Source code
In the last post we built the underlay for the VXLAN topology below.
Topology
IP Addresses
Device
Interface
IP
<>
Device
Interface
IP
spine01
eth1
172.16.0.1/30<>
leaf01
eth1
172.16.0.2/30
spine01
eth2
172.16.0.5/30<>
leaf02
eth1
172.16.0.6/30
spine01
eth3
172.16.0.9/30<>
leaf03
eth1
172.16.0.10/30
spine01
eth4
172.16.0.13/30<>
leaf04
eth1
172.16.0.14/30
spine01
lo0
192.168.0.1/32
spine02
eth1
172.17.0.1/30<>
leaf01
eth2
172.17.0.2/30
spine02
eth2
172.17.0.5/30<>
leaf02
eth2
172.17.0.6/30
spine02
eth3
172.17.0.9/30<>
leaf03
eth2
172.17.0.10/30
spine02
eth4
172.17.0.13/30<>
leaf04
eth2
172.17.0.14/30
spine02
lo0
192.168.0.2/32
leaf01
po12
10.12.12.1/30<>
leaf02
po12
10.12.12.2/30
leaf01
lo0
192.168.1.1/32
leaf02
lo0
192.168.1.2/32
leaf03
lo0
192.168.1.3/32
leaf04
lo0
192.168.1.4/32
We are going add two vlans with layer 3 subnets to the overlay. We also need to add a loopback interface to act as the tunnel source interface. We will advertise this interface into BGP.
| Device | VLAN | Subnet | Interface | IP | VIP |
|---|---|---|---|---|---|
| leaf01 | 100 | 10.100.100.0/24 |
Vlan100 | 10.100.100.1 | 10.100.100.254 |
| leaf02 | 100 | 10.100.100.0/24 |
Vlan100 | 10.100.100.2 | 10.100.100.254 |
| leaf03 | 100 | 10.100.100.0/24 |
Vlan100 | 10.100.100.3 | 10.100.100.254 |
| leaf04 | 100 | 10.100.100.0/24 |
Vlan100 | 10.100.100.4 | 10.100.100.254 |
| leaf01 | 200 | 10.200.200.0/24 |
Vlan200 | 10.200.200.1 | 10.200.200.254 |
| leaf02 | 200 | 10.200.200.0/24 |
Vlan200 | 10.200.200.2 | 10.200.200.254 |
| leaf03 | 200 | 10.200.200.0/24 |
Vlan200 | 10.200.200.3 | 10.200.200.254 |
| leaf04 | 200 | 10.200.200.0/24 |
Vlan200 | 10.200.200.4 | 10.200.200.254 |
| leaf01 | - | 10.12.34.1/32 |
lo1 | 10.12.34.1 | - |
| leaf02 | - | 10.12.34.1/32 |
lo1 | 10.12.34.1 | - |
| leaf03 | - | 10.12.34.3/32 |
lo1 | 10.12.34.3 | - |
| leaf04 | - | 10.12.34.4/32 |
lo1 | 10.12.34.4 | - |
The changes to the host_vars since the last post are listed below.
leaf01.yml
---
--snip--
interfaces:
--snip--
# Start Overlay
- name: Loopback1
description: vni-source
ipv4: 10.12.34.1/32
shutdown: False
- name: Vxlan1
description: vti
shutdown: False
vnisource: Loopback1
vxlanvlan:
- vlan: 100
vni: 100
flood:
- 10.12.34.3
10.12.34.4
- vlan: 200
vni: 200
flood:
- 10.12.34.3
10.12.34.4
--snip---
bgp:
asn: 65001
routerid: 192.168.1.1
distance: 20 200 200
maxpaths: 2 ecmp 2
networks:
- 192.168.1.1/32
# Start Overlay
- 10.12.34.1/32
--snip--
leaf02.yml
---
--snip--
interfaces:
--snip--
# Start Overlay
- name: Loopback1
description: vni-source
ipv4: 10.12.34.1/32
shutdown: False
- name: Vxlan1
description: vti
shutdown: False
vnisource: Loopback1
vxlanvlan:
- vlan: 100
vni: 100
flood:
- 10.12.34.3
10.12.34.4
- vlan: 200
vni: 200
flood:
- 10.12.34.3
10.12.34.4
--snip---
bgp:
asn: 65001
routerid: 192.168.1.2
distance: 20 200 200
maxpaths: 2 ecmp 2
networks:
- 192.168.1.2/32
# Start Overlay
- 10.12.34.1/32
--snip--
leaf03.yml
---
--snip--
interfaces:
--snip--
# Start Overlay
- name: Loopback1
description: vni-source
ipv4: 10.12.34.3/32
shutdown: False
- name: Vxlan1
description: vti
shutdown: False
vnisource: Loopback1
vxlanvlan:
- vlan: 100
vni: 100
flood:
- 10.12.34.1
10.12.34.4
- vlan: 200
vni: 200
flood:
- 10.12.34.1
10.12.34.4
--snip---
bgp:
asn: 65002
routerid: 192.168.1.3
distance: 20 200 200
maxpaths: 2 ecmp 2
networks:
- 192.168.1.3/32
# Start Overlay
- 10.12.34.3/32
--snip--
leaf04.yml
---
--snip--
interfaces:
--snip--
# Start Overlay
- name: Loopback1
description: vni-source
ipv4: 10.12.34.4/32
shutdown: False
- name: Vxlan1
description: vti
shutdown: False
vnisource: Loopback1
vxlanvlan:
- vlan: 100
vni: 100
flood:
- 10.12.34.1
10.12.34.3
- vlan: 200
vni: 200
flood:
- 10.12.34.1
10.12.34.3
--snip---
bgp:
asn: 65003
routerid: 192.168.1.4
distance: 20 200 200
maxpaths: 2 ecmp 2
networks:
- 192.168.1.4/32
# Start Overlay
- 10.12.34.4/32
--snip--
We have to add the loopbacks to the prefixlist or they will not be advertised.
---
prefixlists:
- name: to-spines
seq: 10
action: permit
ipv4: 192.168.0.0/23
eq: 32
- name: to-spines
seq: 20
action: permit
ipv4: 172.16.0.0/23
eq: 30
- name: to-spines
seq: 30
action: permit
ipv4: 10.12.12.0/30
eq: 30
# Start Overlay
- name: to-spines
seq: 40
action: permit
ipv4: 10.12.34.0/24
eq: 32
There are only a few changes to the template.
eos-vxlan.j2
ip routing
!
--snip--
{% if interface.vnisource is defined %}
vxlan source-interface {{ interface.vnisource }}
{% endif -%}
{% if interface.vxlanvlan is defined %}
{% for vxvlan in interface.vxlanvlan %}
vxlan vlan {{ vxvlan.vlan }} vni {{ vxvlan.vni }}
{% if vxvlan.flood is defined %}
{% for vtep in vxvlan.flood %}
vxlan vlan {{ vxvlan.vlan }} flood vtep {{ vtep }}
{% endfor -%}
{% endif -%}
{% endfor -%}
{% endif -%}
!
--snip--
The playbook will not change at all.
vxlan-playbook.yml
---
- hosts: eos
gather_facts: no
tasks:
- name: Create configuration files
template:
src: "templates/{{ ansible_network_os }}-vxlan.j2"
dest: "configs/{{ inventory_hostname }}-vxlan.config"
tags:
- template
- name: Load configuration file
eos_config:
backup: yes
src: "configs/{{ inventory_hostname }}-vxlan.config"
defaults: true
save_when: modified
register: "{{ inventory_hostname }}"
tags:
- configpush
Running the playbook only changes the leafs.
netops@netserver:~/git/vxlanansible/ansible$ ansible-playbook vxlan-playbook.yml
PLAY [eos] *****************************************************************************************************
TASK [Create configuration files] ******************************************************************************
ok: [leaf01]
ok: [spine01]
ok: [leaf02]
ok: [leaf03]
ok: [spine02]
ok: [leaf04]
TASK [Load configuration file] *********************************************************************************
ok: [spine01]
ok: [spine02]
changed: [leaf03]
changed: [leaf02]
changed: [leaf01]
changed: [leaf04]
PLAY RECAP *****************************************************************************************************
leaf01 : ok=2 changed=1 unreachable=0 failed=0
leaf02 : ok=2 changed=1 unreachable=0 failed=0
leaf03 : ok=2 changed=1 unreachable=0 failed=0
leaf04 : ok=2 changed=1 unreachable=0 failed=0
spine01 : ok=2 changed=0 unreachable=0 failed=0
spine02 : ok=2 changed=0 unreachable=0 failed=0
Lets take a look at the config on leaf01 and leaf03 relevant to the overlay.
leaf01
!
vlan 100
name operations
!
vlan 200
name staff
!
interface Vlan100
description operations
ip address 10.100.100.1/24
no shutdown
ip virtual-router address 10.100.100.254
!
interface Vlan200
description staff
ip address 10.200.200.1/24
no shutdown
ip virtual-router address 10.200.200.254
!
interface Loopback1
description vni-source
ip address 10.12.34.1/32
no shutdown
!
interface Vxlan1
description vti
no shutdown
vxlan source-interface Loopback1
vxlan vlan 100 vni 100
vxlan vlan 100 flood vtep 10.12.34.3 10.12.34.4
vxlan vlan 200 vni 200
vxlan vlan 200 flood vtep 10.12.34.3 10.12.34.4
!
ip prefix-list to-spines seq 40 permit 10.12.34.0/24 eq 32
!
router bgp 65001
--snip--
network 10.12.34.1/32
!
leaf03
vlan 100
name operations
!
vlan 200
name staff
!
interface Vlan100
description operations
ip address 10.100.100.3/24
no shutdown
!
interface Vlan200
description staff
ip address 10.200.200.3/24
no shutdown
!
interface Loopback1
description vni-source
ip address 10.12.34.3/32
no shutdown
!
interface Vxlan1
description vti
no shutdown
vxlan source-interface Loopback1
vxlan vlan 100 vni 100
vxlan vlan 100 flood vtep 10.12.34.1 10.12.34.4
vxlan vlan 200 vni 200
vxlan vlan 200 flood vtep 10.12.34.1 10.12.34.4
!
ip virtual-router mac-address aa:00:bb:11:cc:22
!
ip prefix-list to-spines seq 10 permit 192.168.0.0/23 eq 32
!
router bgp 65002
--snip--
network 10.12.34.3/32
!
Now to test a few things.
leaf01#ping 10.100.100.3 repeat 1
PING 10.100.100.3 (10.100.100.3) 72(100) bytes of data.
80 bytes from 10.100.100.3: icmp_seq=1 ttl=64 time=50.6 ms
--- 10.100.100.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 50.609/50.609/50.609/0.000 ms
leaf01#show arp
Address Age (min) Hardware Addr Interface
172.16.0.1 N/A 5000.00d7.ee0b Ethernet1
172.17.0.1 N/A 5000.00cb.38c2 Ethernet2
10.100.100.3 N/A 5000.0015.f4e8 Vlan100, Vxlan1
10.100.100.4 N/A 5000.0072.8b31 Vlan100, not learned
10.12.12.2 N/A 5000.0003.3766 Vlan4094, Port-Channel12
Address Age (min) Hardware Addr Interface
172.16.0.9 N/A 5000.00d7.ee0b Ethernet1
172.17.0.9 N/A 5000.00cb.38c2 Ethernet2
10.100.100.1 N/A 5000.00d5.5dc0 Vlan100, Vxlan1
leaf03#ping 10.200.200.1 repeat 1
PING 10.200.200.1 (10.200.200.1) 72(100) bytes of data.
80 bytes from 10.200.200.1: icmp_seq=1 ttl=64 time=46.6 ms
--- 10.200.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 46.697/46.697/46.697/0.000 ms
leaf03#show vxlan address-table
Vxlan Mac Address Table
----------------------------------------------------------------------
VLAN Mac Address Type Prt VTEP Moves Last Move
---- ----------- ---- --- ---- ----- ---------
100 5000.00d5.5dc0 DYNAMIC Vx1 10.12.34.1 1 0:04:23 ago
200 5000.00d5.5dc0 DYNAMIC Vx1 10.12.34.1 1 0:00:43 ago
Total Remote Mac Addresses for this criterion: 2
Everything looks good. To me this is a really cool thing for those times you need to extend layer 2 or more likely are forced to. The full source code can be found here.