Others Archives - Lab-It-Up

OcNOS – L3VPN

17 February 202413 February 2026 nick Leave a comment

OcNOS is an open network operating system produced by IP Infusion. A copy of the software to use with EVE-NG or GNS3 can be downloaded from their website (click below).

OcNOS VM

This lab is a simple L3VPN. IS-IS used as the underlay and iBGP between PE1 & PE2. If not familiar with OcNOS, the CLI is very similar to Cisco IOS but with a commit so don’t forget to issue that after you have applied the commands!

Exports_eve-ng_export-20240217-190938 Download

PE1

conf t
hostname pe1

ip vrf cust1
rd 5.5.5.5:1
route-target both 65200:1
  
router ldp
inter-area-lsp eth1

interface lo
ip address 5.5.5.5/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.1/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.1.1.1/24

router isis 1
is-type level-2-only
net 49.0000.1111.1111.1111.00

router bgp 65200
neighbor 9.9.9.9 remote-as 65200
neighbor 9.9.9.9 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 9.9.9.9 activate
exit-address-family

address-family vpnv4 unicast
neighbor 9.9.9.9 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.1.1.100 remote-as 65222
neighbor 10.1.1.100 activate
neighbor 10.1.1.100 as-override
exit-address-family

conf t
hostname p1
  
router ldp
inter-area-lsp eth1
  
interface lo
ip address 6.6.6.6/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 2.2.2.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.2222.2222.2222.00

conf t
hostname p2

router ldp

interface lo
ip address 7.7.7.7/32 secondary
ip router isis 1
  
interface eth1
ip address 2.2.2.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 3.3.3.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.7777.7777.7777.00

conf t
hostname p3

router ldp
  
interface lo
ip address 8.8.8.8/32 secondary
ip router isis 1

interface eth1
ip address 3.3.3.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 4.4.4.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.8888.8888.8888.00

PE2

conf t
hostname pe2

ip vrf cust1
rd 9.9.9.9:1
route-target both 65200:1

router ldp
inter-area-lsp eth1

hostname pe2

interface lo
ip address 9.9.9.9/32 secondary
ip router isis 1

interface eth1
ip address 4.4.4.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.10.10.1/24
  
router isis 1
is-type level-2-only
net 49.0000.9999.9999.9999.00

router bgp 65200
neighbor 5.5.5.5 remote-as 65200
neighbor 5.5.5.5 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 5.5.5.5 activate
exit-address-family

address-family vpnv4 unicast
neighbor 5.5.5.5 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.10.10.100 remote-as 65222
neighbor 10.10.10.100 activate
neighbor 10.10.10.100 as-override
exit-address-family

BGP is configured between the CE (Cisco vIOS) & PE devices and loopbacks have been configured on the CE’s with addresses of 22.22.22.22 & 33.33.33.33 respectively. These are being redistributed into BGP and you should now see the opposing loopback in the route table.

Aruba VXLAN/EVPN

13 February 202413 February 2026 nick Leave a comment

Another VXLAN/EVPN lab but this time from Aruba. Usual spine/leaf topology and OSPF used as underlay because IS-IS is not supported by the CX image.

Exports_eve-ng_export-20240213-184750 Download

Spine1

conf t
hostname spine1

interface 1/1/1
no shutdown
ip address 1.1.1.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 2.2.2.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 3.3.3.1/30
ip ospf 1 area 0.0.0.0

interface loopback 0
ip address 5.5.5.5/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 5.5.5.5
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Spine2

conf t
hostname spine2

interface 1/1/1
no shutdown
ip address 11.11.11.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 13.13.13.1/30
ip ospf 1 area 0.0.0.0
 
interface loopback 0
ip address 6.6.6.6/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 6.6.6.6
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Leaf1

conf t
hostname leaf1

vlan  77
evpn
vlan 77
rd 7.7.7.7:1
route-target export 65400:1
route-target import 65400:1

interface 1/1/1
no shutdown
ip address 1.1.1.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 11.11.11.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface loopback 0
ip address 7.7.7.7/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 7.7.7.7
no shutdown
vni 77
vlan 77

router ospf 1
router-id 7.7.7.7
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf2

conf t
hostname leaf2

vlan 144
evpn
vlan 144
rd 8.8.8.8:1
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 2.2.2.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 8.8.8.8/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 8.8.8.8
no shutdown
vni 144
vlan 144

router ospf 1
router-id 8.8.8.8
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf3

hostname leaf3

vlan 77,144
evpn
vlan 77
rd 9.9.9.9:1
route-target export 65400:1
route-target import 65400:1
vlan 144
rd 9.9.9.9:2
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 3.3.3.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 13.13.13.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 9.9.9.9/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 9.9.9.9
no shutdown
vni 77
vlan 77
vni 144
vlan 144

router ospf 1
router-id 9.9.9.9
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

vPC6 & vPC8 are in VLAN 77. vPC7 & vPC9 are in VLAN 144. Apply IP addresses from the same subnet on each device in each VLAN and happy days!

Extreme VOSS SPBm

4 February 202413 February 2026 nick Leave a comment

SPBm is a layer 2 technology that utilises IS-IS to form adjacencies between devices and share MAC address information. More detailed information can be found in link below

https://documentation.extremenetworks.com/FABRICENGINE/SW/88/FabricEngineUserGuide/GUID-1BC71501-66E0-4458-807F-CB320C884AD4.shtml

Images are available to download from GitHub. Please use 8.10 as earlier images are control plane only. Also, please note the interfaces to not map correctly on EVE-NG ie Gig1/2 in image is actually Gig1/1, Gig1/3 is Gig1/2 etc

https://github.com/extremenetworks/Virtual_VOSS

Here we have a typical spine/leaf topology. Once all configured, vPC6 will be able to ping vPC8 and vPC7 will be able to ping vPC9. This will be achieved by using I-SIDs, which are basically service identifiers. These are assigned to VLANs and advertised by IS-IS to create a layer 2 segment between devices.

EVE-NG Import

Exports_eve-ng_export-20240204-210057 Download

Spine1

spbm

router isis
spbm 1
spbm 1 nick-name 1.00.84
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable

vlan members remove 1 1/1-1/3
vlan create 4051 type spbm-bvlan
vlan create 4052 type spbm-bvlan

interface loopback 1
ip address 1 10.1.1.1/255.255.255.255
router isis
sys-name "spine1"
ip-source-address 10.1.1.1
is-type l1
manual-area 49.0000
exit
router isis enable
cfm spbm enable

interface GigabitEthernet 1/1
encapsulation dot1q
interface GigabitEthernet 1/2
encapsulation dot1q
interface GigabitEthernet 1/3
encapsulation dot1q

interface GigabitEthernet 1/1
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/2
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/3
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable

Spine2

spbm

router isis
spbm 1
spbm 1 nick-name 2.00.84
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable

vlan members remove 1 1/1-1/3
vlan create 4051 type spbm-bvlan
vlan create 4052 type spbm-bvlan

interface loopback 1
ip address 1 10.1.1.2/255.255.255.255
router isis
sys-name "spine2"
ip-source-address 10.1.1.2
is-type l1
manual-area 49.0000
exit
router isis enable
cfm spbm enable

interface GigabitEthernet 1/1
encapsulation dot1q
interface GigabitEthernet 1/2
encapsulation dot1q
interface GigabitEthernet 1/3
encapsulation dot1q

interface GigabitEthernet 1/1
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/2
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/3
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
y
no spanning-tree mstp msti 62 force-port-state enable

Leaf3

spbm

spbm 1
spbm 1 nick-name 3.00.84
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable

vlan members remove 1 1/1-1/3
vlan create 78 type port-mstprstp 0
vlan members 78 1/3 portmember
vlan i-sid 78 780001
vlan create 4051 type spbm-bvlan
vlan create 4052 type spbm-bvlan

interface loopback 1
ip address 1 10.2.1.1/255.255.255.255
router isis
sys-name "leaf3"
ip-source-address 10.2.1.1
is-type l1
manual-area 49.0000
exit
router isis enable
cfm spbm enable

interface GigabitEthernet 1/1
encapsulation dot1q
interface GigabitEthernet 1/2
encapsulation dot1q

interface GigabitEthernet 1/1
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/2
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/3
no shutdown

Leaf4

spbm

spbm 1
spbm 1 nick-name 4.00.84
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable

vlan members remove 1 1/1-1/4
vlan create 24 type port-mstprstp 0
vlan members 24 1/4 portmember
vlan i-sid 24 240001
vlan create 78 type port-mstprstp 0
vlan members 78 1/3 portmember
vlan i-sid 78 780001
vlan create 4051 type spbm-bvlan
vlan create 4052 type spbm-bvlan


interface loopback 1
ip address 1 10.2.1.2/255.255.255.255
router isis
sys-name "leaf4"
ip-source-address 10.2.1.2
is-type l1
manual-area 49.0000
exit
router isis enable
cfm spbm enable

interface GigabitEthernet 1/1
encapsulation dot1q
interface GigabitEthernet 1/2
encapsulation dot1q

interface GigabitEthernet 1/1
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/2
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/3
no shutdown
interface GigabitEthernet 1/4
no shutdown

Leaf5

spbm

router isis
spbm 1
spbm 1 nick-name 5.00.84
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable

vlan members remove 1 1/1-1/2,1/4
vlan create 24 type port-mstprstp 0
vlan members 24 1/4 portmember
vlan i-sid 24 240001
vlan create 4051 type spbm-bvlan
vlan create 4052 type spbm-bvlan


interface loopback 1
ip address 1 10.2.1.3/255.255.255.255
router isis
sys-name "leaf5"
ip-source-address 10.2.1.3
is-type l1
manual-area 49.0000
exit
router isis enable
cfm spbm enable

interface GigabitEthernet 1/1
encapsulation dot1q
interface GigabitEthernet 1/2
encapsulation dot1q

interface GigabitEthernet 1/1
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/2
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
interface GigabitEthernet 1/4
no shutdown

IS-IS adjacencies will now be up and the leafs advertising the respective I-SIDs. Configure IP addresses within the same subnet on the respective vPCs and you will have IP connectivity like below.