Category: Others

OcNOS – L3VPN

nick Leave a comment

OcNOS is an open network operating system produced by IP Infusion. A copy of the software to use with EVE-NG or GNS3 can be downloaded from their website (click below).

OcNOS VM

This lab is a simple L3VPN. IS-IS used as the underlay and iBGP between PE1 & PE2. If not familiar with OcNOS, the CLI is very similar to Cisco IOS but with a commit so don’t forget to issue that after you have applied the commands!

Exports_eve-ng_export-20240217-190938Download

PE1

conf t
hostname pe1

ip vrf cust1
rd 5.5.5.5:1
route-target both 65200:1
  
router ldp
inter-area-lsp eth1

interface lo
ip address 5.5.5.5/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.1/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.1.1.1/24

router isis 1
is-type level-2-only
net 49.0000.1111.1111.1111.00

router bgp 65200
neighbor 9.9.9.9 remote-as 65200
neighbor 9.9.9.9 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 9.9.9.9 activate
exit-address-family

address-family vpnv4 unicast
neighbor 9.9.9.9 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.1.1.100 remote-as 65222
neighbor 10.1.1.100 activate
neighbor 10.1.1.100 as-override
exit-address-family

P1

conf t
hostname p1
  
router ldp
inter-area-lsp eth1
  
interface lo
ip address 6.6.6.6/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 2.2.2.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.2222.2222.2222.00

P2

conf t
hostname p2

router ldp

interface lo
ip address 7.7.7.7/32 secondary
ip router isis 1
  
interface eth1
ip address 2.2.2.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 3.3.3.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.7777.7777.7777.00

P3

conf t
hostname p3

router ldp
  
interface lo
ip address 8.8.8.8/32 secondary
ip router isis 1

interface eth1
ip address 3.3.3.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 4.4.4.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.8888.8888.8888.00

PE2

conf t
hostname pe2

ip vrf cust1
rd 9.9.9.9:1
route-target both 65200:1

router ldp
inter-area-lsp eth1

hostname pe2

interface lo
ip address 9.9.9.9/32 secondary
ip router isis 1

interface eth1
ip address 4.4.4.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.10.10.1/24
  
router isis 1
is-type level-2-only
net 49.0000.9999.9999.9999.00

router bgp 65200
neighbor 5.5.5.5 remote-as 65200
neighbor 5.5.5.5 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 5.5.5.5 activate
exit-address-family

address-family vpnv4 unicast
neighbor 5.5.5.5 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.10.10.100 remote-as 65222
neighbor 10.10.10.100 activate
neighbor 10.10.10.100 as-override
exit-address-family

BGP is configured between the CE (Cisco vIOS) & PE devices and loopbacks have been configured on the CE’s with addresses of 22.22.22.22 & 33.33.33.33 respectively. These are being redistributed into BGP and you should now see the opposing loopback in the route table.

Aruba VXLAN/EVPN

nick Leave a comment

Another VXLAN/EVPN lab but this time from Aruba. Usual spine/leaf topology and OSPF used as underlay because IS-IS is not supported by the CX image.

Exports_eve-ng_export-20240213-184750Download

Spine1

conf t
hostname spine1

interface 1/1/1
no shutdown
ip address 1.1.1.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 2.2.2.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 3.3.3.1/30
ip ospf 1 area 0.0.0.0

interface loopback 0
ip address 5.5.5.5/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 5.5.5.5
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Spine2

conf t
hostname spine2

interface 1/1/1
no shutdown
ip address 11.11.11.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 13.13.13.1/30
ip ospf 1 area 0.0.0.0
 
interface loopback 0
ip address 6.6.6.6/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 6.6.6.6
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Leaf1

conf t
hostname leaf1

vlan  77
evpn
vlan 77
rd 7.7.7.7:1
route-target export 65400:1
route-target import 65400:1

interface 1/1/1
no shutdown
ip address 1.1.1.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 11.11.11.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface loopback 0
ip address 7.7.7.7/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 7.7.7.7
no shutdown
vni 77
vlan 77

router ospf 1
router-id 7.7.7.7
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf2

conf t
hostname leaf2

vlan 144
evpn
vlan 144
rd 8.8.8.8:1
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 2.2.2.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 8.8.8.8/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 8.8.8.8
no shutdown
vni 144
vlan 144

router ospf 1
router-id 8.8.8.8
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf3

hostname leaf3

vlan 77,144
evpn
vlan 77
rd 9.9.9.9:1
route-target export 65400:1
route-target import 65400:1
vlan 144
rd 9.9.9.9:2
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 3.3.3.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 13.13.13.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 9.9.9.9/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 9.9.9.9
no shutdown
vni 77
vlan 77
vni 144
vlan 144

router ospf 1
router-id 9.9.9.9
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

vPC6 & vPC8 are in VLAN 77. vPC7 & vPC9 are in VLAN 144. Apply IP addresses from the same subnet on each device in each VLAN and happy days!