add more slides and some clab fixes

containers/clab-build-containerlab-with-ceos/.devcontainer/addAliases.sh

@@ -3,9 +3,9 @@
 set +e
 
 
-echo "alias s01='sshpass -p arista ssh -o \"StrictHostKeyChecking no\" arista@10.0.1.1'" >> ~/.zshrc
-echo "alias s02='sshpass -p arista ssh -o \"StrictHostKeyChecking no\" arista@10.0.1.2'" >> ~/.zshrc
-echo "alias l01='sshpass -p arista ssh -o \"StrictHostKeyChecking no\" arista@10.0.2.1'" >> ~/.zshrc
-echo "alias l02='sshpass -p arista ssh -o \"StrictHostKeyChecking no\" arista@10.0.2.2'" >> ~/.zshrc
+echo "alias s01='sshpass -p admin ssh -o \"StrictHostKeyChecking no\" admin@10.0.1.1'" >> ~/.zshrc
+echo "alias s02='sshpass -p admin ssh -o \"StrictHostKeyChecking no\" admin@10.0.1.2'" >> ~/.zshrc
+echo "alias l01='sshpass -p admin ssh -o \"StrictHostKeyChecking no\" admin@10.0.2.1'" >> ~/.zshrc
+echo "alias l02='sshpass -p admin ssh -o \"StrictHostKeyChecking no\" admin@10.0.2.2'" >> ~/.zshrc
 
-echo "alias h01='sshpass -p arista ssh -o \"StrictHostKeyChecking no\" arista@10.0.3.1'" >> ~/.zshrc
+echo "alias h01='sshpass -p admin ssh -o \"StrictHostKeyChecking no\" admin@10.0.3.1'" >> ~/.zshrc

demos/clab-build-containerlab-with-ceos/clab/init-configs/h01.cfg

@@ -1,20 +1,33 @@
-hostname s01
 !
 no aaa root
 !
-username arista privilege 15 role network-admin secret arista
+username admin privilege 15 role network-admin secret admin
 !
-vrf instance MGMT
+alias test
+   10 echo "#####################################################"
+   11 echo "# testing default GW connectivity"
+   12 echo "#####################################################"
+   13 echo ""
+   14 ping 10.100.100.1
+   15 echo ""
+   20 echo "#####################################################"
+   21 echo "# try ping to VLAN100"
+   22 echo "#####################################################"
+   23 echo ""
+   24 ping 10.100.100.101
+!
+service routing protocols model multi-agent
 !
+hostname h01
 ip name-server vrf MGMT 8.8.8.8
 dns domain avd.lab
 !
-ntp local-interface vrf MGMT Management0
-ntp server vrf MGMT time.apple.com
-ntp server vrf MGMT time.google.com
-ntp server vrf MGMT time.windows.com
+platform tfa
+   personality arfa
 !
-service routing protocols model multi-agent
+vlan 100
+!
+vrf instance MGMT
 !
 management api http-commands
    protocol https
@@ -25,12 +38,32 @@ management api http-commands
 !
 aaa authorization exec default local
 !
-interface Management0
+interface Port-Channel1
+   switchport trunk allowed vlan 100
+   switchport mode trunk
+!
+interface Ethernet1
+   channel-group 1 mode active
+!
+interface Ethernet2
+   channel-group 1 mode active
+!
+interface Management1
    vrf MGMT
-      ip address 10.0.1.1/16
+   ip address 10.0.3.1/16
+!
+interface Vlan100
+   ip address 10.100.100.101/24
+!
+ip routing
+no ip routing vrf MGMT
 !
+ip route 0.0.0.0/0 10.100.100.1
 ip route vrf MGMT 0.0.0.0/0 10.0.0.1
 !
-ip name-server vrf MGMT 8.8.8.8
+ntp local-interface vrf MGMT Management1
+ntp server vrf MGMT time.apple.com
+ntp server vrf MGMT time.google.com
+ntp server vrf MGMT time.windows.com
 !
 end

demos/clab-build-containerlab-with-ceos/clab/init-configs/l01.cfg

@@ -1,36 +1,245 @@
-hostname l01
+!RANCID-CONTENT-TYPE: arista
 !
-no aaa root
+vlan internal order ascending range 1006 1199
 !
-username arista privilege 15 role network-admin secret arista
+transceiver qsfp default-mode 4x10G
 !
-vrf instance MGMT
+service routing protocols model multi-agent
 !
+hostname l01
 ip name-server vrf MGMT 8.8.8.8
 dns domain avd.lab
 !
-ntp local-interface vrf MGMT Management0
+ntp local-interface vrf MGMT Management1
 ntp server vrf MGMT time.apple.com
 ntp server vrf MGMT time.google.com
 ntp server vrf MGMT time.windows.com
 !
-service routing protocols model multi-agent
+spanning-tree mode mstp
+no spanning-tree vlan-id 4093-4094
+spanning-tree mst 0 priority 16384
 !
-management api http-commands
-   protocol https
+aaa authorization exec default local
+!
+no enable password
+no aaa root
+!
+username admin privilege 15 role network-admin secret sha512 $6$1$NqV/CQk9bwcfK8AYBz51mI.U0xCaSI/DWePCaRi/sawWnu93yyOXYeS8Y615dK0OUZSb/3O3YUJLVyjGqifXD1
+!
+vlan 100
+   name VLAN101
+!
+vlan 3000
+   name MLAG_iBGP_VRF1
+   trunk group LEAF_PEER_L3
+!
+vlan 4093
+   name LEAF_PEER_L3
+   trunk group LEAF_PEER_L3
+!
+vlan 4094
+   name MLAG_PEER
+   trunk group MLAG
+!
+vrf instance MGMT
+!
+vrf instance VRF1
+!
+interface Port-Channel31
+   description MLAG_PEER_l02_Po31
    no shutdown
-   !
-   vrf MGMT
-      no shutdown
+   switchport
+   switchport mode trunk
+   switchport trunk group LEAF_PEER_L3
+   switchport trunk group MLAG
 !
-aaa authorization exec default local
+interface Port-Channel101
+   description h01
+   no shutdown
+   switchport
+   switchport trunk allowed vlan 100
+   switchport mode trunk
+   mlag 101
+!
+interface Ethernet1/1
+   description P2P_LINK_TO_S01_Ethernet1/1
+   no shutdown
+   mtu 9214
+   no switchport
+   ip address 100.65.0.1/31
 !
-interface Management0
+interface Ethernet2/1
+   description P2P_LINK_TO_S02_Ethernet1/1
+   no shutdown
+   mtu 9214
+   no switchport
+   ip address 100.65.0.3/31
+!
+interface Ethernet3/1
+   description MLAG_PEER_l02_Ethernet3/1
+   no shutdown
+   channel-group 31 mode active
+!
+interface Ethernet4/1
+   description MLAG_PEER_l02_Ethernet4/1
+   no shutdown
+   channel-group 31 mode active
+!
+interface Ethernet10/1
+   description h01
+   no shutdown
+   channel-group 101 mode active
+!
+interface Loopback0
+   description EVPN_Overlay_Peering
+   no shutdown
+   ip address 100.65.255.3/32
+!
+interface Loopback1
+   description VTEP_VXLAN_Tunnel_Source
+   no shutdown
+   ip address 100.65.254.3/32
+!
+interface Loopback101
+   description VRF1_VTEP_DIAGNOSTICS
+   no shutdown
+   vrf VRF1
+   ip address 100.64.101.3/32
+!
+interface Management1
+   description oob_management
+   no shutdown
    vrf MGMT
-      ip address 10.0.2.1/16
+   ip address 10.0.2.1/16
+!
+interface Vlan100
+   description VLAN101
+   no shutdown
+   vrf VRF1
+   ip address virtual 10.100.100.1/24
+!
+interface Vlan3000
+   description MLAG_PEER_L3_iBGP: vrf VRF1
+   no shutdown
+   mtu 9214
+   vrf VRF1
+   ip address 100.65.2.0/31
+!
+interface Vlan4093
+   description MLAG_PEER_L3_PEERING
+   no shutdown
+   mtu 9214
+   ip address 100.65.2.0/31
+!
+interface Vlan4094
+   description MLAG_PEER
+   no shutdown
+   mtu 9214
+   no autostate
+   ip address 100.65.1.0/31
+!
+interface Vxlan1
+   description l01_VTEP
+   vxlan source-interface Loopback1
+   vxlan virtual-router encapsulation mac-address mlag-system-id
+   vxlan udp-port 4789
+   vxlan vlan 100 vni 10100
+   vxlan vrf VRF1 vni 1
+!
+ip virtual-router mac-address 00:1c:73:00:dc:01
+!
+ip address virtual source-nat vrf VRF1 address 100.64.101.3
+!
+ip routing
+no ip routing vrf MGMT
+ip routing vrf VRF1
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 100.65.255.0/24 eq 32
+   seq 20 permit 100.65.254.0/24 eq 32
+!
+mlag configuration
+   domain-id pod0
+   local-interface Vlan4094
+   peer-address 100.65.1.1
+   peer-link Port-Channel31
+   reload-delay mlag 300
+   reload-delay non-mlag 330
 !
 ip route vrf MGMT 0.0.0.0/0 10.0.0.1
 !
-ip name-server vrf MGMT 8.8.8.8
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
+route-map RM-MLAG-PEER-IN permit 10
+   description Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing
+   set origin incomplete
+!
+router bfd
+   multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 65101
+   router-id 100.65.255.3
+   maximum-paths 4 ecmp 4
+   no bgp default ipv4-unicast
+   neighbor EVPN-OVERLAY-PEERS peer group
+   neighbor EVPN-OVERLAY-PEERS update-source Loopback0
+   neighbor EVPN-OVERLAY-PEERS bfd
+   neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3
+   neighbor EVPN-OVERLAY-PEERS send-community
+   neighbor EVPN-OVERLAY-PEERS maximum-routes 0
+   neighbor IPv4-UNDERLAY-PEERS peer group
+   neighbor IPv4-UNDERLAY-PEERS send-community
+   neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
+   neighbor MLAG-IPv4-UNDERLAY-PEER peer group
+   neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65101
+   neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
+   neighbor MLAG-IPv4-UNDERLAY-PEER description l02
+   neighbor MLAG-IPv4-UNDERLAY-PEER send-community
+   neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000
+   neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
+   neighbor 100.64.255.1 peer group EVPN-OVERLAY-PEERS
+   neighbor 100.64.255.1 remote-as 65100
+   neighbor 100.64.255.1 description s01
+   neighbor 100.64.255.2 peer group EVPN-OVERLAY-PEERS
+   neighbor 100.64.255.2 remote-as 65100
+   neighbor 100.64.255.2 description s02
+   neighbor 100.65.0.0 peer group IPv4-UNDERLAY-PEERS
+   neighbor 100.65.0.0 remote-as 65100
+   neighbor 100.65.0.0 description s01_Ethernet1/1
+   neighbor 100.65.0.2 peer group IPv4-UNDERLAY-PEERS
+   neighbor 100.65.0.2 remote-as 65100
+   neighbor 100.65.0.2 description s02_Ethernet1/1
+   neighbor 100.65.2.1 peer group MLAG-IPv4-UNDERLAY-PEER
+   neighbor 100.65.2.1 description l02
+   redistribute connected route-map RM-CONN-2-BGP
+   !
+   vlan 100
+      rd 100.65.255.3:10100
+      route-target both 10100:10100
+      redistribute learned
+   !
+   address-family evpn
+      neighbor EVPN-OVERLAY-PEERS activate
+   !
+   address-family ipv4
+      no neighbor EVPN-OVERLAY-PEERS activate
+      neighbor IPv4-UNDERLAY-PEERS activate
+      neighbor MLAG-IPv4-UNDERLAY-PEER activate
+   !
+   vrf VRF1
+      rd 100.65.255.3:1
+      route-target import evpn 1:1
+      route-target export evpn 1:1
+      router-id 100.65.255.3
+      neighbor 100.65.2.1 peer group MLAG-IPv4-UNDERLAY-PEER
+      redistribute connected
+!
+management api http-commands
+   protocol https
+   no shutdown
+   !
+   vrf MGMT
+      no shutdown
 !
-end
+end