abusedbits.com: Leaf

Showing posts with label Leaf. Show all posts

Tuesday, April 19, 2016

LAN Physical to Overlay

It is terribly difficult to express the design elements of VxLAN technology in a single drawing. As seen in previous blogs, the elements of the physical construct of an ECMP (Equal-Cost Multi-Path) spine and leaf is astonishingly complex. These become represented in abstracted views of the total in graduations from quite simple to piece-by-piece elements in order to express their true nature.

Part of the problem is associated with these complexities, but having put together multiple descriptive models, it really is because the OVERLAY doesn't look anything like the physical design. Networkers got used to broadcast domains being associated with a wire. Then being associated with an L2 abstraction. Now networkers need to figure out how to represent the multiple levels of networking with additional L2-in-L3 tunnels.

It's also not as if this hasn't happened before. VPN drawings look much like VxLAN drawings, but in a VPN drawing, there may be one or a couple, in VxLAN there could be a lot more. Ultimately, the issue becomes how complex the drawing is to layer in all of the information.

Starting from the view of a Modern Platform for Enterprise (as opposed to public cloud), networkers need to connect particular security elements, network services, control plane services, backup, networking and platforms. Architecturally, the model looks very much like this.

Figure 1. Modern Platform

DC LAN (red) plays a dominant role in this platform architecture, providing connectivity from any element to any element within the construct. Be it a physical device, a virtual machine on a hypervisor or a container on an operating system.

Figure 2. Any to Any

It's not as simple as that though. The network attributes are overlaid on top of hardware, software and logical (or abstracted) networking mechanisms in this model. In this extremely simplified model, use case 1 is where the hypervisor communicates with another hypervisor (green) and use case 2 where the hypervisor communicates with a bare metal object. A third use case exists where a container communicates with hypervisor or hardware, but it's not used frequently yet in the Enterprise.

The VxLAN (Virtual eXtensible LAN) kernel module of the hypervisor (in this case VMware ESX) communicates through it's vSwitch to the physical medium, a network adapter on the physical machine. This is then passed to the physical switch to be passed in accordance to the VNI (Virtual Network Identifier) associated with the packets. In case 1, it is then picked up by the network card on the second physical host, working though the vSwitch to get to the virtual machine. In case 2, the endpoint is a VTEP (Virtual Tunnel EndPoint) where it is de-encapsulated from L3 to L2 to arrive at the physical server.

In both cases, two sets of interacting Control Planes, VMware NSX and Arista CVX provide the path information to instantiate the VxLAN tunnel.

Figure 3. VxLAN Delivery (gratuitous re-use from earlier blog)

Now, there needs to be a bold red blinking sign that states the network still exists, both in its physical and logical form. Herein lies the Spine-and-Leaf. It is similar to a Clos design (as in Charles Clos) that does have some oversubscription at different levels. Physically it utilizes the spine as a one hop transport route between all leaf nodes.

The concept though is quite simple. Scale out horizontally as large as possible. When that is exceeded, add another spine and make a 2 hop transport route. The Leaf nodes come in two basic flavors, one that provides transport access to hosts, the other leaf flavor provides Services. Services Leaf are used to establish specific service functions. The two examples shown here are WAN access with perimeter security Firewall and IP protocol based storage.

Moving from Brown to Green in this model should be relatively easy. Once the Spine and Leaf is established, legacy networks may be connected at a Leaf node to provide access utilizing the switch VTEP. It's an extra hop, but the latency in this network type is extremely low.

Figure 4. Spine and Leaf (high level)

Combining Figure 3 and Figure 4 is terribly problematic. It may not even be useful at large scale due to the enormous details necessary to show it in its entirety.

What networkers can do is abstract the drawing a bit. Pull it up from the physical layer. The view in Figure 5 is just such a drawing.

Utilizing Figure 4 as the groundwork (the physical) and "pulling up" the abstractions and overlays that reside on it.

In this scenario, the spine and each leaf are BGP Autonomous Systems. The first layer above the physical equipment is an IP network routed solely within the confines of the spine and leaf (Blue routers). Additionally, a VRF is run on the same structure to propagate a management network (Red routers) to all switches. It also acts as the distribution layer for any management switches deployed within the Leaf cabinets.

The VNI framework is then "pulled up" to the final level. This is the tunnel path.

Below the physical switch VTEP, an OVSDB (OpenVSwitch DataBase) is used to manage the interactions of all platform systems that are virtualized with, in this case, VMware NSX.

At and above the physical switch are the VTEP, managed by another OVSDB for all physical element connections not associated with VMware NSX. The control plane in this model is Arista CVX.

As in Diagram 3, the OVSDB (VMware) communicates with the OVSDB (Arista) to manage the entirety of the tunnel formation.

Figure 5. An high level view of the network from physical to overlay

In light of creating a view of the network that expresses as much as possible with the least amount of complexity, this drawing has proven to be quite good at showing as much as possible without making it impossible to follow.

If you use this model to describe your network, please do let me know how it turned out.

I'm interested in any other way you may have to show this type of information graphically. Please tweet them to @abusedbits or link them to my Google+.

Monday, November 9, 2015

Spine and Leaf Nodes

This drawing (or one resembling it) seems to keep popping up in Spine and Leaf discussions. This is an incomplete view of the mechanism of the art. The Spine and leaf architecture is certainly compelling for a variety of good reasons, not the least of which is a horizontal scaling model that far exceeds more traditional methods of networking.

See sdxcentral article

The actual story of this design model may actually much more interesting to the network developer. If this model were the sole construct of the network design, it wouldn't be, necessarily, special.

But if the design model indicated a requirement for redundancy in the Top of Rack (ToR) or if there was a special need physical configuration like a 3-cabinet-wide Logical Rack, those may also be supported by the Spine and Leaf Network model, fairly simply in the guise of a Leaf Node arrangement.

That's not all though. To scale above the reasonable size of a traditional network, it may be necessary to start thinking about the routing protocol, in order to avoid those pesky all encompassing broadcast domains, delivering what is largely L3 all the way down to the host.

Then topping it off with a healthy dose of the art of the possible, utilizing the routing protocol constructed in the previous model to create a delivery platform for logically isolated networks utilizing VxLAN. Also, when you get to this size, don't forget to add the Management Network VRF, need a way for those 1000's upon 1000's of physical systems to get back to the monitoring and management.

Hopefully you can recognize the original drawing in the last drawing. It's still there, but nothing like the switched network of old.

Tuesday, September 29, 2015

Top of Rack - higher speed, higher density

How energy dense do you want to make your rack.

Arista announces two new switches that certainly fit high density, high speed ToR models.

Loaded with QSFP100 and backward compatible all the way to....10Gbps.

100GbE, 40GbE, 4x10GbE, 4x25GbE or 2x 50GbE

New Arista Switches

The thing I find really interesting, because we all know port densities and bandwidth is guaranteed to grow anyway... but,

7W / port

Evidently Arista believes that electrical consumption is a sunk cost in servicing the workload....

So do I.

This really drives the concept of the "logical rack" the number of racks that can be covered by a pair of ToR switches in the Spine and Leaf architectural model.

Let's conduct a short breakdown on the 32 port unit.

~ 28 100GbE connections for hosts (so, 28 hosts in ~ 2 racks at 2U size)

~28 40GbE connections for hosts ( 28 hosts in ~ 2 racks at 2U size)

~112 10GbE or 25GbE connections for hosts (112 hosts in ~ 7 racks at 2U size)

~56 50GbE connections for hosts (56 hosts in ~ 4 racks at 2U size)

using a pair of ports for 100GbE uplink and a pair of ports for inner-Leaf connections (not including options with the SFP+ ports)

Makes for some very well connected hosts and at ~18kW / rack, some fairly dense commodity computing....

Tuesday, August 18, 2015

Arista CVX on VirtualBox

So, the next thing to do, set up CVX on Arista.

I'm setting Spine1 as the CVX manager.

configuration was quite simple thanks to Mo from Arista:

spine1(config)#cvx
spine1(config-‐cvx)#no shutdown

spine1(config)#management api http-‐commands
spine1(config-‐mgmt-‐api-‐http-‐cmds)#no shutdown
spine1(config-‐mgmt-‐api-‐http-‐cmds)#no protocol http
spine1(config-‐mgmt-‐api-‐http-‐cmds)#protocol https

Here's the drop in config for all of the other switches:

en
config t
management cvx
server host 10.0.0.251
no shutdown
end
wr

Logging back into the spine1 switch, here's the review.

spine1#sh cvx
CVX Server
Status: Enabled
UUID: c2b3cbbc-45ed-11e5-8814-080027f4b56b
Heartbeat interval: 20.0
Heartbeat timeout: 60.0

spine1#sh cvx connections
Switch 08:00:27:6d:13:80
Hostname: leaf1-sw01
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:12 ago
Clock offset: 252455.861674
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:89:cf:4d
Hostname: leaf2-sw03
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:15 ago
Clock offset: 253199.591905
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:a7:c7:17
Hostname: leaf1-sw02
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:18 ago
Clock offset: 252634.767828
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:cb:45:7c
Hostname: spine2 <-- Not sure I need it here, but still cool it worked
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:00 ago
Clock offset: -45.284555422
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:4d:ed:74
Hostname: leaf2-sw04
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:04 ago
Clock offset: 252439.728537
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:34:ea:a9
Hostname: leaf3-sw05
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:12 ago
Clock offset: 252796.489615
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)
Switch 08:00:27:30:57:3e
Hostname: leaf3-sw06
Status: up
Last heartbeat sent: 0:00:11 ago
Last heartbeat received: 0:00:02 ago
Clock offset: 435612.242123
Out-of-band connection: Not secured
In-band connection: Not secured (SSL not supported)

**********

If it doesn't work, verify lldp!

Verify you can ping around the loopbacks (make sure you source icmp)

Next opportunity, I'll mess with VxLAN a bit.

Monday, August 17, 2015

Current Environment - Arista Spine and Leaf on Virtualbox

Here's the current state of the topology. I'm having a problem getting past 192.168.1.2 (sw6-E6) in the model. This is a interface on the virtual network tied to the physical nic on the computer I'm using.

Glad I stopped messing with that to get the BGP working, but it's still nagging at me.

Leaf Switch Configurations - Arista Spine and Leaf on Virtualbox

Switch 1 - Configuration

leaf1-sw01>en

leaf1-sw01#sh run

! Command: show running-config

! device: leaf1-sw01 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf1-sw01

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$x5GKrbKk$azBM4Wlv3TzOQjcjeXOHJ.

vlan 101

vlan 2047

trunk group mlagL1-L2

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL1-L2

interface Ethernet1

no switchport

ip address 10.180.254.2/30

interface Ethernet2

no switchport

ip address 10.180.254.130/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 101

interface Loopback0

ip address 10.0.0.1/32

interface Management1

ip address 10.10.10.31/24

interface Vlan101

ip address 172.16.1.252/24

ip virtual-router address 172.16.1.254

interface Vlan2047

ip address 10.180.254.225/30

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL1-L2

local-interface Vlan2047

peer-address 10.180.254.226

peer-link Port-Channel1

router bgp 65101

maximum-paths 4 ecmp 128

neighbor 10.180.254.1 remote-as 65000

neighbor 10.180.254.1 maximum-routes 12000

neighbor 10.180.254.129 remote-as 65000

neighbor 10.180.254.129 maximum-routes 12000

neighbor 172.16.1.253 remote-as 65101

neighbor 172.16.1.253 maximum-routes 12000

network 10.0.0.1/32

network 10.180.254.0/24

network 172.16.1.0/24

end

leaf1-sw01#sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

C 10.0.0.1/32 is directly connected, Loopback0

B I 10.0.0.2/32 [200/0] via 172.16.1.253, Vlan101

B E 10.0.0.3/32 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

B E 10.0.0.4/32 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

B E 10.0.0.5/32 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

B E 10.0.0.6/32 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.0/30 is directly connected, Ethernet1

C 10.180.254.128/30 is directly connected, Ethernet2

C 10.180.254.224/30 is directly connected, Vlan2047

C 172.16.1.0/24 is directly connected, Vlan101

B E 172.16.2.0/24 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

B E 172.16.3.0/24 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

B E 192.168.1.0/24 [200/0] via 10.180.254.1, Ethernet1

via 10.180.254.129, Ethernet2

leaf1-sw01#

Switch 2 - Configuration

leaf1-sw02#sh run

! Command: show running-config

! device: leaf1-sw02 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf1-sw02

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$dgmrUK3G$GBhRaYnIvOzIOdgozc9Kb.

vlan 101

vlan 2047

trunk group mlagL1-L2

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL1-L2

interface Ethernet1

no switchport

ip address 10.180.254.6/30

interface Ethernet2

no switchport

ip address 10.180.254.134/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 101

interface Loopback0

ip address 10.0.0.2/32

interface Management1

ip address 10.10.10.32/24

interface Vlan101

ip address 172.16.1.253/24

ip virtual-router address 172.16.1.254

interface Vlan2047

ip address 10.180.254.226/30

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL1-L2

local-interface Vlan2047

peer-address 10.180.254.225

peer-link Port-Channel1

router bgp 65101

maximum-paths 4 ecmp 128

neighbor 10.180.254.5 remote-as 65000

neighbor 10.180.254.5 maximum-routes 12000

neighbor 10.180.254.133 remote-as 65000

neighbor 10.180.254.133 maximum-routes 12000

neighbor 172.16.1.252 remote-as 65101

neighbor 172.16.1.252 maximum-routes 12000

network 10.0.0.2/32

network 10.180.254.0/24

network 172.16.1.0/24

end

leaf1-sw02# sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B I 10.0.0.1/32 [200/0] via 172.16.1.252, Vlan101

C 10.0.0.2/32 is directly connected, Loopback0

B E 10.0.0.3/32 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B E 10.0.0.4/32 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B E 10.0.0.5/32 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B E 10.0.0.6/32 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.4/30 is directly connected, Ethernet1

C 10.180.254.132/30 is directly connected, Ethernet2

C 10.180.254.224/30 is directly connected, Vlan2047

C 172.16.1.0/24 is directly connected, Vlan101

B E 172.16.2.0/24 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B E 172.16.3.0/24 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

B E 192.168.1.0/24 [200/0] via 10.180.254.5, Ethernet1

via 10.180.254.133, Ethernet2

leaf1-sw02#

Switch 3 - configuration

leaf2-sw03>en

leaf2-sw03#sh run

! Command: show running-config

! device: leaf2-sw03 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf2-sw03

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$PQtScGLc$3eEJepRVOUEahC.wNveqG/

vlan 102

vlan 2048

trunk group mlagL3-L4

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL3-L4

interface Ethernet1

no switchport

ip address 10.180.254.10/30

interface Ethernet2

no switchport

ip address 10.180.254.138/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 102

interface Loopback0

ip address 10.0.0.3/32

interface Management1

ip address 10.10.10.33/24

interface Vlan102

ip address 172.16.2.252/24

ip virtual-router address 172.16.2.254

interface Vlan2048

ip address 10.180.254.229/30

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL3-L4

local-interface Vlan2048

peer-address 10.180.254.230

peer-link Port-Channel1

router bgp 65102

maximum-paths 4 ecmp 128

neighbor 10.180.254.9 remote-as 65000

neighbor 10.180.254.9 maximum-routes 12000

neighbor 10.180.254.137 remote-as 65000

neighbor 10.180.254.137 maximum-routes 12000

neighbor 172.16.2.253 remote-as 65102

neighbor 172.16.2.253 maximum-routes 12000

network 10.0.0.3/32

network 10.180.254.0/24

network 172.16.2.0/24

end

leaf2-sw03#sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

B E 10.0.0.1/32 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

B E 10.0.0.2/32 [200/0] via 10.180.254.9, Ethernet1

C 10.0.0.3/32 is directly connected, Loopback0

B E 10.0.0.5/32 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

B E 10.0.0.6/32 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.8/30 is directly connected, Ethernet1

C 10.180.254.136/30 is directly connected, Ethernet2

C 10.180.254.228/30 is directly connected, Vlan2048

B E 172.16.1.0/24 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

C 172.16.2.0/24 is directly connected, Vlan102

B E 172.16.3.0/24 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

B E 192.168.1.0/24 [200/0] via 10.180.254.9, Ethernet1

via 10.180.254.137, Ethernet2

leaf2-sw03#

Switch4 - configuration

leaf2-sw04>en

leaf2-sw04#sh run

! Command: show running-config

! device: leaf2-sw04 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf2-sw04

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$w/eAcrc6$V//ELJ..C40cf7I1kYpfH1

vlan 102-103

vlan 2048

trunk group mlagL3-L4

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL3-L4

interface Ethernet1

no switchport

ip address 10.180.254.14/30

interface Ethernet2

no switchport

ip address 10.180.254.142/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 102

interface Loopback0

ip address 10.0.0.4/32

interface Management1

ip address 10.10.10.34/24

interface Vlan103

ip address 172.16.2.253/24

ip virtual-router address 172.16.2.254

interface Vlan2048

ip address 10.180.254.230/30

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL3-L4

local-interface Vlan2048

peer-address 10.180.254.229

peer-link Port-Channel1

router bgp 65102

maximum-paths 4 ecmp 128

neighbor 10.180.254.13 remote-as 65000

neighbor 10.180.254.13 maximum-routes 12000

neighbor 10.180.254.141 remote-as 65000

neighbor 10.180.254.141 maximum-routes 12000

neighbor 172.16.2.252 remote-as 65102

neighbor 172.16.2.252 maximum-routes 12000

network 10.0.0.4/32

network 10.180.254.0/24

network 172.16.2.0/24

end

leaf2-sw04# sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

B E 10.0.0.1/32 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

B E 10.0.0.2/32 [200/0] via 10.180.254.13, Ethernet1

C 10.0.0.4/32 is directly connected, Loopback0

B E 10.0.0.5/32 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

B E 10.0.0.6/32 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.12/30 is directly connected, Ethernet1

C 10.180.254.140/30 is directly connected, Ethernet2

C 10.180.254.228/30 is directly connected, Vlan2048

B E 172.16.1.0/24 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

C 172.16.2.0/24 is directly connected, Vlan103

B E 172.16.3.0/24 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

B E 192.168.1.0/24 [200/0] via 10.180.254.13, Ethernet1

via 10.180.254.141, Ethernet2

leaf2-sw04#

Switch5 - configuration

leaf3-sw05#sh run

! Command: show running-config

! device: leaf3-sw05 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf3-sw05

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$lXq5jGZ7$dKqbUEZ4amFlNDjwOb40k.

vlan 103

vlan 2049

trunk group mlagL5-L6

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL5-L6

interface Ethernet1

no switchport

ip address 10.180.254.18/30

interface Ethernet2

no switchport

ip address 10.180.254.146/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 103

interface Ethernet6

interface Loopback0

ip address 10.0.0.5/32

interface Management1

ip address 10.10.10.35/24

interface Vlan103

ip address 172.16.3.252/24

ip virtual-router address 172.16.3.254

interface Vlan2049

ip address 10.180.254.233/30

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL5-L6

local-interface Vlan2049

peer-address 10.180.254.234

peer-link Port-Channel1

router bgp 65103

maximum-paths 4 ecmp 128

neighbor 10.180.254.17 remote-as 65000

neighbor 10.180.254.17 maximum-routes 12000

neighbor 10.180.254.145 remote-as 65000

neighbor 10.180.254.145 maximum-routes 12000

neighbor 172.16.3.253 remote-as 65103

neighbor 172.16.3.253 maximum-routes 12000

network 10.0.0.5/32

network 10.180.254.0/24

network 172.16.3.0/24

end

leaf3-sw05#sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 172.16.3.253, Vlan103

B E 10.0.0.1/32 [200/0] via 10.180.254.17, Ethernet1

via 10.180.254.145, Ethernet2

B E 10.0.0.2/32 [200/0] via 10.180.254.17, Ethernet1

B E 10.0.0.3/32 [200/0] via 10.180.254.17, Ethernet1

via 10.180.254.145, Ethernet2

B E 10.0.0.4/32 [200/0] via 10.180.254.17, Ethernet1

via 10.180.254.145, Ethernet2

C 10.0.0.5/32 is directly connected, Loopback0

B I 10.0.0.6/32 [200/0] via 172.16.3.253, Vlan103

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.16/30 is directly connected, Ethernet1

C 10.180.254.144/30 is directly connected, Ethernet2

C 10.180.254.232/30 is directly connected, Vlan2049

B E 172.16.1.0/24 [200/0] via 10.180.254.17, Ethernet1

via 10.180.254.145, Ethernet2

B E 172.16.2.0/24 [200/0] via 10.180.254.17, Ethernet1

via 10.180.254.145, Ethernet2

C 172.16.3.0/24 is directly connected, Vlan103

B I 192.168.1.0/24 [200/0] via 172.16.3.253, Vlan103

leaf3-sw05#

Switch6 - configuration

leaf3-sw06>en

leaf3-sw06#sh run

! Command: show running-config

! device: leaf3-sw06 (vEOS, EOS-4.15.0F)

! boot system flash:/vEOS-lab.swi

transceiver qsfp default-mode 4x10G

hostname leaf3-sw06

spanning-tree mode mstp

no aaa root

username arista privilege 15 secret 5 $1$9CoSDfo7$P9IyaxO7Ortb6FBkh93Rc/

vlan 103

vlan 2049

trunk group mlagL5-L6

interface Port-Channel1

switchport mode trunk

switchport trunk group mlagL5-L6

interface Ethernet1

no switchport

ip address 10.180.254.22/30

interface Ethernet2

no switchport

ip address 10.180.254.150/30

interface Ethernet3

channel-group 1 mode active

interface Ethernet4

channel-group 1 mode active

interface Ethernet5

switchport access vlan 103

interface Ethernet6

interface Loopback0

ip address 10.0.0.6/32

interface Management1

ip address 10.10.10.36/24

interface Vlan1

ip address 192.168.1.2/24

interface Vlan103

ip address 172.16.3.253/24

ip virtual-router address 172.16.3.254

interface Vlan2049

ip address 10.180.254.234/30

ip route 0.0.0.0/0 Ethernet6

ip route 0.0.0.0/0 192.168.1.254

ip routing

mlag configuration

domain-id mlagL5-L6

local-interface Vlan2049

peer-address 10.180.254.233

peer-link Port-Channel1

router bgp 65103

maximum-paths 4 ecmp 128

neighbor 10.180.254.21 remote-as 65000

neighbor 10.180.254.21 maximum-routes 12000

neighbor 10.180.254.149 remote-as 65000

neighbor 10.180.254.149 maximum-routes 12000

neighbor 172.16.3.252 remote-as 65103

neighbor 172.16.3.252 maximum-routes 12000

network 10.0.0.6/32

network 10.180.254.0/24

network 172.16.3.0/24

network 192.168.1.0/24

end

leaf3-sw06# sh ip route

VRF name: default

Codes: C - connected, S - static, K - kernel,

O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,

E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,

R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,

NG - Nexthop Group Static Route

Gateway of last resort:

S 0.0.0.0/0 [1/0] via 192.168.1.254, Vlan1

B E 10.0.0.1/32 [200/0] via 10.180.254.21, Ethernet1

via 10.180.254.149, Ethernet2

B E 10.0.0.2/32 [200/0] via 10.180.254.21, Ethernet1

B E 10.0.0.3/32 [200/0] via 10.180.254.21, Ethernet1

via 10.180.254.149, Ethernet2

B E 10.0.0.4/32 [200/0] via 10.180.254.21, Ethernet1

via 10.180.254.149, Ethernet2

B I 10.0.0.5/32 [200/0] via 172.16.3.252, Vlan103

C 10.0.0.6/32 is directly connected, Loopback0

C 10.10.10.0/24 is directly connected, Management1

C 10.180.254.20/30 is directly connected, Ethernet1

C 10.180.254.148/30 is directly connected, Ethernet2

C 10.180.254.232/30 is directly connected, Vlan2049

B E 172.16.1.0/24 [200/0] via 10.180.254.21, Ethernet1

via 10.180.254.149, Ethernet2

B E 172.16.2.0/24 [200/0] via 10.180.254.21, Ethernet1

via 10.180.254.149, Ethernet2

C 172.16.3.0/24 is directly connected, Vlan103

C 192.168.1.0/24 is directly connected, Vlan1

leaf3-sw06#