top of page

Building a simple Arista MPLS L2/L3 VPN lab with Segment Routing - Part 2

Writer: Chun Fung WongChun Fung Wong

Updated: Dec 16, 2023

Configurations

Ok, as I mentioned in part 1, this is a reminder for myself so I will just dive into the configurations of the core devices.

The output and testing commands will be posted in Part 3.


R1

hostname R1

!

spanning-tree mode mstp

!

tunnel-ribs

tunnel-rib system-tunnel-rib

source-protocol nexthop-group

source-protocol rsvp-ler

source-protocol bgp labeled-unicast

source-protocol static

source-protocol ldp

source-protocol isis flex-algo preference 50

source-protocol isis segment-routing

!

vrf instance v1

rd 1:1

!

interface Ethernet1

description to R2 E1

no switchport

ip address 10.0.12.1/24

isis enable 1

isis bfd

isis network point-to-point

isis fast-reroute ti-lfa mode link-protection

!

interface Ethernet2

description to R6 E1

no switchport

ip address 10.0.16.1/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet3

description to R3 E3

no switchport

ip address 10.0.13.1/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet4

no switchport

vrf v1

ip address 10.100.19.1/24

!

interface Loopback0

ip address 10.0.0.1/32

node-segment ipv4 index 1001

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.1/32

node-segment ipv4 index 11 flex-algo lb1

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.201/24

!

ip routing

ip routing vrf v1

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

maximum-paths 128

neighbor INTERNAL peer group

neighbor INTERNAL remote-as 65100

neighbor INTERNAL update-source Loopback0

neighbor INTERNAL bfd

neighbor INTERNAL rib-in pre-policy retain all

neighbor INTERNAL route-reflector-client

neighbor INTERNAL send-community extended

neighbor 10.0.0.2 peer group INTERNAL

neighbor 10.0.0.3 peer group INTERNAL

neighbor 10.0.0.4 peer group INTERNAL

neighbor 10.0.0.5 peer group INTERNAL

neighbor 10.0.0.6 peer group INTERNAL

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor INTERNAL activate

!

address-family ipv4 labeled-unicast

neighbor INTERNAL activate

neighbor INTERNAL next-hop-self source-interface Loopback0

network 10.0.0.1/32

network 10.1.1.1/32

!

vrf v1

rd 1:1

route-target import evpn 1:1

route-target export evpn 1:1

neighbor 10.100.19.9 remote-as 65000

!

address-family ipv4

neighbor 10.100.19.9 activate

!

router traffic-engineering

flex-algo

flex-algo 128 lb1

administrative-group include all 1

!

router isis 1

net 49.0001.1111.1111.1111.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

router-id 10.0.0.1

no shutdown

adjacency-segment allocation sr-peers backup-eligible

flex-algo lb1 level-2 advertised

 

R2

hostname R2

!

vrf instance v1

!

interface Ethernet1

description to R1 E1

no switchport

ip address 10.0.12.2/24

isis enable 1

isis bfd

isis network point-to-point

isis fast-reroute ti-lfa mode link-protection

!

interface Ethernet2

description to R4 E3

no switchport

ip address 10.0.24.2/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet3

description to R5 e3

no switchport

ip address 10.0.25.2/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet4

no switchport

vrf v1

ip address 10.101.29.2/24

!

interface Loopback0

ip address 10.0.0.2/32

node-segment ipv4 index 1002

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.2/32

node-segment ipv4 index 12 flex-algo lb1

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.202/24

!

ip routing

ip routing vrf v1

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

neighbor INTERNAL peer group

neighbor INTERNAL remote-as 65100

neighbor INTERNAL update-source Loopback0

neighbor INTERNAL bfd

neighbor INTERNAL rib-in pre-policy retain all

neighbor INTERNAL route-reflector-client

neighbor INTERNAL send-community extended

neighbor 10.0.0.1 peer group INTERNAL

neighbor 10.0.0.3 peer group INTERNAL

neighbor 10.0.0.4 peer group INTERNAL

neighbor 10.0.0.5 peer group INTERNAL

neighbor 10.0.0.6 peer group INTERNAL

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor INTERNAL activate

!

address-family ipv4 labeled-unicast

neighbor INTERNAL activate

neighbor INTERNAL next-hop-self source-interface Loopback0

network 10.0.0.2/32

network 10.1.1.2/32

!

vrf v1

rd 1:1

route-target import evpn 1:1

route-target export evpn 1:1

neighbor 10.101.29.9 remote-as 65000

!

address-family ipv4

neighbor 10.101.29.9 activate

!

router traffic-engineering

flex-algo

flex-algo 128 lb1

administrative-group include all 1

!

router isis 1

net 49.0001.2222.2222.2222.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

no shutdown

adjacency-segment allocation sr-peers backup-eligible

flex-algo lb1 advertised


 

R3

hostname R3

!

spanning-tree mode mstp

!

vrf instance v1

!

interface Ethernet1

no switchport

ip address 10.0.34.3/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet2

no switchport

ip address 10.0.36.3/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet3

no switchport

ip address 10.0.13.3/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet4

no switchport

vrf v1

ip address 10.100.38.3/24

!

interface Loopback0

ip address 10.0.0.3/32

node-segment ipv4 index 1003

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.3/32

node-segment ipv4 index 13 flex-algo lb1

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.203/24

!

ip routing

ip routing vrf v1

!

ipv6 unicast-routing

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

maximum-paths 128

neighbor 10.0.0.1 remote-as 65100

neighbor 10.0.0.1 update-source Loopback0

neighbor 10.0.0.1 bfd

neighbor 10.0.0.1 rib-in pre-policy retain all

neighbor 10.0.0.1 send-community extended

neighbor 10.0.0.2 remote-as 65100

neighbor 10.0.0.2 update-source Loopback0

neighbor 10.0.0.2 bfd

neighbor 10.0.0.2 rib-in pre-policy retain all

neighbor 10.0.0.2 send-community extended

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor 10.0.0.1 activate

neighbor 10.0.0.2 activate

!

address-family ipv4 labeled-unicast

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 next-hop-self source-interface Loopback0

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 next-hop-self source-interface Loopback0

network 10.0.0.3/32

network 10.1.1.3/32

!

vrf v1

rd 1:1

route-target import 1:1

route-target import evpn 1:1

route-target export evpn 1:1

neighbor 10.100.38.8 remote-as 65001

!

address-family ipv4

neighbor 10.100.38.8 activate

!

router traffic-engineering

flex-algo

flex-algo 128 lb1

administrative-group include all 1

!

router isis 1

net 49.0001.3333.3333.3333.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

no shutdown

adjacency-segment allocation sr-peers backup-eligible

flex-algo lb1 level-2 advertised


 

R4

hostname R4

!

spanning-tree mode mstp

!

vlan 10

!

vrf instance v1

!

interface Ethernet1

no switchport

ip address 10.0.34.4/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet2

no switchport

ip address 10.0.45.4/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet3

no switchport

ip address 10.0.24.4/24

isis enable 1

isis bfd

isis network point-to-point

traffic-engineering administrative-group 1

!

interface Ethernet4

mtu 9164

switchport trunk allowed vlan 10

switchport mode trunk

!

evpn ethernet-segment

!

interface Loopback0

ip address 10.0.0.4/32

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.4/32

node-segment ipv4 index 14 flex-algo lb1

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.204/24

!

ip routing

ip routing vrf v1

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

maximum-paths 128

neighbor 10.0.0.1 remote-as 65100

neighbor 10.0.0.1 update-source Loopback0

neighbor 10.0.0.1 bfd

neighbor 10.0.0.1 rib-in pre-policy retain all

neighbor 10.0.0.1 send-community extended

neighbor 10.0.0.2 remote-as 65100

neighbor 10.0.0.2 update-source Loopback0

neighbor 10.0.0.2 bfd

neighbor 10.0.0.2 rib-in pre-policy retain all

neighbor 10.0.0.2 send-community extended

!

vlan-aware-bundle vrfv2

rd 2:2

route-target both 2:2

redistribute learned

vlan 10

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor 10.0.0.1 activate

neighbor 10.0.0.2 activate

!

address-family ipv4 labeled-unicast

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 next-hop-self source-interface Loopback0

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 next-hop-self source-interface Loopback0

network 10.0.0.4/32

network 10.1.1.4/32

!

vrf v1

rd 1:1

route-target import evpn 1:1

route-target export evpn 1:1

neighbor 10.101.48.8 remote-as 65001

!

address-family ipv4

neighbor 10.101.48.8 activate

!

router traffic-engineering

flex-algo

flex-algo 128 lb1

administrative-group include all 1

!

router isis 1

net 49.0001.4444.4444.4444.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

no shutdown

adjacency-segment allocation sr-peers backup-eligible

prefix-segment 10.0.0.4/32 index 1004

flex-algo lb1 level-2 advertised


 

R5

hostname R5

!

spanning-tree mode mstp

!

vlan 10

!

interface Ethernet1

no switchport

ip address 10.0.56.5/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet2

no switchport

ip address 10.0.45.5/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet3

no switchport

ip address 10.0.25.5/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet4

mtu 9164

switchport trunk allowed vlan 10

switchport mode trunk

!

evpn ethernet-segment

!

interface Loopback0

ip address 10.0.0.5/32

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.5/32

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.205/24

!

ip routing

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

maximum-paths 128

neighbor 10.0.0.1 remote-as 65100

neighbor 10.0.0.1 update-source Loopback0

neighbor 10.0.0.1 bfd

neighbor 10.0.0.1 rib-in pre-policy retain all

neighbor 10.0.0.1 send-community extended

neighbor 10.0.0.2 remote-as 65100

neighbor 10.0.0.2 update-source Loopback0

neighbor 10.0.0.2 bfd

neighbor 10.0.0.2 rib-in pre-policy retain all

neighbor 10.0.0.2 send-community extended

!

vlan-aware-bundle vrfv2

rd 2:2

route-target both 2:2

redistribute learned

vlan 10

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor 10.0.0.1 activate

neighbor 10.0.0.2 activate

!

address-family ipv4 labeled-unicast

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 next-hop-self source-interface Loopback0

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 next-hop-self source-interface Loopback0

network 10.0.0.5/32

network 10.1.1.5/32

!

router isis 1

net 49.0001.5555.5555.5555.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

no shutdown

adjacency-segment allocation sr-peers backup-eligible

prefix-segment 10.0.0.5/32 index 1005


 

R6

hostname R6

!

spanning-tree mode mstp

!

interface Ethernet1

no switchport

ip address 10.0.56.6/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet2

no switchport

ip address 10.0.36.6/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Ethernet3

no switchport

ip address 10.0.16.6/24

isis enable 1

isis bfd

isis network point-to-point

!

interface Loopback0

ip address 10.0.0.6/32

isis enable 1

isis passive

!

interface Loopback1

ip address 10.1.1.6/32

isis enable 1

isis passive

!

interface Management1

ip address 192.168.20.206/24

!

ip routing

!

mpls ip

!

mpls label range isis-sr 400000 10000

!

router bgp 65100

maximum-paths 128

neighbor 10.0.0.1 remote-as 65100

neighbor 10.0.0.1 update-source Loopback0

neighbor 10.0.0.1 bfd

neighbor 10.0.0.1 rib-in pre-policy retain all

neighbor 10.0.0.1 send-community extended

neighbor 10.0.0.2 remote-as 65100

neighbor 10.0.0.2 update-source Loopback0

neighbor 10.0.0.2 bfd

neighbor 10.0.0.2 rib-in pre-policy retain all

neighbor 10.0.0.2 send-community extended

!

address-family evpn

neighbor default encapsulation mpls next-hop-self source-interface Loopback0

neighbor 10.0.0.1 activate

neighbor 10.0.0.2 activate

!

address-family ipv4 labeled-unicast

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 next-hop-self source-interface Loopback0

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 next-hop-self source-interface Loopback0

network 10.0.0.6/32

network 10.1.1.6/32

!

router isis 1

net 49.0001.6666.6666.6666.00

is-type level-2

!

address-family ipv4 unicast

fast-reroute ti-lfa mode node-protection

!

segment-routing mpls

no shutdown

adjacency-segment allocation sr-peers backup-eligible

prefix-segment 10.0.0.6/32 index 1006

Recent Posts

See All

Tweaking the Cisco Nexus 9000 TCAM

In a recent project, I had the opportunity to work with something "new" yet familiar. During a customer data center (DC) refresh project,...

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating

@2024 All Contents are copyrighted

bottom of page