最終的な構成
以下のような構成になるのかなと考えました。本記事ではこの構成解説と検証設定をご紹介します。
検証の背景
EVPN/VXLAN学習中に「そういえばエンプラコア側のIP ClosライクでないClassic Ethernetとの接続ってどうなるんだろう...?と思ったのがきっかけです。Overlay側のVRFで繋ぐべきなのか、Underlayで繋いで一旦トラフィックを下ろしてくるような構成とすべきなのか分からず、ドキュメントやベストプラクティス調査も兼ねて検証してみることにしました。
検証環境
Cisco Modeling Labs 2.7.0+build.4
- NX-OS 9000 version 10.4(2)
- IOSv 15.9(3) M8
- Alpine Desktop 3.19.1 XFCE
EVPN/VXLANドメイン構成機器は全てNexus9000vを使ってます。エンプラコア側はEVPN/VXLANドメイン接続用のBGPとエンプラコア同士での経路交換用にOSPFを動かせる位で大丈夫なので要求リソース少な目のIOSvを使ってます。
そもそもEVPN/VXLANってなに?
EVPN/VXLANの基礎記事作成予定
対外接続構成の検討
以下のCisco Technical Notesを発見しました。
Nexus 9000でのVXLAN VRFリークの設定と確認
VXLAN(Virtual Extensible LAN)環境では、VXLANホストをファブリックから外部ホストに接続するために、VRFリークとボーダーリーフデバイスを使用する必要があります。
VRFリークは、ネットワークのセグメント化とセキュリティを維持しながら、VXLANホストと外部ホスト間の通信を可能にするために不可欠です。
本記事ではOverlay VRFで保有しているEVPN/VXLAN経路をdefault VRFへリークする構成が紹介されていました。
VRFリーク構成のメリットとして以下が挙げられています。
- 外部ネットワークとの相互接続: VRFリークにより、ファブリック内のVXLANホストがファブリック外の外部ホストと通信できます。これにより、外部ネットワーク(インターネットや他のデータセンターなど)でホストされるリソース、サービス、アプリケーションへのアクセスが可能になります。
- ネットワークのセグメント化と分離: VRFリークにより、VXLANファブリック内でネットワークのセグメント化と分離が維持され、外部ネットワークとの選択的な通信が可能になります。これにより、VXLANホストはVRF割り当てに基づいて互いに分離された状態を維持しながら、必要に応じて外部リソースにアクセスできます。
- ポリシーの適用: VRFリークにより、管理者はネットワークポリシーを適用し、VXLANホストと外部ホスト間のトラフィックフローを制御できます。これにより、通信で事前に定義されたセキュリティポリシーが使用され、機密リソースへの不正アクセスが防止されます。
- 拡張性と柔軟性: VRFリークは、VXLANホストが外部ホストとシームレスに通信できるようにすることで、VXLAN導入の拡張性と柔軟性を強化します。VXLANと外部ネットワーク間でリソースの動的な割り当てと共有を可能にし、既存の設定を中断することなく、変化するネットワーク要件に適応します。
ネットワークドメイン間の結合度が低く、VRFリークを通して透過させたいルートのみ外部へ渡す事ができるのでルートコントロールやインテグレーションが容易な構成のように見えました。本記事の検証では、VRFリーク構成を用いてEVPN/VXLANネットワークとClassicネットワークを接続してみます。
検証物理構成
エンタープライズコア想定のシステムが上部でEVPN/VXLANシステムが下部です。
Nx-Leaf01 => 外部接続用のボーダーリーフスイッチ。ルートリークは全てここで実施。
Nx-Leaf02 => ノード収容用リーフスイッチ。
Nx-Leaf03 => ノード収容用リーフスイッチ。
Nx-Spine01 => リーフスイッチ収容用スパインスイッチ。
Nx-Spine02 => リーフスイッチ収容用スパインスイッチ。
Tokyo-CSW01 => エンタープライズコア想定。BGPとOSPFが動いてます。
Osaka-CSW01 => エンタープライズコア想定。OSPFだけ動いてます。
VRFリーク設定
ざっくり以下のステップで設定を行います。
①EVPN/VXLAN経路をDefault VRFへリークする
②デフォルトルートをEVPN/VXLAN用VRFへリークする
①EVPN/VXLAN経路をDefault VRFへリークする
本設定は外部接続用のボーダーリーフスイッチにて実施します。
現在収容中の4ノード全ての経路をDefault VRFへリークします。
IP PREFIX-LISTの作成
Default VRFへリークしたいEVPN/VXLAN経路を全て指定します。
!
conf t
!
ip prefix-list VXLAN-VRF-Tenant-to-default seq 10 permit 192.168.100.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 15 permit 192.168.200.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 20 permit 192.168.250.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 25 permit 192.168.100.2/32
!
ROUTE-MAPの作成
最終的に行うVRFへのリーク設定で直接Prefix-listの指定ができないため、利用したいPrefix-listとRoute-mapの紐づけを行います。
!
conf t
!
route-map VXLAN-VRF-Tenant-to-default
match ip address prefix-list VXLAN-VRF-Tenant-to-default
!
Default VRFへの経路リーク
EVPN/VXLANでL3VPNを実施しているVRFにて以下設定を投入します。これによってRoute-map処理で最終的にヒットした経路を全てdefault VRFへ経路リークすることができるようになります。「allow-vpn」を付加することで、L3VPN経由で学習した経路もExport対象とすることが可能です。
!
conf t
!
vrf context VRF_L3VPN
address-family ipv4 unicast
export vrf default map VXLAN-VRF-Tenant-to-default allow-vpn
!
default VRFの経路情報確認
以下のようになりました。IP Prefix-listで指定した4経路がAD値200のiBGP経路として登録されています。
これによりdefault VRFを利用しているeBGP接続でEVPN/VXLAN経路を広告できるようになり、エンタープライズコア側でも経路情報を得られるようになりました。
Nx-Leaf01#
Nx-Leaf01# show ip route vrf default
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0
*via 10.255.1.1, [20/0], 20:27:58, bgp-10000, external, tag 20000
1.1.1.1/32, ubest/mbest: 1/0
*via 192.168.11.1, Eth1/1, [110/41], 1d13h, ospf-UNDERLAY, intra
2.2.2.2/32, ubest/mbest: 1/0
*via 192.168.22.1, Eth1/2, [110/41], 1d13h, ospf-UNDERLAY, intra
~~~~~~~
一部省略
~~~~~~~
192.168.100.1/32, ubest/mbest: 1/0
*via 33.33.33.34, [200/0], 02:07:35, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x21212122 encap: VXLAN
192.168.100.2/32, ubest/mbest: 1/0
*via 22.22.22.23, [200/0], 02:07:35, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x16161617 encap: VXLAN
192.168.200.1/32, ubest/mbest: 1/0
*via 22.22.22.23, [200/0], 02:07:35, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x16161617 encap: VXLAN
192.168.250.1/32, ubest/mbest: 1/0
*via 33.33.33.34, [200/0], 02:07:35, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x21212122 encap: VXLAN
Nx-Leaf01#
エンタープライズコア側の経路確認
エンタープライズコア側ではeBGPを通してボーダーリーフスイッチよりEVPN/VXLANドメインの経路情報を受信しています。これをOSPFへredistributeすることでClassic Ethernet全体に再配布が可能です。
BGPを直収しているTokyo-CSW01側
Tokyo-CSW01#
Tokyo-CSW01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.100.1.0/24 is directly connected, GigabitEthernet0/1
L 10.100.1.1/32 is directly connected, GigabitEthernet0/1
C 10.255.1.0/24 is directly connected, GigabitEthernet0/0
L 10.255.1.1/32 is directly connected, GigabitEthernet0/0
192.168.100.0/32 is subnetted, 2 subnets
B 192.168.100.1 [20/0] via 10.255.1.2, 15:44:30
B 192.168.100.2 [20/0] via 10.255.1.2, 15:40:31
192.168.200.0/32 is subnetted, 1 subnets
B 192.168.200.1 [20/0] via 10.255.1.2, 15:41:54
192.168.250.0/32 is subnetted, 1 subnets
B 192.168.250.1 [20/0] via 10.255.1.2, 15:44:25
Tokyo-CSW01#
Tokyo-CSW01よりEVPN/VXLAN経路をOSPF経由で受信しているOsaka-CSW01
Osaka-CSW01#
Osaka-CSW01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.1.0/24 is directly connected, GigabitEthernet0/0
L 10.100.1.2/32 is directly connected, GigabitEthernet0/0
192.168.100.0/32 is subnetted, 2 subnets
O E1 192.168.100.1 [110/2] via 10.100.1.1, 15:44:31, GigabitEthernet0/0
O E1 192.168.100.2 [110/2] via 10.100.1.1, 15:40:33, GigabitEthernet0/0
192.168.200.0/32 is subnetted, 1 subnets
O E1 192.168.200.1 [110/2] via 10.100.1.1, 15:41:57, GigabitEthernet0/0
192.168.250.0/32 is subnetted, 1 subnets
O E1 192.168.250.1 [110/2] via 10.100.1.1, 15:44:26, GigabitEthernet0/0
Osaka-CSW01#
②デフォルトルートをEVPN/VXLAN用VRFへリークする
本設定も①と同様に外部接続用のボーダーリーフスイッチにて実施します。
Tokyo-CSW01より広告を受けたデフォルトルートをEVPN/VXLAN用のVRFへリークします。
①と同様にPrefix-list, Route-mapを作成 => VRF設定というステップになります。
IP PREFIX-LISTの作成
Default VRFへリークしたいデフォルトルートを指定します。
!
conf t
!
ip prefix-list VXLAN-VRF-default-to-Tenant seq 5 permit 0.0.0.0/0
!
ROUTE-MAPの作成
最終的に行うVRFへのリーク設定で直接Prefix-listの指定ができないため、利用したいPrefix-listとRoute-mapの紐づけを行います。
!
conf t
!
route-map VXLAN-VRF-default-to-Tenant
match ip address prefix-list VXLAN-VRF-default-to-Tenant
!
EVPN/VXLAN用VRFへの経路リーク
EVPN/VXLANでL3VPNを実施しているVRFにて以下設定を投入します。default VRFに存在するデフォルトルートをL3VPN用VRFへimportすることができます。「advertise-vpn」を付加しないとEVPN経路としてインポートされないので注意が必要です。
!
conf t
!
vrf context VRF_L3VPN
address-family ipv4 unicast
import vrf default map VXLAN-VRF-default-to-Tenant advertise-vpn
!
EVPN/VXLAN用経路情報確認
VRF側の経路情報は以下のようになりました。IP Prefix-listで指定したデフォルトルートがAD値20のeBGP経路として登録されています。
Nx-Leaf01#
Nx-Leaf01# show ip route vrf VRF_L3VPN
IP Route Table for VRF "VRF_L3VPN"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0
*via 10.255.1.1%default, [20/0], 00:02:12, bgp-10000, external, tag 20000
192.168.100.1/32, ubest/mbest: 1/0
*via 33.33.33.34%default, [200/0], 02:38:30, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x21212122 encap: VXLAN
192.168.100.2/32, ubest/mbest: 1/0
*via 22.22.22.23%default, [200/0], 16:11:05, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x16161617 encap: VXLAN
192.168.200.1/32, ubest/mbest: 1/0
*via 22.22.22.23%default, [200/0], 16:12:31, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x16161617 encap: VXLAN
192.168.250.1/32, ubest/mbest: 1/0
*via 33.33.33.34%default, [200/0], 02:38:30, bgp-10000, internal, tag 10000, segid: 10999 tunnelid: 0x21212122 encap: VXLAN
Nx-Leaf01#
また、EVPN側での経路情報は以下のようになっています。EVPN Route Type5としてデフォルトルートが登録されているのが分かります。また、リークしたデフォルトルートはeBGPネイバーのエンタープライズコアより受信したものなので、AS-Path属性として追加でAS20000が付加されています。
Nx-Leaf01#
Nx-Leaf01# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 1418, Local Router ID is 11.11.11.11
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 22.22.22.22:32867
*>i[2]:[0]:[0]:[48]:[5254.0019.5a2c]:[32]:[192.168.100.2]/272
22.22.22.23 100 0 i
* i 22.22.22.23 100 0 i
Route Distinguisher: 22.22.22.22:32967
*>i[2]:[0]:[0]:[48]:[5254.000d.7ff7]:[32]:[192.168.200.1]/272
22.22.22.23 100 0 i
* i 22.22.22.23 100 0 i
Route Distinguisher: 33.33.33.33:32867
* i[2]:[0]:[0]:[48]:[5254.001d.3657]:[32]:[192.168.100.1]/272
33.33.33.34 100 0 i
*>i 33.33.33.34 100 0 i
Route Distinguisher: 33.33.33.33:33017
* i[2]:[0]:[0]:[48]:[5254.0012.3fb4]:[32]:[192.168.250.1]/272
33.33.33.34 100 0 i
*>i 33.33.33.34 100 0 i
Route Distinguisher: 11.11.11.11:4 (L3VNI 10999)
*>i[2]:[0]:[0]:[48]:[5254.000d.7ff7]:[32]:[192.168.200.1]/272
22.22.22.23 100 0 i
*>i[2]:[0]:[0]:[48]:[5254.0012.3fb4]:[32]:[192.168.250.1]/272
33.33.33.34 100 0 i
*>i[2]:[0]:[0]:[48]:[5254.0019.5a2c]:[32]:[192.168.100.2]/272
22.22.22.23 100 0 i
*>i[2]:[0]:[0]:[48]:[5254.001d.3657]:[32]:[192.168.100.1]/272
33.33.33.34 100 0 i
*>l[5]:[0]:[0]:[0]:[0.0.0.0]/224
11.11.11.12 0 20000 i
Nx-Leaf01#
疎通確認
EVPN/VXLANドメインに属するA-Re0250よりエンタープライズドメインのOsaka-CSW01へPingを打ってみます。行きはデフォルトルート、返りはホストルートがそれぞれ存在しているので無事疎通が取れました。
a-re03-sv01:~$
a-re03-sv01:~$ ping 10.100.1.2
PING 10.100.1.2 (10.100.1.2): 56 data bytes
64 bytes from 10.100.1.2: seq=0 ttl=42 time=34.441 ms
64 bytes from 10.100.1.2: seq=1 ttl=42 time=27.226 ms
64 bytes from 10.100.1.2: seq=2 ttl=42 time=29.792 ms
64 bytes from 10.100.1.2: seq=3 ttl=42 time=22.219 ms
64 bytes from 10.100.1.2: seq=4 ttl=42 time=22.282 ms
^C
--- 10.100.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 22.219/27.192/34.441 ms
a-re03-sv01:~$
最終的な構成リフレイン
改めて本構成を振り返ります。各ドメイン間の経路交換的な意味合いでの接続はVRFリークのみなので、部分的なリプレースやシステム更改等柔軟に実施することができます。他ドメインについて考慮する接続ポイントが減るのは長期的な運用コスト削減という観点からも大きいメリットだなと感じました。また、交換する経路をエンジニア側で柔軟にコントロールできる点もセキュリティ施策が実施し易そうで良いなと思います。
各機器の設定
Nx-Spine01
Nx-Spine01#
Nx-Spine01# show running-config
!Command: show running-config
!Running configuration last done at: Tue Oct 1 09:28:44 2024
!Time: Wed Oct 2 04:03:54 2024
version 10.4(2) Bios:version
hostname Nx-Spine01
vdc Nx-Spine01 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
no password strength-check
username admin password 5 $5$DKLLBJ$CL10zk0..5MguQjwFefe3f2zlxYLxKz8In3MCZ20f.A
role network-admin
username cisco password 5 $5$CJMODG$zNmBtYt94evek4OHKZuatQbsJRb8l7k4ktxlOg1bhS9
role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 043A97609A3636E5492AF85D4A225A00DC
A9 priv aes-128 331DDF2C891631EC4518B303083E011FE7D8 localizedV2key
snmp-server user cisco network-admin auth md5 167FA840935460A76F2085145770094AE1
84 priv aes-128 3339CF329B1462BD196BAA190A7C020FAD84 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1
vrf context management
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.11.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.12.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
no switchport
mtu 9216
ip address 192.168.13.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/4
interface mgmt0
vrf member management
interface loopback0
ip address 1.1.1.1/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 1.1.1.1
router bgp 10000
neighbor 11.11.11.11
remote-as 10000
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 22.22.22.22
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 33.33.33.33
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
Nx-Spine01#
Nx-Spine02
Nx-Spine02#
Nx-Spine02# show running-config
!Command: show running-config
!Running configuration last done at: Tue Oct 1 09:29:56 2024
!Time: Wed Oct 2 04:07:37 2024
version 10.4(2) Bios:version
hostname Nx-Spine02
vdc Nx-Spine02 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
no password strength-check
username admin password 5 $5$PNAMFO$/0.5YJT50va2yzg6kO/FzyXboYDKQ45bbUePlr/XYf/
role network-admin
username cisco password 5 $5$KDIFIB$agrC4ysTO8WV.6tKcBqfcPJr416ue/2flaC1zFvj941
role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 483A77265F244180801E5DB24DCA3C6412
A6 priv aes-128 014733274B254CC1A3710BDF1797063440BF localizedV2key
snmp-server user cisco network-admin auth md5 042F4205243A37F9932559E351814D6337
DB priv aes-128 375321375D284EC2C8681AA712DC104655EE localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1
vrf context management
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.22.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.24.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
no switchport
mtu 9216
ip address 192.168.26.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/4
interface mgmt0
vrf member management
interface loopback0
ip address 2.2.2.2/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 2.2.2.2
router bgp 10000
neighbor 11.11.11.11
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 22.22.22.22
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 33.33.33.33
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
Nx-Spine02#
Nx-Leaf01
Nx-Leaf01#
Nx-Leaf01# show running-config
!Command: show running-config
!Running configuration last done at: Wed Oct 2 03:33:22 2024
!Time: Wed Oct 2 04:05:17 2024
version 10.4(2) Bios:version
hostname Nx-Leaf01
vdc Nx-Leaf01 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$JPGNKL$NwqCYs7wvSXJPZbzVWn0I6pcXjltw9uiyAPWf0SHLQ2 role network-admin
username cisco password 5 $5$NCFGPE$QUWRsTXj6ST5o/K.VHkXykZGvhN8PKW0gDXwBOjK0w6 role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
ip access-list export_evpn_to_default
10 permit ip any any
copp profile strict
advertise evpn multicast
snmp-server user admin network-admin auth md5 4957F1391C002E354217C98D78581B3AC2F1 priv aes-128 5315B42EBFF984ACD8C1051EB8B0B1F44E70 localizedV2key
snmp-server user cisco network-admin auth md5 5202941575C8FDB4D9D82753A0E0F0A20D6C priv aes-128 0064E773110C692D4966F48236666A2A80F8 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1,999
vlan 999
vn-segment 10999
ip prefix-list VXLAN-VRF-Tenant-to-default seq 5 permit 192.168.0.0/16
ip prefix-list VXLAN-VRF-Tenant-to-default seq 10 permit 192.168.100.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 15 permit 192.168.200.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 20 permit 192.168.250.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 30 permit 192.168.100.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 35 permit 192.168.200.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 40 permit 192.168.250.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 45 permit 192.168.100.2/32
ip prefix-list VXLAN-VRF-default-to-Tennant seq 5 permit 0.0.0.0/0
route-map VXLAN-VRF-Tenant-to-default permit 10
match ip address prefix-list VXLAN-VRF-Tenant-to-default
route-map VXLAN-VRF-default-to-Tenant permit 10
match ip address prefix-list VXLAN-VRF-default-to-Tenant
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
import vrf default map VXLAN-VRF-default-to-Tenant advertise-vpn
export vrf default map VXLAN-VRF-Tenant-to-default allow-vpn
vrf context management
interface Vlan1
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.11.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.22.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 100
interface Ethernet1/4
switchport access vlan 200
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
no switchport
mtu 9216
ip address 10.255.1.2/24
no shutdown
interface Ethernet1/8
interface mgmt0
vrf member management
interface loopback0
ip address 11.11.11.11/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 11.11.11.12/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 11.11.11.11
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.1
remote-as 20000
update-source Ethernet1/7
address-family ipv4 unicast
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
Nx-Leaf01#
Nx-Leaf02
Nx-Leaf02#
Nx-Leaf02# show running-config
!Command: show running-config
!Running configuration last done at: Tue Oct 1 11:31:14 2024
!Time: Wed Oct 2 04:20:09 2024
version 10.4(2) Bios:version
hostname Nx-Leaf02
vdc Nx-Leaf02 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$HNHAHO$b8biGEzFhnDomUJiiyW6Tklv3MpMInsXRS2Z0DSeBCB
role network-admin
username cisco password 5 $5$IAFEFN$SmwKz4M0ngcVT4xsCMy8ASQeOPTXq9DOJxlmV9GdjYD
role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 207BD3D988B10BEFAEA07D71CD6DA1F124
61 priv aes-128 5227A3E8BEF20ED7948C6E45CD3CF9852A65 localizedV2key
snmp-server user cisco network-admin auth md5 0172B9F5E38C73F194DD786C802EE48625
26 priv aes-128 481AF2A3B08579F3AAED7977C56F829B7973 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,100,200,999
vlan 100
vn-segment 10100
vlan 200
vn-segment 10200
vlan 999
vn-segment 10999
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context management
interface Vlan1
interface Vlan100
no shutdown
vrf member VRF_L3VPN
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
interface Vlan200
no shutdown
vrf member VRF_L3VPN
ip address 192.168.200.254/24
fabric forwarding mode anycast-gateway
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10100
ingress-replication protocol bgp
member vni 10200
ingress-replication protocol bgp
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.12.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.24.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 100
interface Ethernet1/4
switchport access vlan 200
interface mgmt0
vrf member management
interface loopback0
ip address 22.22.22.22/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 22.22.22.23/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 22.22.22.22
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
vni 10200 l2
rd auto
route-target import auto
route-target export auto
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
Nx-Leaf02#
Nx-Leaf03
Nx-Leaf03#
Nx-Leaf03# show running-config
!Command: show running-config
!Running configuration last done at: Tue Oct 1 11:27:58 2024
!Time: Wed Oct 2 04:21:30 2024
version 10.4(2) Bios:version
hostname Nx-Leaf03
vdc Nx-Leaf03 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$JFAKJN$zKoPXWOZb9Kv0AFToD0DSJpC5sRWkhdgDZ3kfXBpzu0
role network-admin
username cisco password 5 $5$FFLDLK$nfa2MTCfKIpUYNoOY9lJnCtrozhYA6sUGYpQpcBvVY8
role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 364F8FC4C33E1336B2FE9492BD2DBAD2C2
43 priv aes-128 365FD190CF67143DA2A397CEE870CECA8711 localizedV2key
snmp-server user cisco network-admin auth md5 483AC18EDD65476CFED08ED4EA32CDDACD
4D priv aes-128 366ED38491344B25A2A8ED89A076F683DE0A localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,100,250,999
vlan 100
vn-segment 10100
vlan 250
vn-segment 10250
vlan 999
vn-segment 10999
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context management
interface Vlan1
interface Vlan100
no shutdown
vrf member VRF_L3VPN
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
interface Vlan250
no shutdown
vrf member VRF_L3VPN
no ip redirects
ip address 192.168.250.254/24
fabric forwarding mode anycast-gateway
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10100
ingress-replication protocol bgp
member vni 10250
ingress-replication protocol bgp
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.13.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.26.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 250
interface Ethernet1/4
switchport access vlan 100
interface mgmt0
vrf member management
interface loopback0
ip address 33.33.33.33/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 33.33.33.34/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 33.33.33.33
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
vni 10250 l2
rd auto
route-target import auto
route-target export auto
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
Nx-Leaf03#
Tokyo-CSW01
Tokyo-CSW01#
Tokyo-CSW01#show running-config
Building configuration...
Current configuration : 3298 bytes
!
! Last configuration change at 09:21:21 UTC Tue Oct 1 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Tokyo-CSW01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
redundancy
!
!
!
interface GigabitEthernet0/0
mtu 9216
ip address 10.255.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
mtu 9216
ip address 10.100.1.1 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 255.255.255.255
redistribute bgp 20000 metric-type 1 subnets
network 10.100.1.1 0.0.0.0 area 0
!
router bgp 20000
bgp log-neighbor-changes
neighbor 10.255.1.2 remote-as 10000
neighbor 10.255.1.2 update-source GigabitEthernet0/0
neighbor 10.255.1.2 default-originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
Tokyo-CSW01#
Tokyo-CSW02
Osaka-CSW01#
Osaka-CSW01#show running-config
Building configuration...
Current configuration : 3061 bytes
!
! Last configuration change at 09:41:37 UTC Tue Oct 1 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Osaka-CSW01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
interface GigabitEthernet0/0
mtu 9216
ip address 10.100.1.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 25.25.25.25
network 10.100.1.2 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
Osaka-CSW01#
ラボImport用YAML
以下yamlファイルをCMLへインポートしてあげれば本検証用の環境が利用できます。
satani-lab.yaml
annotations:
- border_color: '#808080FF'
border_style: ''
color: '#FFFFFFFF'
line_end: null
line_start: null
thickness: 1
type: line
x1: -1000.0
y1: -400.0
x2: -1000.0
y2: -400.0
z_index: 0
- border_color: '#808080FF'
border_style: ''
color: '#FFFFFFFF'
line_end: null
line_start: null
thickness: 1
type: line
x1: -1000.0
y1: -400.0
x2: -1000.0
y2: -400.0
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: ''
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -1040.0
y1: -520.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: |-
EVPN/VXLAN Segment Assignment:
Spine switch's hostname: Nx-Spine0"X"
Spine switch's Physics number: E"Y"/"Z"
Segment: 192.168.("Y""Z") x "X".0/24
VTEP: Loopback1
text_font: monospace
text_italic: true
text_size: 12
text_unit: pt
thickness: 2
type: text
x1: -657.9678380107343
y1: -381.0972518936188
z_index: 12
- border_color: '#808080FF'
border_radius: 0
border_style: ''
color: '#FFFFFFFF'
thickness: 1
type: rectangle
x1: -680.0
y1: -400.0
x2: 1080.0
y2: 160.0
z_index: 11
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: |-
VNI Info:
VNI10100: V100(192.168.100.0/24)
VNI10200: V200(192.168.200.0/24)
VNI10250: V250(192.168.250.0/24)
VNI10999: V999(L3VPN)
text_font: monospace
text_italic: true
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 85.8926632670867
y1: -381.7148384896481
z_index: 12
- border_color: '#808080FF'
border_style: ''
color: '#FFFFFFFF'
line_end: null
line_start: null
thickness: 1
type: line
x1: -40.0
y1: -480.0
x2: -40.0
y2: -480.0
z_index: 13
- border_color: '#808080FF'
border_radius: 0
border_style: ''
color: '#FFFFFFFF'
thickness: 1
type: rectangle
x1: -400.0
y1: -680.0
x2: 400.0
y2: 160.0
z_index: 14
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: MAIN OFFICE BACKBONE
text_font: monospace
text_italic: true
text_size: 12
text_unit: pt
thickness: 2
type: text
x1: -359.2751262799308
y1: -657.0916708084466
z_index: 15
nodes:
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
Building configuration...
Current configuration : 3160 bytes
!
! Last configuration change at 13:47:10 UTC Wed May 22 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TEST-RT
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip domain name test.local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
username admin privilege 15 password 0 Password1!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.2.203.110 255.255.0.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.2.1.1
!
ipv6 ioam timestamp
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
no scheduler allocate
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: iosv-0
node_definition: iosv
parameters: {}
ram: null
tags: []
x: -600
y: -520
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: GigabitEthernet0/0
slot: 0
type: physical
- id: i2
label: GigabitEthernet0/1
slot: 1
type: physical
- id: i3
label: GigabitEthernet0/2
slot: 2
type: physical
- id: i4
label: GigabitEthernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: default
content: System Bridge
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: ext-conn-0
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: -760
y: -520
interfaces:
- id: i0
label: port
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: nxos_config.txt
content: |2-
!Command: show running-config
!Running configuration last done at: Mon Sep 30 13:09:22 2024
!Time: Mon Sep 30 13:09:23 2024
version 10.4(2) Bios:version
hostname Nx-Spine01
vdc Nx-Spine01 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
no password strength-check
username admin password 5 $5$DKLLBJ$CL10zk0..5MguQjwFefe3f2zlxYLxKz8In3MCZ20f.A role network-admin
username cisco password 5 $5$CJMODG$zNmBtYt94evek4OHKZuatQbsJRb8l7k4ktxlOg1bhS9 role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 043A97609A3636E5492AF85D4A225A00DCA9 priv aes-128 331DDF2C891631EC4518B303083E011FE7D8 localizedV2key
snmp-server user cisco network-admin auth md5 167FA840935460A76F2085145770094AE184 priv aes-128 3339CF329B1462BD196BAA190A7C020FAD84 localizedV2key
vlan 1
vrf context management
interface mgmt0
vrf member management
interface loopback0
ip address 1.1.1.1/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 1.1.1.1
router bgp 10000
neighbor 11.11.11.11
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 22.22.22.22
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 33.33.33.33
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: Nx-Spine01
node_definition: nxosv9000
parameters: {}
ram: null
tags: []
x: -200
y: -400
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: mgmt0
slot: 0
type: physical
- id: i2
label: Ethernet1/1
slot: 1
type: physical
- id: i3
label: Ethernet1/2
slot: 2
type: physical
- id: i4
label: Ethernet1/3
slot: 3
type: physical
- id: i5
label: Ethernet1/4
slot: 4
type: physical
- id: i6
label: Ethernet1/5
slot: 5
type: physical
- id: i7
label: Ethernet1/6
slot: 6
type: physical
- id: i8
label: Ethernet1/7
slot: 7
type: physical
- boot_disk_size: null
configuration:
- name: nxos_config.txt
content: |2-
!Command: show running-config
!Running configuration last done at: Tue Oct 1 09:36:38 2024
!Time: Tue Oct 1 09:36:39 2024
version 10.4(2) Bios:version
hostname Nx-Leaf02
vdc Nx-Leaf02 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$HNHAHO$b8biGEzFhnDomUJiiyW6Tklv3MpMInsXRS2Z0DSeBCB role network-admin
username cisco password 5 $5$IAFEFN$SmwKz4M0ngcVT4xsCMy8ASQeOPTXq9DOJxlmV9GdjYD role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 207BD3D988B10BEFAEA07D71CD6DA1F12461 priv aes-128 5227A3E8BEF20ED7948C6E45CD3CF9852A65 localizedV2key
snmp-server user cisco network-admin auth md5 0172B9F5E38C73F194DD786C802EE4862526 priv aes-128 481AF2A3B08579F3AAED7977C56F829B7973 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,100,999
vlan 100
vn-segment 10100
vlan 999
vn-segment 10999
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context management
interface Vlan1
interface Vlan100
no shutdown
vrf member VRF_L3VPN
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10100
ingress-replication protocol bgp
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.12.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.24.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 100
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
interface Ethernet1/47
interface Ethernet1/48
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface Ethernet1/55
interface Ethernet1/56
interface Ethernet1/57
interface Ethernet1/58
interface Ethernet1/59
interface Ethernet1/60
interface Ethernet1/61
interface Ethernet1/62
interface Ethernet1/63
interface Ethernet1/64
interface mgmt0
vrf member management
interface loopback0
ip address 22.22.22.22/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 22.22.22.23/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 22.22.22.22
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: Nx-Leaf02
node_definition: nxosv9000
parameters: {}
ram: null
tags: []
x: -120
y: -240
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: mgmt0
slot: 0
type: physical
- id: i2
label: Ethernet1/1
slot: 1
type: physical
- id: i3
label: Ethernet1/2
slot: 2
type: physical
- id: i4
label: Ethernet1/3
slot: 3
type: physical
- id: i5
label: Ethernet1/4
slot: 4
type: physical
- id: i6
label: Ethernet1/5
slot: 5
type: physical
- id: i7
label: Ethernet1/6
slot: 6
type: physical
- id: i8
label: Ethernet1/7
slot: 7
type: physical
- boot_disk_size: null
configuration:
- name: nxos_config.txt
content: |2-
!Command: show running-config
!Running configuration last done at: Wed Oct 2 00:59:41 2024
!Time: Wed Oct 2 00:59:44 2024
version 10.4(2) Bios:version
hostname Nx-Leaf01
vdc Nx-Leaf01 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$JPGNKL$NwqCYs7wvSXJPZbzVWn0I6pcXjltw9uiyAPWf0SHLQ2 role network-admin
username cisco password 5 $5$NCFGPE$QUWRsTXj6ST5o/K.VHkXykZGvhN8PKW0gDXwBOjK0w6 role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
ip access-list export_evpn_to_default
10 permit ip any any
copp profile strict
advertise evpn multicast
snmp-server user admin network-admin auth md5 4957F1391C002E354217C98D78581B3AC2F1 priv aes-128 5315B42EBFF984ACD8C1051EB8B0B1F44E70 localizedV2key
snmp-server user cisco network-admin auth md5 5202941575C8FDB4D9D82753A0E0F0A20D6C priv aes-128 0064E773110C692D4966F48236666A2A80F8 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,100,200,999
vlan 100
vn-segment 10100
vlan 200
vn-segment 10200
vlan 999
vn-segment 10999
ip prefix-list VXLAN-VRF-Tenant-to-default seq 5 permit 192.168.0.0/16
ip prefix-list VXLAN-VRF-Tenant-to-default seq 10 permit 192.168.100.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 15 permit 192.168.200.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 20 permit 192.168.250.0/24
ip prefix-list VXLAN-VRF-Tenant-to-default seq 30 permit 192.168.100.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 35 permit 192.168.200.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 40 permit 192.168.250.1/32
ip prefix-list VXLAN-VRF-Tenant-to-default seq 45 permit 192.168.100.2/32
ip prefix-list VXLAN-VRF-default-to-Tenant seq 5 permit 0.0.0.0/0
route-map VXLAN-VRF-Tenant-to-default permit 10
match ip address prefix-list VXLAN-VRF-Tenant-to-default
route-map VXLAN-VRF-default-to-Tenant permit 10
match ip address prefix-list VXLAN-VRF-default-to-Tenant
route-map export_evpn_to_default permit 10
match ip address export_evpn_to_default
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
import vrf default map VXLAN-VRF-default-to-Tenant advertise-vpn
export vrf default map VXLAN-VRF-Tenant-to-default allow-vpn
vrf context management
interface Vlan1
interface Vlan100
no shutdown
vrf member VRF_L3VPN
no ip redirects
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
interface Vlan200
no shutdown
vrf member VRF_L3VPN
no ip redirects
ip address 192.168.200.254/24
fabric forwarding mode anycast-gateway
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10100
ingress-replication protocol bgp
member vni 10200
ingress-replication protocol bgp
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.11.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.22.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 100
interface Ethernet1/4
switchport access vlan 200
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
no switchport
mtu 9216
ip address 10.255.1.2/24
no shutdown
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
interface Ethernet1/47
interface Ethernet1/48
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface Ethernet1/55
interface Ethernet1/56
interface Ethernet1/57
interface Ethernet1/58
interface Ethernet1/59
interface Ethernet1/60
interface Ethernet1/61
interface Ethernet1/62
interface Ethernet1/63
interface Ethernet1/64
interface mgmt0
vrf member management
interface loopback0
ip address 11.11.11.11/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 11.11.11.12/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 11.11.11.11
router bgp 10000
address-family ipv4 unicast
network 1.1.1.1/32
address-family l2vpn evpn
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
import vpn unicast
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.1
remote-as 20000
update-source Ethernet1/7
address-family ipv4 unicast
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
vni 10200 l2
rd auto
route-target import auto
route-target export auto
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: Nx-Leaf01(Border)
node_definition: nxosv9000
parameters: {}
ram: null
tags: []
x: -280
y: -240
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: mgmt0
slot: 0
type: physical
- id: i2
label: Ethernet1/1
slot: 1
type: physical
- id: i3
label: Ethernet1/2
slot: 2
type: physical
- id: i4
label: Ethernet1/3
slot: 3
type: physical
- id: i5
label: Ethernet1/4
slot: 4
type: physical
- id: i6
label: Ethernet1/5
slot: 5
type: physical
- id: i7
label: Ethernet1/6
slot: 6
type: physical
- id: i8
label: Ethernet1/7
slot: 7
type: physical
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n5
image_definition: null
label: A-Re0100-SV01
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -120
y: -80
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n6
image_definition: null
label: A-Re0100-SV02
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -280
y: -80
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: nxos_config.txt
content: |2-
!Command: show running-config
!Running configuration last done at: Mon Sep 30 13:18:41 2024
!Time: Mon Sep 30 13:18:43 2024
version 10.4(2) Bios:version
hostname Nx-Spine02
vdc Nx-Spine02 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
no password strength-check
username admin password 5 $5$PNAMFO$/0.5YJT50va2yzg6kO/FzyXboYDKQ45bbUePlr/XYf/ role network-admin
username cisco password 5 $5$KDIFIB$agrC4ysTO8WV.6tKcBqfcPJr416ue/2flaC1zFvj941 role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 483A77265F244180801E5DB24DCA3C6412A6 priv aes-128 014733274B254CC1A3710BDF1797063440BF localizedV2key
snmp-server user cisco network-admin auth md5 042F4205243A37F9932559E351814D6337DB priv aes-128 375321375D284EC2C8681AA712DC104655EE localizedV2key
vlan 1
vrf context management
interface mgmt0
vrf member management
interface loopback0
ip address 2.2.2.2/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
router ospf UNDERLAY
router-id 2.2.2.2
router bgp 10000
neighbor 11.11.11.11
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 22.22.22.22
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 33.33.33.33
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n7
image_definition: null
label: Nx-Spine02
node_definition: nxosv9000
parameters: {}
ram: null
tags: []
x: -40
y: -400
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: mgmt0
slot: 0
type: physical
- id: i2
label: Ethernet1/1
slot: 1
type: physical
- id: i3
label: Ethernet1/2
slot: 2
type: physical
- id: i4
label: Ethernet1/3
slot: 3
type: physical
- id: i5
label: Ethernet1/4
slot: 4
type: physical
- id: i6
label: Ethernet1/5
slot: 5
type: physical
- id: i7
label: Ethernet1/6
slot: 6
type: physical
- id: i8
label: Ethernet1/7
slot: 7
type: physical
- boot_disk_size: null
configuration:
- name: nxos_config.txt
content: |2-
!Command: show running-config
!Running configuration last done at: Tue Oct 1 09:37:20 2024
!Time: Tue Oct 1 09:37:22 2024
version 10.4(2) Bios:version
hostname Nx-Leaf03
vdc Nx-Leaf03 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4097
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$JFAKJN$zKoPXWOZb9Kv0AFToD0DSJpC5sRWkhdgDZ3kfXBpzu0 role network-admin
username cisco password 5 $5$FFLDLK$nfa2MTCfKIpUYNoOY9lJnCtrozhYA6sUGYpQpcBvVY8 role network-admin
username cisco passphrase lifetime 99999 warntime 14 gracetime 3
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 364F8FC4C33E1336B2FE9492BD2DBAD2C243 priv aes-128 365FD190CF67143DA2A397CEE870CECA8711 localizedV2key
snmp-server user cisco network-admin auth md5 483AC18EDD65476CFED08ED4EA32CDDACD4D priv aes-128 366ED38491344B25A2A8ED89A076F683DE0A localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,100,250,999
vlan 100
vn-segment 10100
vlan 250
vn-segment 10250
vlan 999
vn-segment 10999
vrf context VRF_L3VPN
vni 10999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context management
interface Vlan1
interface Vlan100
no shutdown
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
interface Vlan250
no shutdown
vrf member VRF_L3VPN
no ip redirects
ip address 192.168.250.254/24
fabric forwarding mode anycast-gateway
interface Vlan999
no shutdown
vrf member VRF_L3VPN
ip forward
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 10100
ingress-replication protocol bgp
member vni 10250
ingress-replication protocol bgp
member vni 10999 associate-vrf
interface Ethernet1/1
no switchport
mtu 9216
ip address 192.168.13.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
mtu 9216
ip address 192.168.26.2/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0.0.0.0
no shutdown
interface Ethernet1/3
switchport access vlan 250
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
interface Ethernet1/47
interface Ethernet1/48
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface Ethernet1/55
interface Ethernet1/56
interface Ethernet1/57
interface Ethernet1/58
interface Ethernet1/59
interface Ethernet1/60
interface Ethernet1/61
interface Ethernet1/62
interface Ethernet1/63
interface Ethernet1/64
interface mgmt0
vrf member management
interface loopback0
ip address 33.33.33.33/32
ip router ospf UNDERLAY area 0.0.0.0
interface loopback1
ip address 33.33.33.34/32
ip router ospf UNDERLAY area 0.0.0.0
icam monitor scale
line console
exec-timeout 0
line vty
exec-timeout 0
boot nxos bootflash:/nxos64-cs.10.4.2.F.bin
router ospf UNDERLAY
router-id 33.33.33.33
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 10000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf VRF_L3VPN
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
vni 10250 l2
rd auto
route-target import auto
route-target export auto
event manager applet BOOTCONFIG
event syslog pattern "Configured from vty"
action 1.0 cli python bootflash:set_boot.py
no logging console
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n8
image_definition: null
label: Nx-Leaf03
node_definition: nxosv9000
parameters: {}
ram: null
tags: []
x: 40
y: -240
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: mgmt0
slot: 0
type: physical
- id: i2
label: Ethernet1/1
slot: 1
type: physical
- id: i3
label: Ethernet1/2
slot: 2
type: physical
- id: i4
label: Ethernet1/3
slot: 3
type: physical
- id: i5
label: Ethernet1/4
slot: 4
type: physical
- id: i6
label: Ethernet1/5
slot: 5
type: physical
- id: i7
label: Ethernet1/6
slot: 6
type: physical
- id: i8
label: Ethernet1/7
slot: 7
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname inserthostname-here
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n9
image_definition: null
label: A-Re0250-SV01
node_definition: desktop
parameters: {}
ram: null
tags: []
x: 40
y: -80
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname inserthostname-here
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n10
image_definition: null
label: A-Re0200-SV01
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -440
y: -80
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n11
image_definition: null
label: Tokyo-CSW01
node_definition: iosv
parameters: {}
ram: null
tags: []
x: -280
y: -600
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: GigabitEthernet0/0
slot: 0
type: physical
- id: i2
label: GigabitEthernet0/1
slot: 1
type: physical
- id: i3
label: GigabitEthernet0/2
slot: 2
type: physical
- id: i4
label: GigabitEthernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: hostname inserthostname-here
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n12
image_definition: null
label: Osaka-CSW01
node_definition: iosv
parameters: {}
ram: null
tags: []
x: -120
y: -600
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: GigabitEthernet0/0
slot: 0
type: physical
- id: i2
label: GigabitEthernet0/1
slot: 1
type: physical
- id: i3
label: GigabitEthernet0/2
slot: 2
type: physical
- id: i4
label: GigabitEthernet0/3
slot: 3
type: physical
links:
- id: l0
n1: n0
n2: n1
i1: i1
i2: i0
conditioning: {}
label: iosv-0-GigabitEthernet0/0<->ext-conn-0-port
- id: l1
n1: n6
n2: n3
i1: i0
i2: i4
conditioning: {}
label: desktop-1-eth0<->Nx-Leaf02-Ethernet1/3
- id: l2
n1: n8
n2: n7
i1: i3
i2: i4
conditioning: {}
label: Nx-Leaf03-Ethernet1/2<->Nx-Spine02-Ethernet1/3
- id: l3
n1: n3
n2: n7
i1: i3
i2: i3
conditioning: {}
label: Nx-Leaf02-Ethernet1/2<->Nx-Spine02-Ethernet1/2
- id: l4
n1: n4
n2: n2
i1: i2
i2: i2
conditioning: {}
label: Nx-Leaf01-Ethernet1/1<->Nx-Spine01-Ethernet1/1
- id: l5
n1: n3
n2: n2
i1: i2
i2: i3
conditioning: {}
label: Nx-Leaf02-Ethernet1/1<->Nx-Spine01-Ethernet1/2
- id: l6
n1: n9
n2: n8
i1: i0
i2: i4
conditioning: {}
label: A-Re02-SV01_0-eth0<->Nx-Leaf03-Ethernet1/3
- id: l7
n1: n4
n2: n7
i1: i3
i2: i2
conditioning: {}
label: Nx-Leaf01-Ethernet1/2<->Nx-Spine02-Ethernet1/1
- id: l8
n1: n4
n2: n11
i1: i8
i2: i1
conditioning: {}
label: Nx-Leaf01-Ethernet1/7<->CSW-GigabitEthernet0/0
- id: l9
n1: n11
n2: n12
i1: i2
i2: i1
conditioning: {}
label: Tokyo-CSW01-GigabitEthernet0/1<->Osaka-CSW01-GigabitEthernet0/0
- id: l10
n1: n5
n2: n8
i1: i0
i2: i5
conditioning: {}
label: A-Re0100-SV01-eth0<->Nx-Leaf03-Ethernet1/4
- id: l11
n1: n10
n2: n3
i1: i0
i2: i5
conditioning: {}
label: A-Re0200-SV01-eth0<->Nx-Leaf02-Ethernet1/4
- id: l12
n1: n8
n2: n2
i1: i2
i2: i4
conditioning: {}
label: Nx-Leaf03-Ethernet1/1<->Nx-Spine01-Ethernet1/3
lab:
description: 佐谷検証用環境
notes: ''
title: satani-lab
version: 0.2.2
おわりに
「分からない..」から始まった検証なので、実際の導入構成や掲載した構成・設定に対するアドバイス等大募集中です。また、本検証に関するご質問やご意見はいつでも何方でもお待ちしております。
免責事項
本サイトおよび対応するコメントにおいて表明される意見は、投稿者本人の個人的意見であり、所属する組織の意見ではありません。本サイトの内容は、情報の提供のみを目的として掲載されており、投稿者が所属する組織や他の関係者による推奨や表明を目的としたものではありません。各利用者は、本Webサイトへの掲載により、投稿、リンクその他の方法でアップロードした全ての情報の内容に対して全責任を負い、本Web サイトの利用に関するあらゆる責任から投稿者の所属する組織を免責することに同意したものとします。