Arista Archives - Lab-It-Up

Arista – Segment Routing MPLS EVPN

7 April 20245 May 2024 nick Leave a comment

IS-IS used for the segment routing. 2 Cisco vIOS devices for the CE’s, with OSPF configured on each

https://www.arista.com/en/solutions/mpls-segment-routing

Exports_eve-ng_export-20240407-091304 Download

PE1

service routing protocols model multi-agent

hostname pe1
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1

interface Loopback0
ip address 5.5.5.5/32
node-segment ipv4 index 10
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 5.5.5.5
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 rib-in pre-policy retain all
neighbor 9.9.9.9 send-community extended

vlan-aware-bundle customer1
rd 5.5.5.5:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 9.9.9.9 activate

router isis 1
net 49.0000.5555.5555.5555.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

service routing protocols model multi-agent

hostname p1
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
node-segment ipv4 index 20
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.6666.6666.6666.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

service routing protocols model multi-agent

hostname p2
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
node-segment ipv4 index 30
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.7777.7777.7777.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

service routing protocols model multi-agent

hostname p3
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
node-segment ipv4 index 40
isis enable 1

ip routing

mpls ip

router isis 1
net 49.0000.8888.8888.8888.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

PE2

service routing protocols model multi-agent

hostname pe2
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
node-segment ipv4 index 50
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 9.9.9.9
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 rib-in pre-policy retain all
neighbor 5.5.5.5 send-community extended

vlan-aware-bundle customer1
rd 9.9.9.9:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 5.5.5.5 activate

router isis 1
net 49.0000.9999.9999.9999.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

OSPF should now be up between the 2 CE devices.

Arista L3VPN

18 February 202418 February 2024 nick Leave a comment

Another L3VPN and the usual topology. IS-IS in the underlay and BGP between PE’s & CE’s.

Exports_eve-ng_export-20240218-161836 Download

vEOS1

hostname veos1
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.1.1.1/30

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1
  
interface Loopback0
ip address 5.5.5.5/32
isis enable 1
  
ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 5.5.5.5:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.1.1.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.5555.5555.5555.00

address-family ipv4 unicast

vEOS2

hostname veos2
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 send-community extended
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended

address-family ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate

address-family vpn-ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.6666.6666.6666.00

address-family ipv4 unicast

vEOS3

hostname veos3
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 route-reflector-client
neighbor 6.6.6.6 send-community extended
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.7777.7777.7777.00

address-family ipv4 unicast

vEOS4

hostname veos4
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
  
address-family ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate

address-family vpn-ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.8888.8888.8888.00

address-family ipv4 unicast

vEOS5

hostname veos5
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.10.10.1/30

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
isis enable 1

ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 9.9.9.9:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.10.10.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.9999.9999.9999.00
!
address-family ipv4 unicast

Cisco vIOS routers used as the CE’s. It doesn’t appear that Arista has the ‘as-override’ command so you will need to use ‘allowas-in’ on the CE’s otherwise routes from the opposing CE will not be imported. This is due to the AS already being in the path and is standard BGP loop protection.

Loopbacks of 11.11.11.11 (ce1) & 12.12.12.12 (ce2) have been configured on the CE’s, redistributed into BGP and visible in the opposing CE’s route table.

Arista VXLAN/EVPN

7 February 202424 March 2024 nick Leave a comment

Spine/leaf topology with OSPF underlay and Spines acting as Route Reflectors

https://www.arista.com/en/um-eos/eos-vxlan-configuration

EVE-NG Import file

Exports_eve-ng_export-20240207-173400 Download

Spine1

conf t

interface Ethernet1
no switchport
ip address 1.1.1.1/30
ip ospf area 0.0.0.0

interface Ethernet2
no switchport
ip address 2.2.2.1/30
ip ospf area 0.0.0.0
  
interface Ethernet3
no switchport
ip address 3.3.3.1/30
ip ospf area 0.0.0.0

interface Loopback0
ip address 5.5.5.5/32
ip ospf area 0.0.0.0

ip routing

router bgp 65400
neighbor SPINE peer group
neighbor SPINE remote-as 65400
neighbor SPINE update-source Loopback0
neighbor SPINE route-reflector-client
neighbor SPINE send-community extended
neighbor 7.7.7.7 peer group SPINE
neighbor 8.8.8.8 peer group SPINE
neighbor 9.9.9.9 peer group SPINE

address-family evpn
neighbor SPINE activate

router ospf 1
router-id 5.5.5.5

Spine2

conf t
interface Ethernet1
no switchport
ip address 11.11.11.1/30
ip ospf area 0.0.0.0
 
interface Ethernet2
no switchport
ip address 12.12.12.1/30
ip ospf area 0.0.0.0
  
interface Ethernet3
no switchport
ip address 13.13.13.1/30
ip ospf area 0.0.0.0

interface Loopback0
ip address 6.6.6.6/32
ip ospf area 0.0.0.0

ip routing

router bgp 65400
neighbor SPINE peer group
neighbor SPINE remote-as 65400
neighbor SPINE update-source Loopback0
neighbor SPINE route-reflector-client
neighbor SPINE send-community extended
neighbor 7.7.7.7 peer group SPINE
neighbor 8.8.8.8 peer group SPINE
neighbor 9.9.9.9 peer group SPINE

address-family evpn
neighbor SPINE activate

router ospf 1
router-id 6.6.6.6

Leaf1

conf t
vlan 1234

interface Ethernet1
no switchport
ip address 1.1.1.2/30
ip ospf area 0.0.0.0

interface Ethernet2
no switchport
ip address 11.11.11.2/30
ip ospf area 0.0.0.0
  
interface Ethernet3
switchport access vlan 1234

interface Loopback0
ip address 7.7.7.7/32
ip ospf area 0.0.0.0

interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 1234 vni 1234

ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

vlan 1234
rd 7.7.7.7:1
route-target both 65400:1
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate
    
router ospf 1
router-id 7.7.7.7

Leaf2

conf t
vlan 1234,2468

interface Ethernet1
no switchport
ip address 2.2.2.2/30
ip ospf area 0.0.0.0
    
interface Ethernet2
no switchport
ip address 12.12.12.2/30
ip ospf area 0.0.0.0
    
interface Ethernet3
switchport access vlan 1234
   
interface Ethernet4
switchport access vlan 2468
    
interface Loopback0
ip address 8.8.8.8/32
ip ospf area 0.0.0.0

interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 1234 vni 1234
vxlan vlan 2468 vni 2468
 
ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended
  
vlan 1234
rd 8.8.8.8:1
route-target both 65400:1
redistribute learned
    
vlan 2468
rd 8.8.8.8:2
route-target both 65400:2
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate

router ospf 1
router-id 8.8.8.8

Leaf3

conf t
vlan 2468
    
interface Ethernet1
no switchport
ip address 3.3.3.2/30
ip ospf area 0.0.0.0
    
interface Ethernet2
no switchport
ip address 13.13.13.2/30
ip ospf area 0.0.0.0

interface Ethernet4
switchport access vlan 2468
    
interface Loopback0
ip address 9.9.9.9/32
ip ospf area 0.0.0.0
  
interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 2468 vni 2468
   
ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

vlan 2468
rd 8.8.8.8:2
route-target both 65400:2
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate
    
router ospf 1
router-id 9.9.9.9

Confirm the BGP sessions have been established by running ‘show bgp evpn summary‘. Below output from leaf2.

vPC6 & vPC8 are in VLAN 1234. vPC7 & vPC9 are in VLAN 2468. Configure IP addresses from the same subnet to each vPC in each VLAN and you should have IP connectivity like below.