In this post we are going to modify the configuration that was pushed to the devices in part four. we are going to add a new VLAN and subnet to the each of the leaf switches. We do not have to update the python code. We just have to add the data to our yaml files, which in a production environment could be a database, an IPAM server for example.

Updated Topology

L3LS

We are going to add VLAN 200 to both leafs. With the VLAN interface ip address 10.1.200.1/24 for leaf-1 and 10.2.200.1/24 for leaf-2. We also have to update our route maps to allow the new subnets to be redistributed. Finally we need an access interface so that the vlan interface comes up.

We will start by adding VLAN 200 and the access interface configuration to leaf.yaml

leaf.yaml

---

vlans:
  - number: 100
    description: Servers1
  - number: 200
    description: Servers2
accessinterfaces:
  - number: 9
    switchport: access
    vlan: 100
  - number: 10
    switchport: access
    vlan: 200

  --snip--

Since this is a shared file, vlan 200 and the access ports will be created on both leaf switches. This is the desired behavior in my case, but the VLANs and/or access ports could always be filtered via an if statement or added to the individual host settings.

The other file we need to modify is hosts.yaml. We are going to add the vlan interfaces and modify the prefix lists.

hosts.yaml

---

--snip--

leaf-1:

--snip--

  routemaps:
    - name: ROUTE-MAP-OUT
      direction: out
  prefixlists:
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 10
      ip: 192.168.0.3/32
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 20
      ip: 172.16.0.0/16
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 30
      ip: 10.1.100.0/24
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 40
      ip: 10.1.200.0/24
  vlaninterfaces:
    - number: 100
      description: Servers1
      mtu: 9214
      ip: 10.1.100.1/24
      arptimeout: 900
    - number: 200
      description: Servers2
      ip: 10.1.200.1/24
      arptimeout: 900

leaf-2:

--snip--

  routemaps:
    - name: ROUTE-MAP-OUT
      direction: out
  prefixlists:
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 10
      ip: 192.168.0.4/32
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 20
      ip: 172.16.0.0/16
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 30
      ip: 10.2.100.0/24
    - name: PREFIX-LIST-OUT
      action: permit
      sequence: 40
      ip: 10.2.200.0/24
  vlaninterfaces:
    - number: 100
      description: Servers1
      mtu: 9214
      ip: 10.2.100.1/24
      arptimeout: 900
    - number: 200
      description: Servers2
      ip: 10.2.200.1/24
      arptimeout: 900

That is all we need to do. The template file created in part three will take care of adding the new data to the configuration candidate files when it loops through the yaml files.

Now when we run configureleafspine.py the following diffs are found and committed to the switches.

leaf-1 Diffs: 

@@ -23,6 +23,9 @@
 !
 vlan 100
    name Servers1
+!
+vlan 200
+   name Servers2
 !
 vrf definition management
 !
@@ -61,6 +64,10 @@
    spanning-tree bpduguard enable
 !
 interface Ethernet10
+   switchport access vlan 200
+   no snmp trap link-status
+   spanning-tree portfast
+   spanning-tree bpduguard enable
 !
 interface Ethernet11
 !
@@ -79,6 +86,11 @@
    ip address 10.1.100.1/24
    arp timeout 900
 !
+interface Vlan200
+   description Servers2
+   ip address 10.1.200.1/24
+   arp timeout 900
+!
 ip route vrf management 0.0.0.0/0 198.51.100.1
 !
 ip routing
@@ -87,6 +99,7 @@
 ip prefix-list PREFIX-LIST-OUT seq 10 permit 192.168.0.3/32
 ip prefix-list PREFIX-LIST-OUT seq 20 permit 172.16.0.0/16
 ip prefix-list PREFIX-LIST-OUT seq 30 permit 10.1.100.0/24
+ip prefix-list PREFIX-LIST-OUT seq 40 permit 10.1.200.0/24
 !
 route-map ROUTE-MAP-OUT permit 10
    match ip address prefix-list PREFIX-LIST-OUT
leaf-2 Diffs: 

@@ -23,6 +23,9 @@
 !
 vlan 100
    name Servers1
+!
+vlan 200
+   name Servers2
 !
 vrf definition management
 !
@@ -61,6 +64,10 @@
    spanning-tree bpduguard enable
 !
 interface Ethernet10
+   switchport access vlan 200
+   no snmp trap link-status
+   spanning-tree portfast
+   spanning-tree bpduguard enable
 !
 interface Ethernet11
 !
@@ -79,6 +86,11 @@
    ip address 10.2.100.1/24
    arp timeout 900
 !
+interface Vlan200
+   description Servers2
+   ip address 10.2.200.1/24
+   arp timeout 900
+!
 ip route vrf management 0.0.0.0/0 198.51.100.1
 !
 ip routing
@@ -87,6 +99,7 @@
 ip prefix-list PREFIX-LIST-OUT seq 10 permit 192.168.0.4/32
 ip prefix-list PREFIX-LIST-OUT seq 20 permit 172.16.0.0/16
 ip prefix-list PREFIX-LIST-OUT seq 30 permit 10.2.100.0/24
+ip prefix-list PREFIX-LIST-OUT seq 40 permit 10.2.200.0/24
 !
 route-map ROUTE-MAP-OUT permit 10
    match ip address prefix-list PREFIX-LIST-OUT
leaf-1#show ip route bgp 

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - Dhcp client installed default route

 B E    10.2.100.0/24 [20/0] via 172.16.0.1, Ethernet1
                             via 172.16.0.9, Ethernet2
 B E    10.2.200.0/24 [20/0] via 172.16.0.1, Ethernet1
                             via 172.16.0.9, Ethernet2
 B E    172.16.0.4/30 [20/0] via 172.16.0.9, Ethernet2
 B E    172.16.0.12/30 [20/0] via 172.16.0.1, Ethernet1
 B E    192.168.0.1/32 [20/0] via 172.16.0.1, Ethernet1
 B E    192.168.0.2/32 [20/0] via 172.16.0.9, Ethernet2
 B E    192.168.0.4/32 [20/0] via 172.16.0.1, Ethernet1
                              via 172.16.0.9, Ethernet2
leaf-2#show ip route bgp 

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - Dhcp client installed default route

 B E    10.1.100.0/24 [20/0] via 172.16.0.5, Ethernet1
                             via 172.16.0.13, Ethernet2
 B E    10.1.200.0/24 [20/0] via 172.16.0.5, Ethernet1
                             via 172.16.0.13, Ethernet2
 B E    172.16.0.0/30 [20/0] via 172.16.0.13, Ethernet2
 B E    172.16.0.8/30 [20/0] via 172.16.0.5, Ethernet1
 B E    192.168.0.1/32 [20/0] via 172.16.0.5, Ethernet1
 B E    192.168.0.2/32 [20/0] via 172.16.0.13, Ethernet2
 B E    192.168.0.3/32 [20/0] via 172.16.0.5, Ethernet1
                              via 172.16.0.13, Ethernet2

Looks like everything is working. Just to be sure.

leaf-1#ping 10.2.200.1 source 10.1.100.1
PING 10.2.200.1 (10.2.200.1) from 10.1.100.1 : 72(100) bytes of data.
80 bytes from 10.2.200.1: icmp_seq=1 ttl=63 time=24.2 ms
80 bytes from 10.2.200.1: icmp_seq=2 ttl=63 time=27.3 ms
80 bytes from 10.2.200.1: icmp_seq=3 ttl=63 time=25.9 ms
80 bytes from 10.2.200.1: icmp_seq=4 ttl=63 time=22.5 ms
80 bytes from 10.2.200.1: icmp_seq=5 ttl=63 time=20.4 ms

--- 10.2.200.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 100ms
rtt min/avg/max/mdev = 20.431/24.118/27.343/2.448 ms, pipe 2, ipg/ewma 25.198/2s

In the next part of the series we are going to add a new leaf switch. The code for this part can be found here.