Arista – EVPN VPWS

LDP is used for signalling and IS-IS for the IGP with P1 acting as a route reflector. 2 Cisco CE devices with OSPF configured on each.

https://www.arista.com/en/um-eos/eos-configuring-evpn#xx1117976

PE1

service routing protocols model multi-agent

hostname pe1

interface Ethernet1
no switchport
ip address 1.1.1.1/30
isis enable 1

interface Ethernet2
no switchport
interface Ethernet2.909
encapsulation dot1q vlan 909

interface Loopback0
ip address 5.5.5.5/32
isis enable 1

ip routing

mpls ip

mpls ldp
no shutdown

patch panel
patch VPWS
connector 1 interface Ethernet2.909
connector 2 pseudowire bgp vpws PE2 pseudowire VPWS

router bgp 65400
router-id 5.5.5.5
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community

vpws PE2
rd 5.5.5.5:909
route-target import export evpn 65400:909
mpls control-word

pseudowire VPWS
evpn vpws id local 909 remote 910

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 6.6.6.6 activate

router isis 1
net 49.0000.5555.5555.5555.00
is-type level-2
address-family ipv4 unicast

P1

service routing protocols model multi-agent

hostname p1

interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
isis enable 1

ip routing

mpls ip

mpls ldp
no shutdown

router bgp 65400
router-id 6.6.6.6
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 send-community
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate

router isis 1
net 49.0000.6666.6666.6666.00
is-type level-2
address-family ipv4 unicast

PE2

service routing protocols model multi-agent

hostname pe2

interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
interface Ethernet2.909
encapsulation dot1q vlan 909

interface Loopback0
ip address 7.7.7.7/32
isis enable 1

ip routing

mpls ip

mpls ldp
no shutdown

patch panel
patch VPWS
connector 1 interface Ethernet2.909
connector 2 pseudowire bgp vpws PE2 pseudowire VPWS

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community

vpws PE2
rd 7.7.7.7:909
route-target import export evpn 65400:909
mpls control-word

pseudowire VPWS
evpn vpws id local 910 remote 909

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 6.6.6.6 activate

router isis 1
net 49.0000.7777.7777.7777.00
is-type level-2
address-family ipv4 unicast

OSPF is now up on the 2 Cisco CE devices, confirming layer 2 connectivity.

Arista – Segment Routing MPLS EVPN

IS-IS used for the segment routing. 2 Cisco vIOS devices for the CE’s, with OSPF configured on each

https://www.arista.com/en/solutions/mpls-segment-routing

PE1

service routing protocols model multi-agent

hostname pe1
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1

interface Loopback0
ip address 5.5.5.5/32
node-segment ipv4 index 10
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 5.5.5.5
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 rib-in pre-policy retain all
neighbor 9.9.9.9 send-community extended

vlan-aware-bundle customer1
rd 5.5.5.5:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 9.9.9.9 activate

router isis 1
net 49.0000.5555.5555.5555.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P1

service routing protocols model multi-agent

hostname p1
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
node-segment ipv4 index 20
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.6666.6666.6666.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P2

service routing protocols model multi-agent

hostname p2
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
node-segment ipv4 index 30
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.7777.7777.7777.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P3

service routing protocols model multi-agent

hostname p3
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
node-segment ipv4 index 40
isis enable 1

ip routing

mpls ip

router isis 1
net 49.0000.8888.8888.8888.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

PE2

service routing protocols model multi-agent

hostname pe2
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
node-segment ipv4 index 50
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 9.9.9.9
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 rib-in pre-policy retain all
neighbor 5.5.5.5 send-community extended

vlan-aware-bundle customer1
rd 9.9.9.9:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 5.5.5.5 activate

router isis 1
net 49.0000.9999.9999.9999.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

OSPF should now be up between the 2 CE devices.

Arista L3VPN

Another L3VPN and the usual topology. IS-IS in the underlay and BGP between PE’s & CE’s.

vEOS1

hostname veos1
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.1.1.1/30

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1
  
interface Loopback0
ip address 5.5.5.5/32
isis enable 1
  
ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 5.5.5.5:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.1.1.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.5555.5555.5555.00

address-family ipv4 unicast

vEOS2

hostname veos2
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 send-community extended
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended

address-family ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate

address-family vpn-ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.6666.6666.6666.00

address-family ipv4 unicast

vEOS3

hostname veos3
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 route-reflector-client
neighbor 6.6.6.6 send-community extended
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.7777.7777.7777.00

address-family ipv4 unicast

vEOS4

hostname veos4
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
  
address-family ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate

address-family vpn-ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.8888.8888.8888.00

address-family ipv4 unicast

vEOS5

hostname veos5
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.10.10.1/30

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
isis enable 1

ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 9.9.9.9:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.10.10.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.9999.9999.9999.00
!
address-family ipv4 unicast

Cisco vIOS routers used as the CE’s. It doesn’t appear that Arista has the ‘as-override’ command so you will need to use ‘allowas-in’ on the CE’s otherwise routes from the opposing CE will not be imported. This is due to the AS already being in the path and is standard BGP loop protection.

Loopbacks of 11.11.11.11 (ce1) & 12.12.12.12 (ce2) have been configured on the CE’s, redistributed into BGP and visible in the opposing CE’s route table.

Arista VXLAN/EVPN

Spine/leaf topology with OSPF underlay and Spines acting as Route Reflectors

https://www.arista.com/en/um-eos/eos-vxlan-configuration

EVE-NG Import file

Spine1

conf t

interface Ethernet1
no switchport
ip address 1.1.1.1/30
ip ospf area 0.0.0.0

interface Ethernet2
no switchport
ip address 2.2.2.1/30
ip ospf area 0.0.0.0
  
interface Ethernet3
no switchport
ip address 3.3.3.1/30
ip ospf area 0.0.0.0

interface Loopback0
ip address 5.5.5.5/32
ip ospf area 0.0.0.0

ip routing

router bgp 65400
neighbor SPINE peer group
neighbor SPINE remote-as 65400
neighbor SPINE update-source Loopback0
neighbor SPINE route-reflector-client
neighbor SPINE send-community extended
neighbor 7.7.7.7 peer group SPINE
neighbor 8.8.8.8 peer group SPINE
neighbor 9.9.9.9 peer group SPINE

address-family evpn
neighbor SPINE activate

router ospf 1
router-id 5.5.5.5

Spine2

conf t
interface Ethernet1
no switchport
ip address 11.11.11.1/30
ip ospf area 0.0.0.0
 
interface Ethernet2
no switchport
ip address 12.12.12.1/30
ip ospf area 0.0.0.0
  
interface Ethernet3
no switchport
ip address 13.13.13.1/30
ip ospf area 0.0.0.0

interface Loopback0
ip address 6.6.6.6/32
ip ospf area 0.0.0.0

ip routing

router bgp 65400
neighbor SPINE peer group
neighbor SPINE remote-as 65400
neighbor SPINE update-source Loopback0
neighbor SPINE route-reflector-client
neighbor SPINE send-community extended
neighbor 7.7.7.7 peer group SPINE
neighbor 8.8.8.8 peer group SPINE
neighbor 9.9.9.9 peer group SPINE

address-family evpn
neighbor SPINE activate

router ospf 1
router-id 6.6.6.6

Leaf1

conf t
vlan 1234

interface Ethernet1
no switchport
ip address 1.1.1.2/30
ip ospf area 0.0.0.0

interface Ethernet2
no switchport
ip address 11.11.11.2/30
ip ospf area 0.0.0.0
  
interface Ethernet3
switchport access vlan 1234

interface Loopback0
ip address 7.7.7.7/32
ip ospf area 0.0.0.0

interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 1234 vni 1234

ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

vlan 1234
rd 7.7.7.7:1
route-target both 65400:1
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate
    
router ospf 1
router-id 7.7.7.7

Leaf2

conf t
vlan 1234,2468

interface Ethernet1
no switchport
ip address 2.2.2.2/30
ip ospf area 0.0.0.0
    
interface Ethernet2
no switchport
ip address 12.12.12.2/30
ip ospf area 0.0.0.0
    
interface Ethernet3
switchport access vlan 1234
   
interface Ethernet4
switchport access vlan 2468
    
interface Loopback0
ip address 8.8.8.8/32
ip ospf area 0.0.0.0

interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 1234 vni 1234
vxlan vlan 2468 vni 2468
 
ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended
  
vlan 1234
rd 8.8.8.8:1
route-target both 65400:1
redistribute learned
    
vlan 2468
rd 8.8.8.8:2
route-target both 65400:2
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate

router ospf 1
router-id 8.8.8.8

Leaf3

conf t
vlan 2468
    
interface Ethernet1
no switchport
ip address 3.3.3.2/30
ip ospf area 0.0.0.0
    
interface Ethernet2
no switchport
ip address 13.13.13.2/30
ip ospf area 0.0.0.0

interface Ethernet4
switchport access vlan 2468
    
interface Loopback0
ip address 9.9.9.9/32
ip ospf area 0.0.0.0
  
interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 2468 vni 2468
   
ip routing

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

vlan 2468
rd 8.8.8.8:2
route-target both 65400:2
redistribute learned

address-family evpn
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate

address-family ipv4
no neighbor 5.5.5.5 activate
no neighbor 6.6.6.6 activate
    
router ospf 1
router-id 9.9.9.9

Confirm the BGP sessions have been established by running ‘show bgp evpn summary‘. Below output from leaf2.

vPC6 & vPC8 are in VLAN 1234. vPC7 & vPC9 are in VLAN 2468. Configure IP addresses from the same subnet to each vPC in each VLAN and you should have IP connectivity like below.