Posted on September 3, 2019 5:32 pm
 |  Asked by Martin
 |  389 views
1
0
Print Friendly, PDF & Email

Hello
I am not able to establish BGP VPN between a leaf [10.0.250.11] and spine [10.0.250.1].

See BGP show command output below. I also uploaded config and capture for more details.

Thanks,

leaf1#ping 10.0.250.1
PING 10.0.250.1 (10.0.250.1) 72(100) bytes of data.
80 bytes from 10.0.250.1: icmp_seq=1 ttl=64 time=20.0 ms
80 bytes from 10.0.250.1: icmp_seq=2 ttl=64 time=16.0 ms
80 bytes from 10.0.250.1: icmp_seq=3 ttl=64 time=12.0 ms

spine1#ping 10.0.250.11
PING 10.0.250.11 (10.0.250.11) 72(100) bytes of data.
80 bytes from 10.0.250.11: icmp_seq=1 ttl=64 time=16.0 ms

spine1#sh ip bgp
BGP routing table information for VRF default
Router identifier 10.0.250.1, local AS number 65000
Route status codes: s – suppressed, * – valid, > – active, # – not installed, E – ECMP head, e – ECMP
S – Stale, c – Contributing to ECMP, b – backup
% – Pending BGP convergence
Origin codes: i – IGP, e – EGP, ? – incomplete
AS Path Attributes: Or-ID – Originator ID, C-LST – Cluster List, LL Nexthop – Link Local Nexthop

Network Next Hop Metric LocPref Weight Path
* > 10.0.250.1/32 – – – 0 i
* > 10.0.250.11/32 10.0.1.2 – 100 0 65001 i

spine1#

==============================================================================
leaf1#sh ip bgp
BGP routing table information for VRF default
Router identifier 10.0.250.11, local AS number 65001
Route status codes: s – suppressed, * – valid, > – active, # – not installed, E – ECMP head, e – ECMP
S – Stale, c – Contributing to ECMP, b – backup
% – Pending BGP convergence
Origin codes: i – IGP, e – EGP, ? – incomplete
AS Path Attributes: Or-ID – Originator ID, C-LST – Cluster List, LL Nexthop – Link Local Nexthop

Network Next Hop Metric LocPref Weight Path
* > 10.0.250.1/32 10.0.1.1 – 100 0 65000 i
* > 10.0.250.2/32 10.0.2.1 – 100 0 65000 i
* > 10.0.250.11/32 – – – 0 i

========================================================================
spine1#sh bgp neighbors 10.0.250.11
BGP neighbor is 10.0.250.11, remote AS 65001, external link
BGP version 4, remote router ID 0.0.0.0, VRF default
Inherits configuration from and member of peer-group evpn
Last read 00:01:47, last write 00:01:47
Hold time is 0, keepalive interval is 0 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Hold timer is inactive
Keepalive timer is inactive
Connect timer is active, time left: 00:00:58
Connection interval is 148 seconds
Failed connection attempts is 56
Idle-restart timer is inactive
BGP state is Connect
Peering failure hint: Cease/connection rejected
Number of transitions to established: 0
Last state was Idle
Last event was Start
Last rcvd notification:Cease/connection rejected, Last time 00:01:47, First time 02:07:17, Repeats 45
Last sent socket-error:Connect (Network is unreachable), Last time 02:08:29, First time 02:08:51, Repeats 5
Neighbor Capabilities:
Multiprotocol L2VPN EVPN: advertised
Four Octet ASN: advertised
Send End-of-RIB messages: advertised
Additional-paths recv capability:
L2VPN EVPN: advertised
Additional-paths send capability:
L2VPN EVPN:
Graceful Restart advertised:
Restart-time is 300
Restarting: no
Restart timer is inactive
End of rib timer is inactive
Message Statistics:
Sent Rcvd
Opens: 46 0
Updates: 0 0
Keepalives: 0 0
Notifications: 0 46
Route-Refresh: 0 0
Total messages: 46 46
Prefix Statistics:
Sent Rcvd
IPv4 Unicast: – 0
IPv6 Unicast: – 0
Configured maximum total number of routes is 12000, warning only
Local AS is 65000, local router ID 10.0.250.1
TTL is 3, external peer can be 3 hops away
Local TCP address is 10.0.250.1

========================================================

leaf1#sh bgp neighbors 10.0.250.1
BGP neighbor is 10.0.250.1, remote AS 65000, external link
BGP version 4, remote router ID 0.0.0.0, VRF default
Inherits configuration from and member of peer-group evpn
Last read 02:11:54, last write 02:11:54
Hold time is 0, keepalive interval is 0 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Hold timer is inactive
Keepalive timer is inactive
Connect timer is inactive
Idle-restart timer is inactive
BGP state is Idle, Missing local addresses for activated AFI/SAFIs
Peering failure hint: Missing local addresses for activated AFI/SAFIs
Number of transitions to established: 0
Last state was Idle
Last event was Open
Last sent notification:Cease/connection rejected, Last time 00:36:44, First time 02:08:24, Repeats 33
Neighbor Capabilities:
Restart timer is inactive
End of rib timer is inactive
Message Statistics:
Sent Rcvd
Opens: 0 46
Updates: 0 0
Keepalives: 0 0
Notifications: 46 0
Route-Refresh: 0 0
Total messages: 46 46
Prefix Statistics:
Sent Rcvd
IPv4 Unicast: – 0
IPv6 Unicast: – 0
Configured maximum total number of routes is 12000, warning only
Local AS is 65001, local router ID 10.0.250.11

0
Answered on September 3, 2019 11:45 pm

Hi Martin,

Thank you for writing to the forum. Could you try with the following command:

“bgp next-hop-unchanged” under the EVPN family under BGP section?

If that does not work, I recommend that we open a case with Arista support by sharing a copy of “show tech” from both the devices.

Thanks,

0
Posted by Johan Ervenius
Answered on September 4, 2019 8:12 am

Hi Martin,

Try adding “bgp next-hop-unchanged” to the evpn address-family within the BGP config. I quickly tested your config both with EOS 4.19.10 and a very recent release and I did get the EVPN BGP session established in the recent version but not in 4.19.10 without this command.

Thanks,
Johan

Hi Johan,
I thank you for your input; please take a look at the bgp configuration below [leaf and spine]; currently, this command ‘bgp next=hop-unchanged’ is only added to the spine. Did you apply this command on both, leaf and spine, to get it working? Based on Section 23.7 Sample Configuration, it is recommended to have this command in place on the spine: ‘Since the spine is acting like a route-reflector for EVPN routes, make sure to configure the next-hop-unchanged’, https://www.arista.com/en/um-eos/eos-section-23-7-sample-configurations.
I am using vEOS-4-19.10M.

Thanks again,

Martin

spine1
router bgp 65000
router-id 10.0.250.1
no bgp default ipv4-unicast
distance bgp 20 200 200
maximum-paths 4 ecmp 64
neighbor evpn peer-group
neighbor evpn next-hop-unchanged
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor 10.0.1.2 remote-as 65001
neighbor 10.0.1.2 maximum-routes 12000
:
neighbor 10.0.250.11 peer-group evpn
neighbor 10.0.250.11 remote-as 65001

address-family evpn
neighbor evpn activate
!
address-family ipv4
neighbor 10.0.1.2 activate
network 10.0.250.1/32

=======================================

leaf1
router bgp 65001
router-id 10.0.250.11
no bgp default ipv4-unicast
distance bgp 20 200 200
maximum-paths 4 ecmp 64
neighbor evpn peer-group
neighbor evpn remote-as 65000
neighbor evpn update-source Loopback0
neighbor evpn ebgp-multihop 3
neighbor evpn send-community extended
neighbor evpn maximum-routes 12000 warning-only
neighbor underlay_eBGP peer-group
neighbor underlay_eBGP remote-as 65000
neighbor underlay_eBGP maximum-routes 12000 warning-only
neighbor underlay_iBGP peer-group
neighbor underlay_iBGP remote-as 65001
neighbor underlay_iBGP next-hop-self
neighbor underlay_iBGP maximum-routes 12000 warning-only
neighbor 10.0.1.1 peer-group underlay_eBGP
neighbor 10.0.2.1 peer-group underlay_eBGP
neighbor 10.0.3.2 peer-group underlay_iBGP
neighbor 10.0.250.1 peer-group evpn
neighbor 10.0.250.2 peer-group evpn
!
address-family evpn
neighbor evpn activate
!
address-family ipv4
neighbor underlay_eBGP activate
neighbor underlay_iBGP activate
network 10.0.250.11/32

(Martin at September 4, 2019 9:42 pm)
0
Posted by Martin
Answered on September 4, 2019 10:54 pm

Hi Johan,
I just want to add some more information about the BGP message exchange.
Reviewing the captures:
BGP HUB [spine, 10.0.250.1] is sending BGP Open message including the optional parameters [see list below], which is rejected by the BGP speaker [leaf, 10.0.250.11] by sending a notification message:
‘Sep 3 03:07:41 spine1 Bgp: %BGP-3-NOTIFICATION: received from neighbor 10.0.250.11 (VRF default AS 65001) 6/5 (Cease/connection rejected) 0 bytes’.
According to RFC 4486, Subcode 6/5 defines ‘Other Configuration Change/Connection Rejected’
‘If a BGP speaker decides to disallow a BGP connection (e.g., the peer is not configured locally) after the speaker accepts a transport protocol connection, then the BGP speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode “Connection Rejected“.’
‘If a BGP speaker decides to administratively reset the peering with a neighbor due to a configuration change other than the ones described above, then the speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode “Other Configuration Change“.’

The output of ‘show bgp neighbors 10.0.250.1′ indicates:
BGP state is Idle, Missing local addresses for activated AFI/SAFIs
Peering failure hint: Missing local addresses for activated AFI/SAFI’

And the output of ‘show bgp neighbors 10.0.250.11’ indicates:
BGP state is Connect
Peering failure hint: Cease/connection rejected
Number of transitions to established: 0
Last state was Idle
Last event was Start
Last rcvd notification:Cease/connection rejected, Last time 00:01:47, First time 02:07:17, Repeats 45
Last sent socket-error:Connect (Network is unreachable), Last time 02:08:29, First time 02:08:51, Repeats 5

BGP – Open Message sent by spine – Optional Parameters:
==>Parameter Type: Capability (2)
==>Parameter Length: 22
Capability: Graceful Restart capability
Type: Graceful Restart capability (64)
Length: 2
Restart Timers: 0x012x
Capability: Multiprotocol extensions capability
Type: Multiprotocol extensions capability (1)
Length: 4
AFI: Layer-2 VPN (25)
Reserved: 00
SAFI: EVPN (70)
Capability: Support for 4-octet AS number capability
Type: Support for 4-octet AS number capability (65)
Length: 4
AS Number 65000
Capability: Support for Additional Paths
Type: Support for Additional Paths (69)
Length: 4
AFI: Layer-2 VPN (25)
SAFI: EVPN (70)
Send/receive: Receive (1)

Attached you will find the output of the BGP neighbor commands plus a zipped pcap file.

Regards,

Martin

0
Posted by Johan Ervenius
Answered on September 4, 2019 11:18 pm

Hi Martin,

You are right in that next-hop-unchanged should only have to be configured on the spine. It does resolve the issue though by configuring it on the leaf as well. Removing it from the spine will give you the same error message on the spine.

This might be a bug that exists in 4.19.10, even though I could not find anything supporting that. I have however confirmed that upgrading to 4.20.14 or 4.22.1 resolves the issue. Given that 4.19 is no longer an active release train you might want to consider upgrading to a later EOS release. Also, there’s been quite a lot of features added in this area since 4.19 so it might be useful to upgrade to get access to those.

Thanks,
Johan

0
Posted by Alex
Answered on September 5, 2019 1:25 pm

Hi, the BGP EVPN session is running on the loopback IPs of both switches, can you confirm you have a route for each loopback on the remote nodes.

Can you also send the output of the following commands:

show ip route
show ip bgp summary
show ip bgp neighbors
show bgp evpn summary

As Johan mentioned I would advice upgrading to later EOS version

Thanks

Alex

0
Posted by Upasana Dangi
Answered on September 5, 2019 8:18 pm

Hi Martin,

Just wanted to add a bit more information regarding the behavior you are observing.

With the 4.19.x EOS image the spine device requires next-hop unchanged configuration to allow an EVPN neighborship to come up.

On the leaf this configuration is not needed as on VxLAN VTEPs we by default relax the need to have “bgp next-hop-unchanged” configured on EVPN neighborships. A VTEP is identified by the “interface vxlan 1” configuration on the same.

Looking at your attached files in the current stage of config, since the leaf did not have “interface vxlan 1” configured, next-hop unchanged would be needed to bring up the EVPN neighborship with the spine as EOS would have no indication that the intended leaf switch is a VTEP w/o the required vxlan configurations.

Starting EOS version 4.20.5F, we tweaked the behavior to allow EVPN neighborship to come up without explicitly needing the “bgp next-hop-unchanged” command on devices which do not have “int vxlan 1” which would explain the observation you see with EOS versions 4.20.14M and 4.22.1F.

Hope this helps!

I thank you all for your comments, which I highly appreciate.
It seems that Johan is correct; after adding the bgp next-hop-unchanged parameter to the leaf too, the BGP EVNP was able to be established.
Yes, I can also confirm that the routes for the loopback IFs were in place, since the underlying eBGP between the spine and leaf was successfully established.

For testing purposes I am running this environment on GNS3. Unfortunately, GNS3’s application file does not support the latest available vEOS files; example GNS3 vEOS-lab-4.22.0F.vmd vs. Arista vEOS-lab-4.22.1F.vmdk.

spine1#sh ip bgp
BGP routing table information for VRF default
Router identifier 10.0.250.1, local AS number 65000
Route status codes: s – suppressed, * – valid, > – active, # – not installed, E – ECMP head, e – ECMP
S – Stale, c – Contributing to ECMP, b – backup
% – Pending BGP convergence
Origin codes: i – IGP, e – EGP, ? – incomplete
AS Path Attributes: Or-ID – Originator ID, C-LST – Cluster List, LL Nexthop – Link Local Nexthop

Network Next Hop Metric LocPref Weight Path
* > 10.0.250.1/32 – – – 0 i
* > 10.0.250.11/32 10.0.1.2 – 100 0 65001 i

leaf1#sh ip bgp
BGP routing table information for VRF default
Router identifier 10.0.250.11, local AS number 65001
Route status codes: s – suppressed, * – valid, > – active, # – not installed, E – ECMP head, e – ECMP
S – Stale, c – Contributing to ECMP, b – backup
% – Pending BGP convergence
Origin codes: i – IGP, e – EGP, ? – incomplete
AS Path Attributes: Or-ID – Originator ID, C-LST – Cluster List, LL Nexthop – Link Local Nexthop

Network Next Hop Metric LocPref Weight Path
* > 10.0.250.1/32 10.0.1.1 – 100 0 65000 i
* > 10.0.250.2/32 10.0.2.1 – 100 0 65000 i
* > 10.0.250.11/32 – – – 0 i

=========================================================
spine1#sh bgp evpn summary
BGP summary information for VRF default
Router identifier 10.0.250.1, local AS number 65000
Neighbor Status Codes: m – Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc
10.0.250.11 4 65001 56 57 0 0 00:38:03 Estab 0 0
10.0.250.12 4 65001 40 39 0 0 00:31:06 Estab 0 0
10.0.250.13 4 65002 20 20 0 0 00:13:10 Estab 0 0
10.0.250.14 4 65002 17 17 0 0 00:09:49 Estab 0 0
10.0.250.15 4 65003 9 9 0 0 00:05:55 Estab 0 0
10.0.250.16 4 65003 9 8 0 0 00:05:17 Estab 0 0
10.0.250.17 4 65004 5 5 0 0 00:01:10 Estab 0 0
10.0.250.18 4 65004 4 4 0 0 00:00:36 Estab 0 0

(Martin at September 6, 2019 3:59 am)
0
Posted by JEAN-CLAUDE RIOPEL
Answered on September 18, 2019 5:28 am

Hi Martin,

See below config…note though that channel-group is ‘on’ as vEOS and LACP doesn’t seem to work. Version 4.19…..

!-spine1
interface Ethernet1
description eBGP_UL CL201:eth1
logging event link-status
no switchport
ip address 10.239.56.29/30
arp timeout 900
ipv6 enable
!
interface Ethernet2
description eBGP_UL CL202:eth1
logging event link-status
no switchport
ip address 10.239.56.33/30
arp timeout 900
ipv6 enable
!
interface Ethernet3
description eBGP_UL CL203:eth1
logging event link-status
no switchport
ip address 10.239.56.37/30
arp timeout 900
ipv6 enable
!
interface Ethernet4
description eBGP_UL CL204:eth1
logging event link-status
no switchport
ip address 10.239.56.41/30
arp timeout 900
ipv6 enable
!
interface Ethernet5
description eBGP_UL BL501:eth1
logging event link-status
no switchport
ip address 10.239.56.45/30
arp timeout 900
ipv6 enable
!
interface Ethernet6
description eBGP_UL BL502:eth1
logging event link-status
no switchport
ip address 10.239.56.49/30
arp timeout 900
ipv6 enable
!
interface Ethernet7
no switchport
ipv6 enable
!
interface Ethernet8
no switchport
ipv6 enable
!
interface Loopback0
description eVPN Overlay Peering
ip address 10.239.54.1/32
!
interface Management1
ip address 192.168.255.11/24
!
ip route 0.0.0.0/0 192.168.255.1
!
ip routing
!
ip prefix-list PLIST_ADV_LOOPS
seq 10 permit 10.239.54.1/32
!
route-map RMAP_ADV_LOOPS permit 10
match ip address prefix-list PLIST_ADV_LOOPS
!
router bgp 65000
router-id 10.239.54.1
distance bgp 20 200 200
maximum-paths 4
neighbor BLP-1-EBGP peer-group
neighbor BLP-1-EBGP remote-as 65003
neighbor BLP-1-EBGP maximum-routes 12000
neighbor BLP-1-EVPN peer-group
neighbor BLP-1-EVPN remote-as 65003
neighbor BLP-1-EVPN next-hop-unchanged
neighbor BLP-1-EVPN update-source Loopback0
neighbor BLP-1-EVPN ebgp-multihop 5
neighbor BLP-1-EVPN send-community extended
neighbor BLP-1-EVPN maximum-routes 12000
neighbor CLP-1-EBGP peer-group
neighbor CLP-1-EBGP remote-as 65001
neighbor CLP-1-EBGP maximum-routes 12000
neighbor CLP-1-EVPN peer-group
neighbor CLP-1-EVPN remote-as 65001
neighbor CLP-1-EVPN next-hop-unchanged
neighbor CLP-1-EVPN update-source Loopback0
neighbor CLP-1-EVPN ebgp-multihop 5
neighbor CLP-1-EVPN send-community extended
neighbor CLP-1-EVPN maximum-routes 12000
neighbor CLP-2-EBGP peer-group
neighbor CLP-2-EBGP remote-as 65002
neighbor CLP-2-EBGP maximum-routes 12000
neighbor CLP-2-EVPN peer-group
neighbor CLP-2-EVPN remote-as 65002
neighbor CLP-2-EVPN next-hop-unchanged
neighbor CLP-2-EVPN update-source Loopback0
neighbor CLP-2-EVPN ebgp-multihop 5
neighbor CLP-2-EVPN send-community extended
neighbor CLP-2-EVPN maximum-routes 12000
neighbor 10.239.54.3 peer-group CLP-1-EVPN
neighbor 10.239.54.4 peer-group CLP-1-EVPN
neighbor 10.239.54.5 peer-group CLP-2-EVPN
neighbor 10.239.54.6 peer-group CLP-2-EVPN
neighbor 10.239.54.7 peer-group BLP-1-EVPN
neighbor 10.239.54.8 peer-group BLP-1-EVPN
neighbor 10.239.56.30 peer-group CLP-1-EBGP
neighbor 10.239.56.34 peer-group CLP-1-EBGP
neighbor 10.239.56.38 peer-group CLP-2-EBGP
neighbor 10.239.56.42 peer-group CLP-2-EBGP
neighbor 10.239.56.46 peer-group BLP-1-EBGP
neighbor 10.239.56.50 peer-group BLP-1-EBGP
redistribute connected route-map RMAP_ADV_LOOPS
!
address-family evpn
bgp next-hop-unchanged
neighbor BLP-1-EVPN activate
neighbor CLP-1-EVPN activate
neighbor CLP-2-EVPN activate
!
address-family ipv4
no neighbor BLP-1-EVPN activate
no neighbor CLP-1-EVPN activate
no neighbor CLP-2-EVPN activate
!
address-family ipv6
no neighbor BLP-1-EVPN activate
no neighbor CLP-1-EVPN activate
no neighbor CLP-2-EVPN activate
!-end spine1

!-leaf 1
vlan 300-305
name VLAN-AWARE-BUNDLE-BLUE
!
vlan 4093
name LEAF-PEER-L3
trunk group LEAF-PEER-L3
!
vlan 4094
name MLAG-PEER
trunk group LEAF-PEER-MLAG
!
vrf definition blue
!
interface Port-Channel1
switchport trunk allowed vlan 300-305
switchport mode trunk
mlag 1
!
interface Port-Channel777
description LACP
switchport trunk allowed vlan 2-4094
switchport mode trunk
switchport trunk group LEAF-PEER-L3
switchport trunk group LEAF-PEER-MLAG
qos trust dscp
no spanning-tree portfast auto
spanning-tree portfast network
!
interface Ethernet1
description EBGP_UL S101:eth1
logging event link-status
no switchport
ip address 10.239.56.30/30
arp timeout 900
!
interface Ethernet2
description EBGP_UL S102:eth1
logging event link-status
no switchport
ip address 10.239.56.54/30
arp timeout 900
!
interface Ethernet3
channel-group 1 mode active
!
interface Ethernet4
!
interface Ethernet5
!
interface Ethernet6
!
interface Ethernet7
description 201-202 MLAG
channel-group 777 mode on
!
interface Ethernet8
description 201-202 MLAG
channel-group 777 mode on
!
interface Loopback0
description EVPN EBGP PEERING
ip address 10.239.54.3/32
!
interface Loopback1
description VTEP-1
ip address 10.239.54.33/32
!
interface Management1
ip address 192.168.255.13/24
!
interface Vlan300
description VMK SVI for vlan 300
vrf forwarding blue
ip address virtual 10.239.53.129/25
!
interface Vlan301
description VMO SVI for vlan 301
vrf forwarding blue
ip address virtual 10.239.53.1/25
!
interface Vlan302
description VSAN SVI for vlan 302
vrf forwarding blue
ip address virtual 10.239.52.1/25
!
interface Vlan303
description NGTZ SVI for vlan 303
vrf forwarding blue
ip address virtual 10.239.55.65/27
!
interface Vlan304
description RILO SVI for vlan 304
vrf forwarding blue
ip address virtual 10.239.54.129/25
!
interface Vlan305
description VREP SVI for vlan 305
vrf forwarding blue
ip address virtual 10.239.55.129/25
!
interface Vlan3000
description SRC-NAT
vrf forwarding blue
ip address 223.255.1.1/30
!
interface Vlan4093
ip address 10.239.56.77/30
!
interface Vlan4094
ip address 10.239.56.81/30
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 300 vni 1300
vxlan vlan 301 vni 1301
vxlan vlan 302 vni 1302
vxlan vlan 303 vni 1303
vxlan vlan 304 vni 1304
vxlan vlan 305 vni 1305
vxlan vrf blue vni 8000
!
ip virtual-router mac-address 02:00:00:00:00:01
!
ip route 0.0.0.0/0 192.168.255.1
!
ip routing
ip routing vrf blue
!
ip prefix-list PLIST_ADV_LOOPS
seq 10 permit 10.239.54.3/32
seq 20 permit 10.239.54.33/32
!
mlag configuration
domain-id 201-202
local-interface Vlan4094
peer-address 10.239.56.82
peer-link Port-Channel777
!
route-map RMAP_ADV_LOOPS permit 10
match ip address prefix-list PLIST_ADV_LOOPS
!
router bgp 65001
router-id 10.239.54.3
maximum-paths 4
neighbor LEAF-PEER peer-group
neighbor LEAF-PEER remote-as 65001
neighbor LEAF-PEER next-hop-self
neighbor LEAF-PEER maximum-routes 25000
neighbor SPINE-EBGP peer-group
neighbor SPINE-EBGP remote-as 65000
neighbor SPINE-EBGP allowas-in 1
neighbor SPINE-EBGP send-community
neighbor SPINE-EBGP maximum-routes 25000
neighbor SPINE-EVPN peer-group
neighbor SPINE-EVPN remote-as 65000
neighbor SPINE-EVPN update-source Loopback0
neighbor SPINE-EVPN ebgp-multihop 5
neighbor SPINE-EVPN send-community extended
neighbor SPINE-EVPN maximum-routes 25000
neighbor 10.239.54.1 peer-group SPINE-EVPN
neighbor 10.239.54.2 peer-group SPINE-EVPN
neighbor 10.239.56.29 peer-group SPINE-EBGP
neighbor 10.239.56.53 peer-group SPINE-EBGP
neighbor 10.239.56.82 peer-group LEAF-PEER
redistribute connected route-map RMAP_ADV_LOOPS
!
vlan-aware-bundle VLAN-AWARE-BUNDLE-BLUE
rd 10.239.54.3:8000
route-target both 8000:8000
redistribute learned
vlan 300-305
!
address-family evpn
neighbor SPINE-EVPN activate
!
address-family ipv4
no neighbor SPINE-EVPN activate
!
address-family ipv6
no neighbor SPINE-EVPN activate
!
vrf blue
rd 10.239.54.1:8000
route-target import 0:8000
route-target export 0:8000
neighbor 223.255.1.2 remote-as 65001
neighbor 223.255.1.2 next-hop-self
neighbor 223.255.1.2 maximum-routes 12000
redistribute connected
!-end leaf 1

!-leaf 2
!
vlan 300-305
name VLAN-AWARE-BUNDLE-BLUE
!
vlan 4093
name LEAF-PEER-L3
trunk group LEAF-PEER-L3
!
vlan 4094
name MLAG-PEER
trunk group LEAF-PEER-MLAG
!
vrf definition blue
!
interface Port-Channel1
switchport trunk allowed vlan 300-305
switchport mode trunk
mlag 1
!
interface Port-Channel10
switchport trunk allowed vlan 300-305
switchport mode trunk
!
interface Port-Channel777
description LACP
switchport trunk allowed vlan 2-4094
switchport mode trunk
switchport trunk group LEAF-PEER-L3
switchport trunk group LEAF-PEER-MLAG
qos trust dscp
no spanning-tree portfast auto
spanning-tree portfast network
!
interface Ethernet1
description EBGP_UL S101:eth2
logging event link-status
no switchport
ip address 10.239.56.34/30
arp timeout 900
!
interface Ethernet2
description EBGP_UL S102:eth2
logging event link-status
no switchport
ip address 10.239.56.58/30
arp timeout 900
!
interface Ethernet3
channel-group 10 mode on
!
interface Ethernet4
switchport access vlan 300
!
interface Ethernet5
!
interface Ethernet6
!
interface Ethernet7
description 201-202 MLAG
channel-group 777 mode on
!
interface Ethernet8
description 201-202 MLAG
channel-group 777 mode on
!
interface Loopback0
description EVPN EBGP PEERING
ip address 10.239.54.4/32
!
interface Loopback1
description VTEP-1
ip address 10.239.54.33/32
!
interface Management1
ip address 192.168.255.14/24
!
interface Vlan300
description VMK SVI for vlan 300
vrf forwarding blue
ip address virtual 10.239.53.129/25
!
interface Vlan301
description VMO SVI for vlan 301
vrf forwarding blue
ip address virtual 10.239.53.1/25
!
interface Vlan302
description VSAN SVI for vlan 302
vrf forwarding blue
ip address virtual 10.239.52.1/25
!
interface Vlan303
description NGTZ SVI for vlan 303
vrf forwarding blue
ip address virtual 10.239.55.65/27
!
interface Vlan304
description RILO SVI for vlan 304
vrf forwarding blue
ip address virtual 10.239.54.129/25
!
interface Vlan305
description VREP SVI for vlan 305
vrf forwarding blue
ip address virtual 10.239.55.129/25
!
interface Vlan3000
description SRC-NAT
vrf forwarding blue
ip address 223.255.1.2/30
!
interface Vlan4093
ip address 10.239.56.78/30
!
interface Vlan4094
ip address 10.239.56.82/30
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 300 vni 1300
vxlan vlan 301 vni 1301
vxlan vlan 302 vni 1302
vxlan vlan 303 vni 1303
vxlan vlan 304 vni 1304
vxlan vlan 305 vni 1305
vxlan vrf blue vni 8000
!
ip virtual-router mac-address 02:00:00:00:00:01
!
ip route 0.0.0.0/0 192.168.255.1
!
ip routing
ip routing vrf blue
!
ip prefix-list PLIST_ADV_LOOPS
seq 10 permit 10.239.54.4/32
seq 20 permit 10.239.54.33/32
!
mlag configuration
domain-id 201-202
local-interface Vlan4094
peer-address 10.239.56.81
peer-link Port-Channel777
!
route-map RMAP_ADV_LOOPS permit 10
match ip address prefix-list PLIST_ADV_LOOPS
!
router bgp 65001
router-id 10.239.54.4
maximum-paths 4
neighbor LEAF-PEER peer-group
neighbor LEAF-PEER remote-as 65001
neighbor LEAF-PEER next-hop-self
neighbor LEAF-PEER maximum-routes 25000
neighbor SPINE-EBGP peer-group
neighbor SPINE-EBGP remote-as 65000
neighbor SPINE-EBGP allowas-in 1
neighbor SPINE-EBGP send-community
neighbor SPINE-EBGP maximum-routes 25000
neighbor SPINE-EVPN peer-group
neighbor SPINE-EVPN remote-as 65000
neighbor SPINE-EVPN update-source Loopback0
neighbor SPINE-EVPN ebgp-multihop 5
neighbor SPINE-EVPN send-community extended
neighbor SPINE-EVPN maximum-routes 25000
neighbor 10.239.54.1 peer-group SPINE-EVPN
neighbor 10.239.54.2 peer-group SPINE-EVPN
neighbor 10.239.56.33 peer-group SPINE-EBGP
neighbor 10.239.56.57 peer-group SPINE-EBGP
neighbor 10.239.56.81 peer-group LEAF-PEER
redistribute connected route-map RMAP_ADV_LOOPS
!
vlan-aware-bundle VLAN-AWARE-BUNDLE-BLUE
rd 10.239.54.4:8000
route-target both 8000:8000
redistribute learned
vlan 300-305
!
address-family evpn
neighbor SPINE-EVPN activate
!
address-family ipv4
no neighbor SPINE-EVPN activate
!
address-family ipv6
no neighbor SPINE-EVPN activate
!
vrf blue
rd 10.239.54.2:8000
route-target import 0:8000
route-target export 0:8000
neighbor 223.255.1.1 remote-as 65001
neighbor 223.255.1.1 next-hop-self
neighbor 223.255.1.1 maximum-routes 12000
redistribute connected
!
end
!-end leaf 2

Post your Answer

You must be logged in to post an answer.