AutoVPN DG: Add EVPN/VXLAN to EVPN/MPLS L2 and L3 GW for inter-DC communication

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER1.cfg

@@ -1,5 +1,3 @@
-! Command: show running-config
-! device: DC1-BORDER1 (cEOSLab, EOS-4.32.2F-38195967.4322F (engineering build))
 !
 no aaa root
 !
@@ -62,10 +60,17 @@ interface Ethernet1
 interface Ethernet2
    description DCI-MPLS
    no switchport
+   ip address unnumbered Loopback0
+   isis enable 100
+   isis circuit-type level-2
+   isis network point-to-point
 !
 interface Loopback0
    description Globally Unique Address
    ip address 10.0.1.4/32
+   node-segment ipv4 index 14
+   isis enable 100
+   isis circuit-type level-2
 !
 interface Loopback1
    description Shared VTEP IP
@@ -106,6 +111,10 @@ ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
+ip prefix-list PL-GW-PEER-LOOPS
+   seq 10 permit 10.0.1.4/32
+   seq 20 permit 10.0.1.5/32
+!
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
    seq 20 permit 10.1.0.0/16 eq 32
@@ -117,6 +126,8 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
+mpls ip
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS
 !
@@ -130,6 +141,7 @@ router bgp 65102
    graceful-restart restart-time 300
    graceful-restart
    maximum-paths 4
+   bgp bestpath d-path
    neighbor default send-community
    neighbor IPv4-UNDERLAY-PEERS peer group
    neighbor IPv4-UNDERLAY-PEERS remote-as 65100
@@ -139,13 +151,20 @@ router bgp 65102
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
    neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor REMOTE-BACKBONE-PEERS peer group
+   neighbor REMOTE-BACKBONE-PEERS remote-as 65500
+   neighbor REMOTE-BACKBONE-PEERS local-as 65500 no-prepend replace-as
+   neighbor REMOTE-BACKBONE-PEERS update-source Loopback0
+   neighbor REMOTE-BACKBONE-PEERS bfd
+   neighbor 10.0.0.99 peer group REMOTE-BACKBONE-PEERS
    neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
    neighbor 172.20.1.6 peer group IPv4-UNDERLAY-PEERS
    redistribute connected route-map RM-CONN-2-BGP
    !
    vlan 10
-      rd 10.0.1.4:10010
-      route-target both 10010:10010
+      rd evpn domain all 10.0.1.4:10010
+      route-target import evpn domain all 10010:10010
+      route-target export evpn domain all 10010:10010
       redistribute learned
    !
    vlan 20
@@ -160,7 +179,24 @@ router bgp 65102
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor REMOTE-BACKBONE-PEERS activate
+      neighbor REMOTE-BACKBONE-PEERS rcf in AS65500_EVPN_IN()
+      neighbor REMOTE-BACKBONE-PEERS encapsulation mpls next-hop-self source-interface Loopback0
+      neighbor REMOTE-BACKBONE-PEERS domain remote
+      domain identifier 1:1
+      domain identifier 2:2 remote
       route import match-failure action discard
+      neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain
+      layer-2 fec in-place update
+      !
+      evpn ethernet-segment domain local
+         identifier 0011:1111:1111:1111:aaaa
+         route-target import 11:11:11:11:11:aa
+      !
+      evpn ethernet-segment domain remote
+         identifier 0011:1111:1111:1111:bbbb
+         route-target import 11:11:11:11:11:bb
    !
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
@@ -175,6 +211,51 @@ router bgp 65102
       route-target import evpn 51:51
       route-target export evpn 51:51
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      function IS_IMET_ROUTE() {
+         return evpn.route_type is EVPN_IMET;
+      }
+      function FROM_EVPN_GW_PEER() {
+         return next_hop match prefix_list_v4 PL-GW-PEER-LOOPS;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      function AS65500_EVPN_IN() {
+         if IS_IMET_ROUTE() and FROM_EVPN_GW_PEER() {
+            return false;
+         }
+       return true;
+      }
+      #
+      EOF
+!
+router isis 100
+   net 49.1111.0000.0001.0004.00
+   is-type level-2
+   !
+   address-family ipv4 unicast
+   !
+   segment-routing mpls
+      no shutdown
+!
 router multicast
    ipv4
       software-forwarding kernel
@@ -186,4 +267,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-BORDER2.cfg

@@ -1,5 +1,3 @@
-! Command: show running-config
-! device: DC1-BORDER2 (cEOSLab, EOS-4.32.2F-38195967.4322F (engineering build))
 !
 no aaa root
 !
@@ -62,10 +60,17 @@ interface Ethernet1
 interface Ethernet2
    description DCI-MPLS
    no switchport
+   ip address unnumbered Loopback0
+   isis enable 100
+   isis circuit-type level-2
+   isis network point-to-point
 !
 interface Loopback0
    description Globally Unique Address
    ip address 10.0.1.5/32
+   node-segment ipv4 index 15
+   isis enable 100
+   isis circuit-type level-2
 !
 interface Loopback1
    description Shared VTEP IP
@@ -106,6 +111,10 @@ ip routing vrf DEV
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
+ip prefix-list PL-GW-PEER-LOOPS
+   seq 10 permit 10.0.1.4/32
+   seq 20 permit 10.0.1.5/32
+!
 ip prefix-list PL-LOOPBACKS
    seq 10 permit 10.0.0.0/16 eq 32
    seq 20 permit 10.1.0.0/16 eq 32
@@ -117,6 +126,8 @@ ip route vrf MGMT 0.0.0.0/0 172.100.100.1
 !
 arp aging timeout default 1500
 !
+mpls ip
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS
 !
@@ -130,6 +141,7 @@ router bgp 65103
    graceful-restart restart-time 300
    graceful-restart
    maximum-paths 4
+   bgp bestpath d-path
    neighbor default send-community
    neighbor IPv4-UNDERLAY-PEERS peer group
    neighbor IPv4-UNDERLAY-PEERS remote-as 65100
@@ -139,13 +151,20 @@ router bgp 65103
    neighbor LOCAL-EVPN-PEERS update-source Loopback0
    neighbor LOCAL-EVPN-PEERS ebgp-multihop 3
    neighbor LOCAL-EVPN-PEERS password 7 WzKnNSduqwPYvUePYIh40g==
+   neighbor REMOTE-BACKBONE-PEERS peer group
+   neighbor REMOTE-BACKBONE-PEERS remote-as 65500
+   neighbor REMOTE-BACKBONE-PEERS local-as 65500 no-prepend replace-as
+   neighbor REMOTE-BACKBONE-PEERS update-source Loopback0
+   neighbor REMOTE-BACKBONE-PEERS bfd
+   neighbor 10.0.0.99 peer group REMOTE-BACKBONE-PEERS
    neighbor 10.0.1.201 peer group LOCAL-EVPN-PEERS
    neighbor 172.20.1.8 peer group IPv4-UNDERLAY-PEERS
    redistribute connected route-map RM-CONN-2-BGP
    !
    vlan 10
-      rd 10.0.1.5:10010
-      route-target both 10010:10010
+      rd evpn domain all 10.0.1.5:10010
+      route-target import evpn domain all 10010:10010
+      route-target export evpn domain all 10010:10010
       redistribute learned
    !
    vlan 20
@@ -155,7 +174,24 @@ router bgp 65103
    !
    address-family evpn
       neighbor LOCAL-EVPN-PEERS activate
+      neighbor LOCAL-EVPN-PEERS encapsulation vxlan
+      neighbor REMOTE-BACKBONE-PEERS activate
+      neighbor REMOTE-BACKBONE-PEERS rcf in AS65500_EVPN_IN()
+      neighbor REMOTE-BACKBONE-PEERS encapsulation mpls next-hop-self source-interface Loopback0
+      neighbor REMOTE-BACKBONE-PEERS domain remote
+      domain identifier 1:1
+      domain identifier 2:2 remote
       route import match-failure action discard
+      neighbor default next-hop-self received-evpn-routes route-type ip-prefix inter-domain
+      layer-2 fec in-place update
+      !
+      evpn ethernet-segment domain local
+         identifier 0011:1111:1111:1111:aaaa
+         route-target import 11:11:11:11:11:aa
+      !
+      evpn ethernet-segment domain remote
+         identifier 0011:1111:1111:1111:bbbb
+         route-target import 11:11:11:11:11:bb
    !
    address-family ipv4
       neighbor IPv4-UNDERLAY-PEERS activate
@@ -170,6 +206,51 @@ router bgp 65103
       route-target import evpn 51:51
       route-target export evpn 51:51
 !
+router general
+   control-functions
+      code
+      ##############################
+      ##### Reusable Functions #####
+      ##############################
+      function IS_LOOPBACK() {
+         return prefix match prefix_list_v4 PL-LOOPBACKS;
+      }
+      function IS_UNDERLAY() {
+         return prefix match prefix_list_v4 PL-P2P-UNDERLAY;
+      }
+      function IS_IMET_ROUTE() {
+         return evpn.route_type is EVPN_IMET;
+      }
+      function FROM_EVPN_GW_PEER() {
+         return next_hop match prefix_list_v4 PL-GW-PEER-LOOPS;
+      }
+      ##############################
+      ##### Main Functions     #####
+      ##############################
+      function CONN_2_BGP() {
+         if IS_LOOPBACK() or IS_UNDERLAY() {
+            return true;
+         }
+       return false;
+      }
+      function AS65500_EVPN_IN() {
+         if IS_IMET_ROUTE() and FROM_EVPN_GW_PEER() {
+            return false;
+         }
+       return true;
+      }
+      #
+      EOF
+!
+router isis 100
+   net 49.1111.0000.0001.0005.00
+   is-type level-2
+   !
+   address-family ipv4 unicast
+   !
+   segment-routing mpls
+      no shutdown
+!
 router multicast
    ipv4
       software-forwarding kernel
@@ -181,4 +262,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end

tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-LEAF.cfg

@@ -1,5 +1,3 @@
-! Command: show running-config
-! device: DC1-LEAF (cEOSLab, EOS-4.32.2F-38195967.4322F (engineering build))
 !
 no aaa root
 !
@@ -202,4 +200,4 @@ management ssh
    vrf MGMT
       no shutdown
 !
-end
+end