Contents
Introduction
In this document we demonstrate deployment of Arista’s CloudEOS Router in Google Cloud Platform (GCP). Sections of this document have been set forth based on order of execution, hence it is pertinent that the order is maintained for successful deployment of Arista’s CloudEOS Router.
Overview
Arista’s cloud infrastructure both public and private offers significant efficiencies that make it a compelling option for workload placement. We have proven this in the private cloud with a simple yet scalable Spine/Leaf topology utilizing industry standard protocols across all of Arista switches. With Any Cloud, Arista is extending two proven software platforms, EOS and CloudVision, to offer a consistent multi-cloud architectural and operational approach.
Prerequisites
In order to provision Arista CloudEOS Router in GCP, following prerequisites must be satisfied:
- Obtain a GCP account.
- Determine the scale of the deployment and hence the machine type that is required. This demonstration covers a Series: N1 machine type for Arista CloudEOS Router.
- SSH clients like putty on windows. OSX and Linux provide SSH clients natively.
Topology
We will demonstrate deployment of an Edge / Leaf topology (emulating a Spine / Leaf deployment in a private data center), all of its components, CloudEOS Routers and Linux VM’s as shown below.
As shown in this logical layout a pair of Arista CloudEOS Routers reside in each VPC. We will provision the CloudEOS Router machine with a single NIC only and enforce a routing policy that defaults all the traffic for all the subnets, with exception of the one that CloudEOS Router’s Ethernet interface resides on, to the CloudEOS Router’s Ethernet interface.
Routes will be added with tags to ensure machines deployed in a specific zone route via the CloudEOS Router in that zone, for example in Leaf1 VPC – static route will be applied as following:
- In the Leaf1 VPC, a route will be added for the destination IP range of Leaf2 VPC CIDR.
- In the Leaf2 VPC, a route will be added for the destination IP range of Leaf1 VPC CIDR.
GCP Login
Initial login to the GCP console (https://console.cloud.google.com/) will direct you to the following dashboard as shown below:
VPC and its components
A Virtual Private Cloud (VPC) is a global private isolated virtual network partition that provides managed networking functionality for your GCP resources. You must specify an IPv4 address range for your VPC. Specify the IPv4 address range as a Classless Inter-Domain Routing (CIDR) block.
Create ‘Edge1’, ‘Leaf1’ and ‘Leaf2’ VPCs
- Click on the ‘Navigation Menu’ (drop down menu top-left of the screen that looks like this: ) and then select ‘VPC Network’ dashboard:
- From the ‘VPC Network’ dashboard select ‘Create VPC Network’:
- Click on ‘Create a VPC Network’ and enter the following details for ‘edge1’ VPC:
We will be creating 2 subnets for the edge1 VPC as it’s a transit VPC only and there will be no other compute machines (VM’s) in it. Please reference the topology diagram for details pertaining to the subnets and their CIDR.
For this demonstration we will select the routing mode as ‘Regional’ and then ‘Create’ the VPC:
Similarly create the ‘Leaf1’ and ‘Leaf2’ VPC’s as well:
Here is a summary of all 3 VPC’s:
Note that we have disabled machines (VM’s) to not be accessible from the Internet for some of the subnets by ‘enabling’ Private Google Access for those subnets. More information on Private Google Access is available here – https://cloud.google.com/vpc/docs/configure-private-google-access
Add Firewall Rules
- We will create a firewall rule for SSH access into all the VM’s in the VPC from the Internet. From within the VPC Dashboard click on ‘Firewall Rules’:
Then, click on ‘Create Firewall Rule’
Assign this new ‘Firewall Rule’ an appropriate name, ‘Network’ should be auto selected as we initiated the Firewall Rule creation from within the VPC, and change the ‘Target’ to ‘All instance in the network’:
Specify the ‘Source IP Range’, ‘Specified protocols and ports’ and click on ‘Create’:
Similarly, create a ‘Firewall rule’ for all the other VPC’s we created (Leaf1 and Leaf2).
- We will also create firewall rules to allow unfederated access between the Edge1, Leaf1 and Leaf2 VPC’s. These following examples demonstrate creation of firewall rules for the Edge1 VPC only.
Similarly, create firewalls for Leaf1 and Leaf2 VPC’s. Here is a summary of all the firewall rules for all the VPC’s
Edge1:
Leaf1:
Leaf2:
Create VPC Peerings
A VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Based on our topology, this VPC Peering is mainly for IP reachability between the Infrastructure links, i.e connectivity between 110.2.0.0/24 <> 111.2.0.0/24 and 110.2.0.0/24 <> 112.2.0.0/24. This will ensure VXLAN, BGP and IPSec connectivity between GCP-Edge1a/b CloudEOS Routers and GCP-Leaf1a/b as well as GCP-Leaf2a/b Routers. By default, GCP will enable routing between all the subnets of VPCs that peer with one another. For more information on GCP VPC peering please refer to this link – https://cloud.google.com/vpc/docs/vpc-peering
- From the ‘VPC Network’ dashboard select ‘Create peering connection’:
- Click on ‘Continue’:
- Provide a meaningful name for the VPC peering connection (edge1-to-leaf1), specify the VPC name you want to peer from (edge1), the VPC name you want to peer with (leaf1) and then click on ‘Create’.
Note that we are not exchanging any custom routes hence we will leave everything as default. Think of VPC peering as a route, we just created a route from point A to point B, now we need to create a similar route from Point B to Point A. We will repeat the same steps for all the VPC’s.
‘leaf1-to-edge1’ VPC peering connection:
‘edge1-to-leaf2’ VPC peering connection:
‘leaf2-to-edge1’ VPC peering connection:
Here is a summary of all the VPC peerings we’ve created and are required for our topology:
GCP has a restriction where VPC peers always exchange subnet routes that don’t use privately reused public IP addresses. Networks must explicitly import subnet routes that use privately reused public IP addresses to receive them. Here is the link for more information – https://cloud.google.com/vpc/docs/vpc-peering.
Click on this icon as shown in the image below to launch the cloud shell and then execute all these commands for all the VPC peerings we’ve just built. This will explicitly import the non rfc-1918 addresses we are using in our topology.
- gcloud compute networks peerings update edge1-to-leaf1 –network edge1 –import-subnet-routes-with-public-ip
- gcloud compute networks peerings update leaf1-to-edge1 –network leaf1 –import-subnet-routes-with-public-ip
- gcloud compute networks peerings update edge1-to-leaf2 –network edge1 –import-subnet-routes-with-public-ip
- gcloud compute networks peerings update leaf2-to-edge1 –network leaf2 –import-subnet-routes-with-public-ip
Upon completion we can validate that all the subnet routes are exchanged for our VPC peerings:
Arista CloudEOS Instances and its Components
In the following sections we will instantiate Arista CloudEOS Router instances and the linux VM’s as machines.
Create a New SSH Key
We will now create a private SSH key file and a matching public SSH key file to control access to the Arista CloudEOS and Linux instances. From a terminal on your workstation and use the ssh-keygen command to generate a new key. Specify the -C flag to add a comment with your username.
Note the location of the files we just created as we will need to open the public key and copy its contents when we create the Arista CloudEOS Router instances and the linux VM’s.
Instantiate a CloudEOS Router instance
In this section we will go through creation of the CloudEOS Router instances.
Click on the ‘Navigation Menu’ (drop down menu top-left of the screen that looks like this: ), hover your mouse over ‘Compute Engine’ and then select ‘VM Instances’:
Click on ‘Create Instance’:
Click on ‘Marketplace’ to search the GCP marketplace for Arista’s CloudEOS Router image:
Select the Arista ‘vEOS Router’ (soon to be rebranded as CloudEOS) Virtual Machine:
Click on ‘Launch’
Copy the contents of the public SSH key file we created earlier:
Create the Arista CloudEOS Router instance ‘gcp-edge1a’ as shown below. Paste the contents of the public SSH key file in the ‘ssh key’ section. Click on ‘Deploy’:
Similarly, create gcp-edge1b’, ‘gcp-leaf1a’, ‘gcp-leaf1b’, ‘gcp-leaf2a’ and ‘gcp-leaf2b’ VM’s.
Here is a list of all the CloudEOS Router instances we just created:
Instantiate Linux instances
We will create 4 Ubuntu linux instances as per our topology for hosts shown as gcp-dev1, gcp-prod1, gcp-prod2 and gcp-dev2.
We’ve assigned these VM’s proper network tags based on the VPC and Zone they are in, such as:
- gcp-dev1 has been assigned a network tag of ‘leaf1-zone1’.
- gcp-prod1 has been assigned a network tag of ‘leaf1-zone2’.
- gcp-dev2 has been assigned a network tag of ‘leaf2-zone1’.
- gcp-prod2 has been assigned a network tag of ‘leaf2-zone2’.
Update Routing Tables
Creation of the VPC will create and associate a Routing Table for each subnet within the VPC. We will create a new route for the VM instances with appropriate network tags and add routes for Leaf2 CIDR via Leaf1 CloudEOS Routers and vice-versa. During VM instance instantiation we will tag them with appropriate tags based on which the routes will be applied. We will follow this logic:
- VM instances in the ‘us-east-1b’ zone of us-east1 will get the tag of ‘leaf1-zone1’ and ‘leaf2-zone1’.
- VM instances in the ‘us-east-1c’ zone of us-east1 will get the tag of ‘leaf1-zone2’ and ‘leaf2-zone2’.
Click on the ‘Navigation Menu’ (drop down menu top-left of the screen that looks like this: ), select ‘VPC Networks’ and then click ‘Create Route’:
Here is an example of route for VM instances in Leaf1 VPC’s Zone1 as per our topology.
Similarly we will create routes for the remaining zones in both the leaf VPC’s. Note that we have added destination IP range of Leaf2 VPC for leaf1-zone1/zone2 routes and destination IP range of Leaf1 VPC for leaf2-zone1/zone2 routes. This will take care of bidirectional routing for both the Leaf1 and Leaf2 VPC’s.
Connect to the CloudEOS Router instances and Linux VM’s
CloudEOS Router instances and the Linux VM’s are accessible via the external IP that gets assigned to them dynamically.
- Here is a list of all the CloudEOS Router instances and Linux VM’s that we’ve instantiated:
Once you determine the external IP of the instance you’d like to connect to, reference the SSH key we created in the Create a New SSH Key section and specify the username associated with that key while trying to SSH to the instance:
CloudEOS Router configuration
We will configure the CloudEOS instances and utilize DPS for the underlay reachability. We will then configure VXLAN with BGP eVPN as the control plane. Please note that due to lack of layer-2 support in the public cloud VXLAN will provide L3VPN functionality only and we will only be exchanging type-5 routes using BGP eVPN.
- Configure Dynamic Path Selection as described in the EOS manual – https://www.arista.com/en/cg-veos-router/veos-router-dynamic-path-selection
Define ‘Ethernet100’ on all the CloudEOS Routers and an associated ARP entry:
interface Ethernet100
mtu 1400
no switchport
ip address 10.10.10.1/24
tcp mss ceiling ipv4 1350
!
arp 10.10.10.254 00:00:10:10:10:54 arpa
-
- Create Loopback interfaces for VTEP IP (Loopback0) for the VXLAN overlay peering. We will also create an additional Loopback1 interface for testing routing in the overlay.
Edge1a | Edge1b | Leaf1a | Leaf1b | Leaf2a | Leaf2b |
interface Loopback0
ip address 10.10.1.1/32 ! interface Loopback1 ip address 10.10.2.1/32 |
interface Loopback0
ip address 10.10.1.2/32 ! interface Loopback1 ip address 10.10.2.2/32 |
interface Loopback0
ip address 10.10.1.3/32 ! interface Loopback1 ip address 10.10.2.3/32 |
interface Loopback0
ip address 10.10.1.4/32 ! interface Loopback1 ip address 10.10.2.4/32 |
interface Loopback0
ip address 10.10.1.5/32 ! interface Loopback1 ip address 10.10.2.5/32 |
interface Loopback0
ip address 10.10.1.6/32 ! interface Loopback1 ip address 10.10.2.6/32 |
- Define paths between the CloudEOS Routers and a load balancing policy for the ‘default’ VRF. We will also create a static route(s) for reachability to the Edge/Leaf VPC’s CloudEOS Routers. This static route will provide underlay reachability via the Ethernet100 interface utilizing DPS.
Edge1a | Edge1b | Leaf1a | Leaf1b | Leaf2a | Leaf2b |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.3 ipv4 address 111.2.0.2 ! peer static router-ip 10.10.1.4 ipv4 address 111.2.2.2 ! peer static router-ip 10.10.1.5 ipv4 address 112.2.0.2 ! peer static router-ip 10.10.1.6 ipv4 address 112.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.3/32 10.10.10.254 ip route 10.10.1.4/32 10.10.10.254 ip route 10.10.1.5/32 10.10.10.254 ip route 10.10.1.6/32 10.10.10.254 |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.3 ipv4 address 111.2.0.2 ! peer static router-ip 10.10.1.4 ipv4 address 111.2.2.2 ! peer static router-ip 10.10.1.5 ipv4 address 112.2.0.2 ! peer static router-ip 10.10.1.6 ipv4 address 112.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.3/32 10.10.10.254 ip route 10.10.1.4/32 10.10.10.254 ip route 10.10.1.5/32 10.10.10.254 ip route 10.10.1.6/32 10.10.10.254 |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.1 ipv4 address 110.2.0.2 ! peer static router-ip 10.10.1.2 ipv4 address 110.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.1/32 10.10.10.254 ip route 10.10.1.2/32 10.10.10.254 |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.1 ipv4 address 110.2.0.2 ! peer static router-ip 10.10.1.2 ipv4 address 110.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.1/32 10.10.10.254 ip route 10.10.1.2/32 10.10.10.254 |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.1 ipv4 address 110.2.0.2 ! peer static router-ip 10.10.1.2 ipv4 address 110.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.1/32 10.10.10.254 ip route 10.10.1.2/32 10.10.10.254 |
router path-selection
path-group East-West local interface Ethernet1 ! peer static router-ip 10.10.1.1 ipv4 address 110.2.0.2 ! peer static router-ip 10.10.1.2 ipv4 address 110.2.2.2 ! load-balance policy East-West path-group East-West ! policy East-West default-match load-balance East-West ! vrf default path-selection-policy East-West ! ip route 10.10.1.1/32 10.10.10.254 ip route 10.10.1.2/32 10.10.10.254 |
- The CloudEOS instances we provisioned only support a single Ethernet interface in the same VPC due to GCP limitation. We will utilize the ‘default’ VRF as the Ethernet1 interface cannot reside in a non-default VRF for DPS. Ethernet1 interfaces on all the CloudEOS instances comes up as a DHCP client with the statically reserved IP that we assigned based on our topology. We will change the IP to static and as a result statically create the default route which would be installed as ‘DHCP client installed default route’.
Edge1a | Edge1b | Leaf1a | Leaf1b | Leaf2a | Leaf2b |
interface Ethernet1
mtu 1460 no switchport ip address 110.2.0.2/24 ! ip route 0.0.0.0/0 110.2.0.1 |
interface Ethernet1
mtu 1460 no switchport ip address 110.2.2.2/24 ! ip route 0.0.0.0/0 110.2.2.1 |
interface Ethernet1
mtu 1460 no switchport ip address 111.2.0.2/24 ! ip route 0.0.0.0/0 111.2.0.1 |
interface Ethernet1
mtu 1460 no switchport ip address 111.2.2.2/24 ! ip route 0.0.0.0/0 111.2.2.1 |
interface Ethernet1
mtu 1460 no switchport ip address 112.2.0.2/24 ! ip route 0.0.0.0/0 112.2.0.1 |
interface Ethernet1
mtu 1460 no switchport ip address 112.2.2.2/24 ! ip route 0.0.0.0/0 112.2.2.1 |
- Enable routing protocols model multi-agent for EVPN address-family support with this command:
service routing protocols model multi-agent.
Reload all the CloudEOS Routers.
- Define VXLAN interface, enable routing and configure BGP for the overlay.
Edge1a | Edge1b | Leaf1a | Leaf1b | Leaf2a | Leaf2b |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 10.10.2.1/32 seq 20 permit 10.10.2.3/32 seq 30 permit 111.2.1.0/24 seq 40 permit 10.10.2.4/32 seq 50 permit 111.2.3.0/24 seq 60 permit 10.10.2.5/32 seq 70 permit 112.2.1.0/24 seq 80 permit 10.10.2.6/32 seq 90 permit 112.2.3.0/24 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised set community 10:10 ! router bgp 65100 router-id 10.10.1.1 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayLeafs peer group neighbor OverlayLeafs remote-as 65100 neighbor OverlayLeafs update-source Loopback0 neighbor OverlayLeafs bfd neighbor OverlayLeafs send-community extended neighbor OverlayLeafs maximum-routes 12000 neighbor 10.10.1.3 peer group OverlayLeafs neighbor 10.10.1.3 remote-as 65100 neighbor 10.10.1.4 peer group OverlayLeafs neighbor 10.10.1.4 remote-as 65100 neighbor 10.10.1.5 peer group OverlayLeafs neighbor 10.10.1.5 remote-as 65100 neighbor 10.10.1.6 peer group OverlayLeafs neighbor 10.10.1.6 remote-as 65100 ! address-family evpn neighbor OverlayLeafs activate ! address-family ipv4 no neighbor OverlayLeafs activate network 10.10.2.1/32 ! vrf default rd 10.10.1.1:100 route-target import evpn 65100:100 route-target import evpn 65100:200 route-target export evpn 65100:1000 route-target export evpn route-map allow-out route-target export evpn imported-route |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 10.10.2.1/32 seq 20 permit 10.10.2.3/32 seq 30 permit 111.2.1.0/24 seq 40 permit 10.10.2.4/32 seq 50 permit 111.2.3.0/24 seq 60 permit 10.10.2.5/32 seq 70 permit 112.2.1.0/24 seq 80 permit 10.10.2.6/32 seq 90 permit 112.2.3.0/24 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised set community 10:10 ! router bgp 65100 router-id 10.10.1.2 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayLeafs peer group neighbor OverlayLeafs remote-as 65100 neighbor OverlayLeafs update-source Loopback0 neighbor OverlayLeafs bfd neighbor OverlayLeafs send-community extended neighbor OverlayLeafs maximum-routes 12000 neighbor 10.10.1.3 peer group OverlayLeafs neighbor 10.10.1.3 remote-as 65100 neighbor 10.10.1.4 peer group OverlayLeafs neighbor 10.10.1.4 remote-as 65100 neighbor 10.10.1.5 peer group OverlayLeafs neighbor 10.10.1.5 remote-as 65100 neighbor 10.10.1.6 peer group OverlayLeafs neighbor 10.10.1.6 remote-as 65100 ! address-family evpn neighbor OverlayLeafs activate ! address-family ipv4 no neighbor OverlayLeafs activate network 10.10.2.1/32 ! vrf default rd 10.10.1.2:100 route-target import evpn 65100:100 route-target import evpn 65100:200 route-target export evpn 65100:1000 route-target export evpn route-map allow-out route-target export evpn imported-route |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 111.2.1.0/24 seq 20 permit 10.10.2.3/32 ! ip route 111.2.1.0/24 111.2.0.1 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised ! router bgp 65100 router-id 10.10.1.3 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayEdges peer group neighbor OverlayEdges remote-as 65100 neighbor OverlayEdges update-source Loopback0 neighbor OverlayEdges bfd neighbor OverlayEdges send-community extended neighbor OverlayEdges maximum-routes 12000 neighbor 10.10.1.1 peer group OverlayEdges neighbor 10.10.1.2 peer group OverlayEdges ! address-family evpn neighbor OverlayEdges activate ! address-family ipv4 no neighbor OverlayEdges activate network 10.10.2.3/32 network 111.2.1.0/24 ! vrf default rd 10.10.1.3:100 route-target import evpn 65100:1000 route-target export evpn 65100:100 route-target export evpn route-map allow-out |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 111.2.3.0/24 seq 20 permit 10.10.2.4/32 ! ip route 111.2.3.0/24 111.2.2.1 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised ! router bgp 65100 router-id 10.10.1.4 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayEdges peer group neighbor OverlayEdges remote-as 65100 neighbor OverlayEdges update-source Loopback0 neighbor OverlayEdges bfd neighbor OverlayEdges send-community extended neighbor OverlayEdges maximum-routes 12000 neighbor 10.10.1.1 peer group OverlayEdges neighbor 10.10.1.2 peer group OverlayEdges ! address-family evpn neighbor OverlayEdges activate ! address-family ipv4 no neighbor OverlayEdges activate network 10.10.2.4/32 network 111.2.3.0/24 ! vrf default rd 10.10.1.4:100 route-target import evpn 65100:1000 route-target export evpn 65100:100 route-target export evpn route-map allow-out |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 112.2.1.0/24 seq 20 permit 10.10.2.5/32 ! ip route 112.2.1.0/24 112.2.0.1 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised ! router bgp 65100 router-id 10.10.1.5 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayEdges peer group neighbor OverlayEdges remote-as 65100 neighbor OverlayEdges update-source Loopback0 neighbor OverlayEdges bfd neighbor OverlayEdges send-community extended neighbor OverlayEdges maximum-routes 12000 neighbor 10.10.1.1 peer group OverlayEdges neighbor 10.10.1.2 peer group OverlayEdges ! address-family evpn neighbor OverlayEdges activate ! address-family ipv4 no neighbor OverlayEdges activate network 10.10.2.5/32 network 112.2.1.0/24 ! vrf default rd 10.10.1.5:100 route-target import evpn 65100:1000 route-target export evpn 65100:100 route-target export evpn route-map allow-out |
interface Vxlan1
vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vrf default vni 100 ! ip routing ! ip prefix-list to-be-advertised seq 10 permit 112.2.3.0/24 seq 20 permit 10.10.2.6/32 ! ip route 112.2.3.0/24 112.2.2.1 ! route-map allow-out permit 10 match ip address prefix-list to-be-advertised ! router bgp 65100 router-id 10.10.1.6 distance bgp 20 200 200 maximum-paths 16 neighbor OverlayEdges peer group neighbor OverlayEdges remote-as 65100 neighbor OverlayEdges update-source Loopback0 neighbor OverlayEdges bfd neighbor OverlayEdges send-community extended neighbor OverlayEdges maximum-routes 12000 neighbor 10.10.1.1 peer group OverlayEdges neighbor 10.10.1.2 peer group OverlayEdges ! address-family evpn neighbor OverlayEdges activate ! address-family ipv4 no neighbor OverlayEdges activate network 10.10.2.6/32 network 112.2.3.0/24 ! vrf default rd 10.10.1.36100 route-target import evpn 65100:1000 route-target export evpn 65100:100 route-target export evpn route-map allow-out |
Please note that we’ve had to explicitly accept and advertise the prefixes to / from Leaf CloudEOS instances at the Edge layer only because we are using the ‘default’ VRF. Routes in default VRF are not exported until an explicit route-map allowing routes to get exported is not configured.