:ca:fe:05:04 + no switchport + ip address 10.1.0.26/30 +! +interface Loopback0 + ip address 10.0.0.5/32 +! +interface Management0 + vrf management + ip address 192.168.121.105/24 + no lldp transmit + no lldp receive +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.5 + no bgp default ipv4-unicast + bgp cluster-id 10.0.0.5 + bgp advertise-inactive + neighbor 10.0.0.1 remote-as 65000 + neighbor 10.0.0.1 update-source Loopback0 + neighbor 10.0.0.1 description L1 + neighbor 10.0.0.1 route-reflector-client + neighbor 10.0.0.1 send-community standard extended large + neighbor 10.0.0.2 remote-as 65000 + neighbor 10.0.0.2 update-source Loopback0 + neighbor 10.0.0.2 description L2 + neighbor 10.0.0.2 route-reflector-client + neighbor 10.0.0.2 send-community standard extended large + neighbor 10.0.0.3 remote-as 65000 + neighbor 10.0.0.3 update-source Loopback0 + neighbor 10.0.0.3 description L3 + neighbor 10.0.0.3 route-reflector-client + neighbor 10.0.0.3 send-community standard extended large + neighbor 10.0.0.4 remote-as 65000 + neighbor 10.0.0.4 update-source Loopback0 + neighbor 10.0.0.4 description L4 + neighbor 10.0.0.4 route-reflector-client + neighbor 10.0.0.4 send-community standard extended large + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 update-source Loopback0 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 send-community standard extended large + neighbor 10.1.0.1 remote-as 65101 + neighbor 10.1.0.1 local-as 65200 no-prepend replace-as + neighbor 10.1.0.1 description L1 + neighbor 10.1.0.1 send-community standard large + neighbor 10.1.0.9 remote-as 65102 + neighbor 10.1.0.9 local-as 65200 no-prepend replace-as + neighbor 10.1.0.9 description L2 + neighbor 10.1.0.9 send-community standard large + neighbor 10.1.0.17 remote-as 65103 + neighbor 10.1.0.17 local-as 65200 no-prepend replace-as + neighbor 10.1.0.17 description L3 + neighbor 10.1.0.17 send-community standard large + neighbor 10.1.0.25 remote-as 65104 + neighbor 10.1.0.25 local-as 65200 no-prepend replace-as + neighbor 10.1.0.25 description L4 + neighbor 10.1.0.25 send-community standard large + ! + address-family evpn + neighbor 10.0.0.1 activate + neighbor 10.0.0.2 activate + neighbor 10.0.0.3 activate + neighbor 10.0.0.4 activate + neighbor 10.0.0.6 activate + ! + address-family ipv4 + neighbor 10.1.0.1 activate + neighbor 10.1.0.9 activate + neighbor 10.1.0.17 activate + neighbor 10.1.0.25 activate + network 10.0.0.5/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/eos/S2.cfg b/EVPN/ibgp-ebgp/eos/S2.cfg new file mode 100644 index 0000000..64ff873 --- /dev/null +++ b/EVPN/ibgp-ebgp/eos/S2.cfg @@ -0,0 +1,153 @@ +! Command: show running-config +! device: S2 (cEOSLab, EOS-4.32.1F-37265360.4321F (engineering build)) +! +no aaa root +! +username admin privilege 15 role network-admin secret sha512 $6$vYSKLoDWiUesRzEc$pSFL3x3Kg9ZrrKeKXDiblC52K8JGWvxPKetnuVwUq.54/MvK3Hb/HDuJzuNtbOWeDXRB02EvEshsTk/CpLROb/ +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +logging monitor debugging +! +hostname S2 +ip host H1 172.16.0.7 +ip host H2 172.16.0.8 +ip host H3 172.16.1.9 +ip host H4 172.16.1.10 +ip host L1 10.0.0.1 10.1.0.1 10.1.0.5 +ip host L2 10.0.0.2 10.1.0.9 10.1.0.13 +ip host L3 10.0.0.3 10.1.0.17 10.1.0.21 +ip host L4 10.0.0.4 10.1.0.25 10.1.0.29 +ip host S1 10.0.0.5 10.1.0.2 10.1.0.10 10.1.0.18 10.1.0.26 +! +spanning-tree mode mstp +! +system l1 + unsupported speed action error + unsupported error-correction action error +! +vrf instance management +! +management api http-commands + no shutdown + ! + vrf management + no shutdown +! +management api gnmi + transport grpc default + vrf management +! +management api netconf + transport ssh default + vrf management +! +aaa authorization exec default local +! +interface Ethernet1 + description S2 -> L1 + mac-address 52:dc:ca:fe:06:01 + no switchport + ip address 10.1.0.6/30 +! +interface Ethernet2 + description S2 -> L2 + mac-address 52:dc:ca:fe:06:02 + no switchport + ip address 10.1.0.14/30 +! +interface Ethernet3 + description S2 -> L3 + mac-address 52:dc:ca:fe:06:03 + no switchport + ip address 10.1.0.22/30 +! +interface Ethernet4 + description S2 -> L4 + mac-address 52:dc:ca:fe:06:04 + no switchport + ip address 10.1.0.30/30 +! +interface Loopback0 + ip address 10.0.0.6/32 +! +interface Management0 + vrf management + ip address 192.168.121.106/24 + no lldp transmit + no lldp receive +! +ip routing +no ip routing vrf management +! +ip route vrf management 0.0.0.0/0 192.168.121.1 +! +route-map next-hop-self-ipv4 permit 10 + match route-type external + set ip next-hop peer-address +! +route-map next-hop-self-ipv4 permit 20 +! +router bgp 65000 + router-id 10.0.0.6 + no bgp default ipv4-unicast + bgp cluster-id 10.0.0.5 + bgp advertise-inactive + neighbor 10.0.0.1 remote-as 65000 + neighbor 10.0.0.1 update-source Loopback0 + neighbor 10.0.0.1 description L1 + neighbor 10.0.0.1 route-reflector-client + neighbor 10.0.0.1 send-community standard extended large + neighbor 10.0.0.2 remote-as 65000 + neighbor 10.0.0.2 update-source Loopback0 + neighbor 10.0.0.2 description L2 + neighbor 10.0.0.2 route-reflector-client + neighbor 10.0.0.2 send-community standard extended large + neighbor 10.0.0.3 remote-as 65000 + neighbor 10.0.0.3 update-source Loopback0 + neighbor 10.0.0.3 description L3 + neighbor 10.0.0.3 route-reflector-client + neighbor 10.0.0.3 send-community standard extended large + neighbor 10.0.0.4 remote-as 65000 + neighbor 10.0.0.4 update-source Loopback0 + neighbor 10.0.0.4 description L4 + neighbor 10.0.0.4 route-reflector-client + neighbor 10.0.0.4 send-community standard extended large + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 update-source Loopback0 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 send-community standard extended large + neighbor 10.1.0.5 remote-as 65101 + neighbor 10.1.0.5 local-as 65200 no-prepend replace-as + neighbor 10.1.0.5 description L1 + neighbor 10.1.0.5 send-community standard large + neighbor 10.1.0.13 remote-as 65102 + neighbor 10.1.0.13 local-as 65200 no-prepend replace-as + neighbor 10.1.0.13 description L2 + neighbor 10.1.0.13 send-community standard large + neighbor 10.1.0.21 remote-as 65103 + neighbor 10.1.0.21 local-as 65200 no-prepend replace-as + neighbor 10.1.0.21 description L3 + neighbor 10.1.0.21 send-community standard large + neighbor 10.1.0.29 remote-as 65104 + neighbor 10.1.0.29 local-as 65200 no-prepend replace-as + neighbor 10.1.0.29 description L4 + neighbor 10.1.0.29 send-community standard large + ! + address-family evpn + neighbor 10.0.0.1 activate + neighbor 10.0.0.2 activate + neighbor 10.0.0.3 activate + neighbor 10.0.0.4 activate + neighbor 10.0.0.5 activate + ! + address-family ipv4 + neighbor 10.1.0.5 activate + neighbor 10.1.0.13 activate + neighbor 10.1.0.21 activate + neighbor 10.1.0.29 activate + network 10.0.0.6/32 +! +end \ No newline at end of file diff --git a/EVPN/ibgp-ebgp/frr/L1-daemons b/EVPN/ibgp-ebgp/frr/L1-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L1-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/L1.cfg b/EVPN/ibgp-ebgp/frr/L1.cfg new file mode 100644 index 0000000..0d4e31a --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L1.cfg @@ -0,0 +1,72 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname L1 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description L1 -> S1 + ip address 10.1.0.1/30 +exit +! +interface eth2 + description L1 -> S2 + ip address 10.1.0.5/30 +exit +! +interface eth3 + description [Access VLAN orange] L1 -> H1 +exit +! +interface lo + ip address 10.0.0.1/32 +exit +! +interface vlan1000 + description VLAN orange (1000) -> [H1,H2,L3] +exit +! +router bgp 65000 + bgp router-id 10.0.0.1 + no bgp default ipv4-unicast + bgp bestpath as-path multipath-relax + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 update-source lo + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 update-source lo + neighbor 10.1.0.2 remote-as 65200 + neighbor 10.1.0.2 local-as 65101 no-prepend replace-as + neighbor 10.1.0.2 description S1 + neighbor 10.1.0.6 remote-as 65200 + neighbor 10.1.0.6 local-as 65101 no-prepend replace-as + neighbor 10.1.0.6 description S2 + ! + address-family ipv4 unicast + network 10.0.0.1/32 + neighbor 10.1.0.2 activate + no neighbor 10.1.0.2 send-community extended + neighbor 10.1.0.6 activate + no neighbor 10.1.0.6 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.5 soft-reconfiguration inbound + neighbor 10.0.0.6 activate + neighbor 10.0.0.6 soft-reconfiguration inbound + advertise-all-vni + vni 101000 + rd 10.0.0.1:1000 + route-target import 65000:1000 + route-target export 65000:1000 + exit-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/frr/L2-daemons b/EVPN/ibgp-ebgp/frr/L2-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L2-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/L2.cfg b/EVPN/ibgp-ebgp/frr/L2.cfg new file mode 100644 index 0000000..6633727 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L2.cfg @@ -0,0 +1,72 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname L2 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description L2 -> S1 + ip address 10.1.0.9/30 +exit +! +interface eth2 + description L2 -> S2 + ip address 10.1.0.13/30 +exit +! +interface eth3 + description [Access VLAN blue] L2 -> H3 +exit +! +interface lo + ip address 10.0.0.2/32 +exit +! +interface vlan1001 + description VLAN blue (1001) -> [H3,H4,L4] +exit +! +router bgp 65000 + bgp router-id 10.0.0.2 + no bgp default ipv4-unicast + bgp bestpath as-path multipath-relax + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 update-source lo + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 update-source lo + neighbor 10.1.0.10 remote-as 65200 + neighbor 10.1.0.10 local-as 65102 no-prepend replace-as + neighbor 10.1.0.10 description S1 + neighbor 10.1.0.14 remote-as 65200 + neighbor 10.1.0.14 local-as 65102 no-prepend replace-as + neighbor 10.1.0.14 description S2 + ! + address-family ipv4 unicast + network 10.0.0.2/32 + neighbor 10.1.0.10 activate + no neighbor 10.1.0.10 send-community extended + neighbor 10.1.0.14 activate + no neighbor 10.1.0.14 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.5 soft-reconfiguration inbound + neighbor 10.0.0.6 activate + neighbor 10.0.0.6 soft-reconfiguration inbound + advertise-all-vni + vni 101001 + rd 10.0.0.2:1001 + route-target import 65000:1001 + route-target export 65000:1001 + exit-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/frr/L3-daemons b/EVPN/ibgp-ebgp/frr/L3-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L3-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/L3.cfg b/EVPN/ibgp-ebgp/frr/L3.cfg new file mode 100644 index 0000000..901b3b8 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L3.cfg @@ -0,0 +1,72 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname L3 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description L3 -> S1 + ip address 10.1.0.17/30 +exit +! +interface eth2 + description L3 -> S2 + ip address 10.1.0.21/30 +exit +! +interface eth3 + description [Access VLAN orange] L3 -> H2 +exit +! +interface lo + ip address 10.0.0.3/32 +exit +! +interface vlan1000 + description VLAN orange (1000) -> [H1,L1,H2] +exit +! +router bgp 65000 + bgp router-id 10.0.0.3 + no bgp default ipv4-unicast + bgp bestpath as-path multipath-relax + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 update-source lo + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 update-source lo + neighbor 10.1.0.18 remote-as 65200 + neighbor 10.1.0.18 local-as 65103 no-prepend replace-as + neighbor 10.1.0.18 description S1 + neighbor 10.1.0.22 remote-as 65200 + neighbor 10.1.0.22 local-as 65103 no-prepend replace-as + neighbor 10.1.0.22 description S2 + ! + address-family ipv4 unicast + network 10.0.0.3/32 + neighbor 10.1.0.18 activate + no neighbor 10.1.0.18 send-community extended + neighbor 10.1.0.22 activate + no neighbor 10.1.0.22 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.5 soft-reconfiguration inbound + neighbor 10.0.0.6 activate + neighbor 10.0.0.6 soft-reconfiguration inbound + advertise-all-vni + vni 101000 + rd 10.0.0.3:1000 + route-target import 65000:1000 + route-target export 65000:1000 + exit-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/frr/L4-daemons b/EVPN/ibgp-ebgp/frr/L4-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L4-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/L4.cfg b/EVPN/ibgp-ebgp/frr/L4.cfg new file mode 100644 index 0000000..ac2e25e --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/L4.cfg @@ -0,0 +1,72 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname L4 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description L4 -> S1 + ip address 10.1.0.25/30 +exit +! +interface eth2 + description L4 -> S2 + ip address 10.1.0.29/30 +exit +! +interface eth3 + description [Access VLAN blue] L4 -> H4 +exit +! +interface lo + ip address 10.0.0.4/32 +exit +! +interface vlan1001 + description VLAN blue (1001) -> [H3,L2,H4] +exit +! +router bgp 65000 + bgp router-id 10.0.0.4 + no bgp default ipv4-unicast + bgp bestpath as-path multipath-relax + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 update-source lo + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 update-source lo + neighbor 10.1.0.26 remote-as 65200 + neighbor 10.1.0.26 local-as 65104 no-prepend replace-as + neighbor 10.1.0.26 description S1 + neighbor 10.1.0.30 remote-as 65200 + neighbor 10.1.0.30 local-as 65104 no-prepend replace-as + neighbor 10.1.0.30 description S2 + ! + address-family ipv4 unicast + network 10.0.0.4/32 + neighbor 10.1.0.26 activate + no neighbor 10.1.0.26 send-community extended + neighbor 10.1.0.30 activate + no neighbor 10.1.0.30 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.5 activate + neighbor 10.0.0.5 soft-reconfiguration inbound + neighbor 10.0.0.6 activate + neighbor 10.0.0.6 soft-reconfiguration inbound + advertise-all-vni + vni 101001 + rd 10.0.0.4:1001 + route-target import 65000:1001 + route-target export 65000:1001 + exit-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/frr/S1-daemons b/EVPN/ibgp-ebgp/frr/S1-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/S1-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/S1.cfg b/EVPN/ibgp-ebgp/frr/S1.cfg new file mode 100644 index 0000000..139e33c --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/S1.cfg @@ -0,0 +1,99 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname S1 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description S1 -> L1 + ip address 10.1.0.2/30 +exit +! +interface eth2 + description S1 -> L2 + ip address 10.1.0.10/30 +exit +! +interface eth3 + description S1 -> L3 + ip address 10.1.0.18/30 +exit +! +interface eth4 + description S1 -> L4 + ip address 10.1.0.26/30 +exit +! +interface lo + ip address 10.0.0.5/32 +exit +! +router bgp 65000 + bgp router-id 10.0.0.5 + no bgp default ipv4-unicast + bgp cluster-id 10.0.0.5 + bgp bestpath as-path multipath-relax + neighbor 10.0.0.1 remote-as 65000 + neighbor 10.0.0.1 description L1 + neighbor 10.0.0.1 update-source lo + neighbor 10.0.0.2 remote-as 65000 + neighbor 10.0.0.2 description L2 + neighbor 10.0.0.2 update-source lo + neighbor 10.0.0.3 remote-as 65000 + neighbor 10.0.0.3 description L3 + neighbor 10.0.0.3 update-source lo + neighbor 10.0.0.4 remote-as 65000 + neighbor 10.0.0.4 description L4 + neighbor 10.0.0.4 update-source lo + neighbor 10.0.0.6 remote-as 65000 + neighbor 10.0.0.6 description S2 + neighbor 10.0.0.6 update-source lo + neighbor 10.1.0.1 remote-as 65101 + neighbor 10.1.0.1 local-as 65200 no-prepend replace-as + neighbor 10.1.0.1 description L1 + neighbor 10.1.0.9 remote-as 65102 + neighbor 10.1.0.9 local-as 65200 no-prepend replace-as + neighbor 10.1.0.9 description L2 + neighbor 10.1.0.17 remote-as 65103 + neighbor 10.1.0.17 local-as 65200 no-prepend replace-as + neighbor 10.1.0.17 description L3 + neighbor 10.1.0.25 remote-as 65104 + neighbor 10.1.0.25 local-as 65200 no-prepend replace-as + neighbor 10.1.0.25 description L4 + ! + address-family ipv4 unicast + network 10.0.0.5/32 + neighbor 10.1.0.1 activate + no neighbor 10.1.0.1 send-community extended + neighbor 10.1.0.9 activate + no neighbor 10.1.0.9 send-community extended + neighbor 10.1.0.17 activate + no neighbor 10.1.0.17 send-community extended + neighbor 10.1.0.25 activate + no neighbor 10.1.0.25 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.1 activate + neighbor 10.0.0.1 route-reflector-client + neighbor 10.0.0.1 soft-reconfiguration inbound + neighbor 10.0.0.2 activate + neighbor 10.0.0.2 route-reflector-client + neighbor 10.0.0.2 soft-reconfiguration inbound + neighbor 10.0.0.3 activate + neighbor 10.0.0.3 route-reflector-client + neighbor 10.0.0.3 soft-reconfiguration inbound + neighbor 10.0.0.4 activate + neighbor 10.0.0.4 route-reflector-client + neighbor 10.0.0.4 soft-reconfiguration inbound + neighbor 10.0.0.6 activate + neighbor 10.0.0.6 soft-reconfiguration inbound + advertise-all-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/frr/S2-daemons b/EVPN/ibgp-ebgp/frr/S2-daemons new file mode 100644 index 0000000..9894a64 --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/S2-daemons @@ -0,0 +1,91 @@ +# Generated by frr_daemons.j2, based on standard frr config template + +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + +# configuration profile +# +#frr_profile="traditional" +frr_profile="datacenter" + +# +# This is the maximum number of FD's that will be available. +# Upon startup this is read by the control files and ulimit +# is called. Uncomment and use a reasonable value for your +# setup if you are expecting a large number of peers in +# say BGP. +#MAX_FDS=1024 + +# The list of daemons to watch is automatically generated by the init script. +#watchfrr_options="" + +# To make watchfrr create/join the specified netns, use the following option: +#watchfrr_options="--netns" +# This only has an effect in /etc/frr//daemons, and you need to +# start FRR with "/usr/lib/frr/frrinit.sh start ". + +# for debugging purposes, you can specify a "wrap" command to start instead +# of starting the daemon directly, e.g. to use valgrind on ospfd: +# ospfd_wrap="/usr/bin/valgrind" +# or you can use "all_wrap" for all daemons, e.g. to use perf record: +# all_wrap="/usr/bin/perf record --call-graph -" +# the normal daemon command is added to this at the end. + +bgpd=yes diff --git a/EVPN/ibgp-ebgp/frr/S2.cfg b/EVPN/ibgp-ebgp/frr/S2.cfg new file mode 100644 index 0000000..bc54c4a --- /dev/null +++ b/EVPN/ibgp-ebgp/frr/S2.cfg @@ -0,0 +1,99 @@ +frr version 10.0.1_git +frr defaults datacenter +hostname S2 +no ipv6 forwarding +service integrated-vtysh-config +! +vrf mgmt +exit-vrf +! +interface eth1 + description S2 -> L1 + ip address 10.1.0.6/30 +exit +! +interface eth2 + description S2 -> L2 + ip address 10.1.0.14/30 +exit +! +interface eth3 + description S2 -> L3 + ip address 10.1.0.22/30 +exit +! +interface eth4 + description S2 -> L4 + ip address 10.1.0.30/30 +exit +! +interface lo + ip address 10.0.0.6/32 +exit +! +router bgp 65000 + bgp router-id 10.0.0.6 + no bgp default ipv4-unicast + bgp cluster-id 10.0.0.5 + bgp bestpath as-path multipath-relax + neighbor 10.0.0.1 remote-as 65000 + neighbor 10.0.0.1 description L1 + neighbor 10.0.0.1 update-source lo + neighbor 10.0.0.2 remote-as 65000 + neighbor 10.0.0.2 description L2 + neighbor 10.0.0.2 update-source lo + neighbor 10.0.0.3 remote-as 65000 + neighbor 10.0.0.3 description L3 + neighbor 10.0.0.3 update-source lo + neighbor 10.0.0.4 remote-as 65000 + neighbor 10.0.0.4 description L4 + neighbor 10.0.0.4 update-source lo + neighbor 10.0.0.5 remote-as 65000 + neighbor 10.0.0.5 description S1 + neighbor 10.0.0.5 update-source lo + neighbor 10.1.0.5 remote-as 65101 + neighbor 10.1.0.5 local-as 65200 no-prepend replace-as + neighbor 10.1.0.5 description L1 + neighbor 10.1.0.13 remote-as 65102 + neighbor 10.1.0.13 local-as 65200 no-prepend replace-as + neighbor 10.1.0.13 description L2 + neighbor 10.1.0.21 remote-as 65103 + neighbor 10.1.0.21 local-as 65200 no-prepend replace-as + neighbor 10.1.0.21 description L3 + neighbor 10.1.0.29 remote-as 65104 + neighbor 10.1.0.29 local-as 65200 no-prepend replace-as + neighbor 10.1.0.29 description L4 + ! + address-family ipv4 unicast + network 10.0.0.6/32 + neighbor 10.1.0.5 activate + no neighbor 10.1.0.5 send-community extended + neighbor 10.1.0.13 activate + no neighbor 10.1.0.13 send-community extended + neighbor 10.1.0.21 activate + no neighbor 10.1.0.21 send-community extended + neighbor 10.1.0.29 activate + no neighbor 10.1.0.29 send-community extended + exit-address-family + ! + address-family l2vpn evpn + neighbor 10.0.0.1 activate + neighbor 10.0.0.1 route-reflector-client + neighbor 10.0.0.1 soft-reconfiguration inbound + neighbor 10.0.0.2 activate + neighbor 10.0.0.2 route-reflector-client + neighbor 10.0.0.2 soft-reconfiguration inbound + neighbor 10.0.0.3 activate + neighbor 10.0.0.3 route-reflector-client + neighbor 10.0.0.3 soft-reconfiguration inbound + neighbor 10.0.0.4 activate + neighbor 10.0.0.4 route-reflector-client + neighbor 10.0.0.4 soft-reconfiguration inbound + neighbor 10.0.0.5 activate + neighbor 10.0.0.5 soft-reconfiguration inbound + advertise-all-vni + advertise-svi-ip + advertise ipv4 unicast + exit-address-family +exit +! diff --git a/EVPN/ibgp-ebgp/topology.yml b/EVPN/ibgp-ebgp/topology.yml new file mode 100644 index 0000000..349d8b9 --- /dev/null +++ b/EVPN/ibgp-ebgp/topology.yml @@ -0,0 +1,65 @@ +defaults.device: eos +provider: clab + +plugin: [ fabric ] + +bgp.as: 65000 +bgp.activate.ipv4: [ ebgp ] # Activate IPv4 only on EBGP sessions +defaults.bgp.warnings.missing_igp: False # Skip the "you probably need an IGP" warnings + +groups: + _auto_create: True + leafs: + members: [ L1, L2, L3, L4 ] + module: [ bgp, vlan, vxlan, evpn ] + spines: + members: [ S1, S2 ] + module: [ bgp, evpn ] + bgp.rr: True + hosts: + members: [ H1, H2, H3, H4 ] + device: linux + +vlan.mode: bridge +vlans: + orange: + links: [ H1-L1, H2-L3 ] + blue: + links: [ H3-L2, H4-L4 ] + +links: +- L1: + bgp.local_as: 65101 + S1: + bgp.local_as: 65200 +- L1: + bgp.local_as: 65101 + S2: + bgp.local_as: 65200 +- L2: + bgp.local_as: 65102 + S1: + bgp.local_as: 65200 +- L2: + bgp.local_as: 65102 + S2: + bgp.local_as: 65200 +- L3: + bgp.local_as: 65103 + S1: + bgp.local_as: 65200 +- L3: + bgp.local_as: 65103 + S2: + bgp.local_as: 65200 +- L4: + bgp.local_as: 65104 + S1: + bgp.local_as: 65200 +- L4: + bgp.local_as: 65104 + S2: + bgp.local_as: 65200 + +tools: + graphite: diff --git a/tools b/tools index 1b3218c..a1e1076 160000 --- a/tools +++ b/tools @@ -1 +1 @@ -Subproject commit 1b3218cae21b1132321adae850db11dc1871baca +Subproject commit a1e1076bb4459eb85c75fe23bc13e2a7889a8fb9