Containerlab

cEOSでEVPN/MPLSネットワークを作る 今回はEVPN/MPLSのL2VPNを作ります。 EVPN/VXLANの時と同じように、netshootコンテナでPingを行い、L2リーチャビリティを確認します。 Arista EOSでのEVPN/MPLSの設定については既にこの方が詳しい情報を載せており、このページの作成に当たって大いに参考にさせていただきました。 構成 ※画像クリックで拡大できます トポロジやアンダーレイのプロトコルスタックはVXLANの時と変わりません。ホスト名はSpine, LeafからP, PEに変えています。 また、PルータとPEルータ間のネットワークを/31にしました。 コンフィグ 最終的にできあがったコンフィグは以下の通りです。 p-01 ! Startup-config last modified at Sat May 31 08:29:56 2025 by root ! device: p-01 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname p-01 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.1/31 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 no switchport ip address 192.168.1.3/31 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Loopback0 ip address 1.1.1.1/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.3/24 ipv6 address 3fff:172:20:20::3/64 ! ip routing no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! mpls ip ! mpls label range ospf-sr 16000 8000 mpls label range static 16 15984 ! router bgp 65001 router-id 1.1.1.1 no bgp default ipv4-unicast neighbor PE-RRCLIENTS peer group neighbor PE-RRCLIENTS remote-as 65001 neighbor PE-RRCLIENTS update-source Loopback0 neighbor PE-RRCLIENTS route-reflector-client neighbor PE-RRCLIENTS send-community extended neighbor 2.1.1.1 peer group PE-RRCLIENTS neighbor 2.1.1.2 peer group PE-RRCLIENTS ! address-family evpn neighbor PE-RRCLIENTS activate neighbor PE-RRCLIENTS encapsulation mpls ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 1.1.1.1 passive-interface Loopback0 max-lsa 12000 ! segment-routing mpls no shutdown prefix-segment 1.1.1.1/32 index 11 ! end pe-01 ! Startup-config last modified at Sat May 31 08:29:56 2025 by root ! device: pe-01 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname pe-01 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vlan 100 ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.0/31 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 switchport access vlan 100 ! interface Loopback0 ip address 2.1.1.1/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.2/24 ipv6 address 3fff:172:20:20::2/64 ! ip routing no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! mpls ip ! mpls label range ospf-sr 16000 8000 mpls label range static 16 15984 ! router bgp 65001 router-id 2.1.1.1 no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 65001 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 send-community extended ! vlan 100 rd 2.1.1.1:100 route-target both 65000:100 redistribute learned ! address-family evpn neighbor 1.1.1.1 activate neighbor 1.1.1.1 encapsulation mpls next-hop-self source-interface Loopback0 ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 2.1.1.1 passive-interface Loopback0 max-lsa 12000 ! segment-routing mpls no shutdown prefix-segment 2.1.1.1/32 index 21 ! end pe-02 ! Startup-config last modified at Sat May 31 08:29:56 2025 by root ! device: pe-02 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname pe-02 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vlan 100 ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.2/31 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 switchport access vlan 100 ! interface Loopback0 ip address 2.1.1.2/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.4/24 ipv6 address 3fff:172:20:20::4/64 ! ip routing no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! mpls ip ! mpls label range ospf-sr 16000 8000 mpls label range static 16 15984 ! router bgp 65001 router-id 2.1.1.2 no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 65001 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 send-community extended ! vlan 100 rd 2.1.1.2:100 route-target both 65000:100 redistribute learned ! address-family evpn neighbor 1.1.1.1 activate neighbor 1.1.1.1 encapsulation mpls next-hop-self source-interface Loopback0 ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 2.1.1.2 passive-interface Loopback0 max-lsa 12000 ! segment-routing mpls no shutdown prefix-segment 2.1.1.2/32 index 22 ! end 構築 containerlab 名前が変わった以外は、VXLANの時と同様です。 ...

cEOSでEVPN/VXLANネットワークを作る 前回はcontainerlabを使ってコンテナルータを動かすところまででしたが、今回からいよいよタイトル通りにネットワークを作っていきます。 Arista cEOSを使って、EVPN/VXLANによるL2VPNを作ります。 その後、Leafの下にnetshoot(alpine linux)コンテナを2つぶら下げ、同一ネットワークのIPアドレスを設定しL2疎通が可能になることを確認します。 構成 ※画像クリックで拡大できます ネットワーク構成について、トポロジはSpine 1台とLeaf 2台のCLOSネットワークとしました。 アンダーレイにはOSPFを使っています。 EVPN部分となるMP-BGPは、Spine、Leafとも同じASNとなるiBGPで構成しています。この場合、Spineはルートリフレクタとなります。 ちなみに、設定にあたり参考にしたサイトのConfig例で、SpineにはBGPを設定せずLeaf同士が直接BGPピアを張る設定があったのですが、SpineにBGPを設定しないのは一般的なんですかね？ 動作環境は前回と同じです。 Ubuntu 24.04 Docker 28.1.1 contaierlab 0.68.0 cEOS 4.34.0F コンフィグ 最終的にできあがったコンフィグは以下の通りです。 spine-01 ! Startup-config last modified at Sat May 17 05:57:25 2025 by root ! device: spine-01 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname spine-01 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.1/30 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 no switchport ip address 192.168.1.5/30 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Loopback0 ip address 1.1.1.1/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.3/24 ipv6 address 3fff:172:20:20::3/64 ! ip routing ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! router bgp 65001 router-id 1.1.1.1 no bgp default ipv4-unicast neighbor PE-RRCLIENTS peer group neighbor PE-RRCLIENTS remote-as 65001 neighbor PE-RRCLIENTS update-source Loopback0 neighbor PE-RRCLIENTS route-reflector-client neighbor PE-RRCLIENTS send-community extended neighbor 2.1.1.1 peer group PE-RRCLIENTS neighbor 2.1.1.2 peer group PE-RRCLIENTS ! address-family evpn neighbor PE-RRCLIENTS activate ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 1.1.1.1 passive-interface Loopback0 max-lsa 12000 ! end leaf-01 ! Startup-config last modified at Sat May 17 05:57:25 2025 by root ! device: leaf-01 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname leaf-01 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vlan 100 ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.2/30 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 switchport access vlan 100 ! interface Loopback0 ip address 2.1.1.1/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.6/24 ipv6 address 3fff:172:20:20::6/64 ! interface Vxlan1 vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vlan 100 vni 10100 ! ip routing ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! router bgp 65001 router-id 2.1.1.1 no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 65001 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 send-community extended ! vlan 100 rd 2.1.1.1:100 route-target both 100:10100 redistribute learned ! address-family evpn neighbor 1.1.1.1 activate ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 2.1.1.1 passive-interface Loopback0 max-lsa 12000 ! end leaf-02 ! Startup-config last modified at Sat May 17 05:57:25 2025 by root ! device: leaf-02 (cEOSLab, EOS-4.34.0F-41641815.4340F (engineering build)) ! no aaa root ! username admin privilege 15 role network-admin secret sha512 <REMOVED> ! management api http-commands no shutdown ! vrf MGMT no shutdown ! no service interface inactive port-id allocation disabled ! transceiver qsfp default-mode 4x10G ! service routing protocols model multi-agent ! hostname leaf-02 ! spanning-tree mode mstp ! system l1 unsupported speed action error unsupported error-correction action error ! vlan 100 ! vrf instance MGMT ! management api gnmi transport grpc default vrf MGMT ! management api netconf transport ssh default vrf MGMT ! interface Ethernet1 no switchport ip address 192.168.1.6/30 ip ospf network point-to-point ip ospf area 0.0.0.0 ! interface Ethernet2 switchport access vlan 100 ! interface Loopback0 ip address 2.1.1.2/32 ip ospf area 0.0.0.0 ! interface Management0 vrf MGMT ip address 172.20.20.4/24 ipv6 address 3fff:172:20:20::4/64 ! interface Vxlan1 vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vlan 100 vni 10100 ! ip routing ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 172.20.20.1 ! ipv6 route vrf MGMT ::/0 3fff:172:20:20::1 ! router bgp 65001 router-id 2.1.1.2 no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 65001 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 send-community extended ! vlan 100 rd 2.1.1.2:100 route-target both 100:10100 redistribute learned ! address-family evpn neighbor 1.1.1.1 activate ! router multicast ipv4 software-forwarding kernel ! ipv6 software-forwarding kernel ! router ospf 1 router-id 2.1.1.2 passive-interface Loopback0 max-lsa 12000 ! end 構築 containerlab まず、containerlabのトポロジファイルを作ってデプロイします。 cEOSを3台、netshootを2台定義します。 ...

はじめに containerlabでコンテナルータを並べ、EVPNによるL2VPNネットワークを構築します。 少しずつ進めます。 今回はまず、containerlab(clab)でコンテナルータを動かし、疎通を取るところまでやります。 環境 Ubuntu 24.04 Docker 28.1.1 contaierlab 0.68.0 cEOS 4.34.0F UbuntuはVMware Workstation Proの上に立てたVM。 Ubuntu 24.04は、OSインストールの時についでにDockerをインストールできるが、そこではインストールせずに get.docker.comからインストールスクリプトを落としてインストールした。 containerlabはここのページのquick setup scriptを実行してインストール。 containerlab環境構築 デプロイ まずcEOSをインポートする。cEOSは64bitバージョンを用意する。 $ docker import cEOS64-lab-4.34.0F.tar ceos:4.34.0F docker imagesコマンドでインポートしたコンテナイメージが見えるはず。 $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ceos 4.34.0F d57058cac628 21 seconds ago 2.49GB 次はトポロジファイルを作る。 cEOSを2つ並べ、1本のリンクを張るすごく単純な構成を取ります。 name: ceos-lab topology: kinds: ceos: image: ceos:4.34.0F nodes: ceos01: kind: ceos ceos02: kind: ceos links: - endpoints: ["ceos01:eth1", "ceos02:eth1"] コンテナイメージとトポロジファイルが用意できたら、下記コマンドでデプロイできる。 $ clab deploy -t ceos-lab.yaml 参考に実行時のログ。（一部文字化けしている箇所がある） ...