Merge pull request #506 from networkop/cvx04

New Cumulus Lab

Makefile

@@ -16,6 +16,10 @@ lint:
 clint:
 	docker run -it --rm -v $$(pwd):/app -w /app golangci/golangci-lint:v1.40.1 golangci-lint run -v
 
+.PHONY: docs
 docs:
 	docker run -v $$(pwd):/docs --entrypoint mkdocs squidfunk/mkdocs-material:7.1.8 build --clean --strict
 
+.PHONY: site
+site:
+	docker run -it --rm -p 8000:8000 -v $$(pwd):/docs squidfunk/mkdocs-material:7.1.8

docs/lab-examples/cvx04.md

@@ -0,0 +1,48 @@
+|                               |                                                                                          |
+| ----------------------------- | ---------------------------------------------------------------------------------------- |
+| **Description**               | Cumulus In The Cloud                                                                 |
+| **Components**                | [Cumulus Linux][cvx]                                                                     |
+| **Resource requirements**[^1] | :fontawesome-solid-microchip: 2 <br/>:fontawesome-solid-memory: 4 GB                     |
+| **Topology file**             | [symm-mh.yml][topo-mh] <br/>[symm-mlag.yml][topo-mlag]                                                                     |
+| **Name**                      | cvx04                                                                                    |
+| **Version information**[^2]   | `cvx:4.3.0` `docker-ce:19.03.13`                                                         |
+
+## Description
+The lab is a multi-node topology that consists of two racks with two dual-homed servers connected with a leaf-spine network.
+
+
+<div class="mxgraph" style="max-width:100%;border:1px solid transparent;margin:0 auto; display:block;" data-mxgraph="{&quot;page&quot;:2,&quot;zoom&quot;:1.5,&quot;highlight&quot;:&quot;#0000ff&quot;,&quot;nav&quot;:true,&quot;check-visible-state&quot;:true,&quot;resize&quot;:true,&quot;url&quot;:&quot;https://raw.githubusercontent.com/srl-labs/containerlab/diagrams/cvx.drawio&quot;}"></div>
+
+## Use cases
+This is a "Cumulus In The Cloud" topology designed to demonstrate some of the advanced features of Cumulus Linux. It is based on the [original CITC demo environment](https://www.nvidia.com/en-gb/networking/network-simulation/) with the only exception being the reduced number of spine switches (2 instead of 4). The topology can be spun up fully provisioned with the following two configuration options:
+
+1. [EVPN Multi-Homing](topo-mh) -- an EVPN-VXLAN environment with layer 2 extension, layer 3 VXLAN routing and VRFs for multi-tenancy that uses a multicast underlay for VXLAN packet replication and does not use MLAG or CLAG.
+2. [EVPN Symmetric Mode](topo-mlag) -- an EVPN-VXLAN environment with layer 2 extension, layer 3 VXLAN routing, VRFs for multi-tenancy and MLAG/CLAG for server multi-homing.
+
+## Instructions
+
+Each configuration option is provided in its own configuration file -- [`symm-mh.yml`](topo-mh) or [`symm-mlag.yml`](topo-mlag). See [instructions](/lab-examples/lab-examples/#how-to-deploy-a-lab-from-the-lab-catalog) for how to deploy a topology. 
+
+Once up, each node can be accessed via ssh using its hostname (automatically populated in your `/etc/hosts` file) and the default credentials `root/root`:
+
+```
+ssh root@clab-citc-leaf01
+Warning: Permanently added 'clab-citc-leaf01,192.168.223.3' (ECDSA) to the list of known hosts.
+root@clab-citc-leaf01's password:
+Linux 94992c82719f1172 4.19.0-cl-1-amd64 #1 SMP Cumulus 4.19.149-1+cl4.3u1 (2021-01-28) x86_64
+Last login: Fri Jul  9 13:35:48 2021 from 192.168.223.1
+root@94992c82719f1172:mgmt:~# 
+```
+
+!!!note
+    Due to the different boot order inside a container, BGPd may come up stuck waiting for IPv6 LLA of the peer. This issue only appears on the initial boot and can be fixed with the `vtysh -c 'clear ip bgp *` command.
+
+
+[cvx]: https://www.nvidia.com/en-gb/networking/ethernet-switching/cumulus-vx/
+[topo-mh]: https://github.com/srl-labs/containerlab/tree/master/lab-examples/cvx04/symm-mh.yml
+[topo-mlag]: https://github.com/srl-labs/containerlab/tree/master/lab-examples/cvx04/symm-mlag.yml
+
+[^1]: Resource requirements are provisional. Consult with the installation guides for additional information.
+[^2]: The lab has been validated using these versions of the required tools/components. Using versions other than stated might lead to a non-operational setup process.
+
+<script type="text/javascript" src="https://cdn.jsdelivr.net/gh/hellt/drawio-js@main/embed2.js" async></script>

docs/lab-examples/lab-examples.md

@@ -56,6 +56,16 @@ You are ready to deploy!
 containerlab deploy -t <topo-file>
 ```
 
+#### SSH access
+For nodes that come up with `ssh` enabled, the following lines can be added to the `~/.ssh/config` file on the containerlab host system to simplify access and prevent future ssh key warnings:
+
+```
+Host clab-*
+  User root
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+```
+
 ## Public clab catalogs
 As mentioned in the introduction of this article, the lab examples shipped with containerlab explain the features containerlab offers. The comprehensive lab examples are not part of containerlab installation as we want the community to own their work.
 

lab-examples/cvx04/README.md

@@ -0,0 +1,4 @@
+[Cumulus In The Cloud](https://www.nvidia.com/en-gb/networking/network-simulation/)
+
+`symm-mh` is symmetric EVPN with multi-homing and PIM-SM replication
+

lab-examples/cvx04/evpn-mh/border01/etc/frr/daemons

@@ -0,0 +1,86 @@
+# Ansible Managed File
+# This file tells the frr package which daemons to start.
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activating a daemon for the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+# The watchfrr, zebra and staticd daemons are always started.
+#
+bgpd=yes
+pimd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+ldpd=no
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+pbrd=no
+bfdd=no
+fabricd=no
+vrrpd=no
+
+#
+# If this option is set the /etc/init.d/frr script automatically loads
+# the config via "vtysh -b" when the servers are started.
+# Check /etc/pam.d/frr if you intend to use "vtysh"!
+#
+vtysh_enable=yes
+zebra_options="  -A 127.0.0.1 -s 90000000"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+ripd_options="   -A 127.0.0.1"
+ripngd_options=" -A ::1"
+isisd_options="  -A 127.0.0.1"
+pimd_options="   -A 127.0.0.1"
+ldpd_options="   -A 127.0.0.1"
+nhrpd_options="  -A 127.0.0.1"
+eigrpd_options=" -A 127.0.0.1"
+babeld_options=" -A 127.0.0.1"
+sharpd_options=" -A 127.0.0.1"
+pbrd_options="   -A 127.0.0.1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+fabricd_options="-A 127.0.0.1"
+vrrpd_options="  -A 127.0.0.1"
+
+# configuration profile
+#
+#frr_profile="traditional"
+#frr_profile="datacenter"
+
+#
+# This is the maximum number of FD's that will be available.
+# Upon startup this is read by the control files and ulimit
+# is called.  Uncomment and use a reasonable value for your
+# setup if you are expecting a large number of peers in
+# say BGP.
+#MAX_FDS=1024
+
+# The list of daemons to watch is automatically generated by the init script.
+#watchfrr_options=""
+
+# To make watchfrr create/join the specified netns, use the following option:
+#watchfrr_options="--netns"
+# This only has an effect in /etc/frr/<somename>/daemons, and you need to
+# start FRR with "/usr/lib/frr/frrinit.sh start <somename>".
+
+# for debugging purposes, you can specify a "wrap" command to start instead
+# of starting the daemon directly, e.g. to use valgrind on ospfd:
+#   ospfd_wrap="/usr/bin/valgrind"
+# or you can use "all_wrap" for all daemons, e.g. to use perf record:
+#   all_wrap="/usr/bin/perf record --call-graph -"
+# the normal daemon command is added to this at the end.

lab-examples/cvx04/evpn-mh/border01/etc/frr/frr.conf

@@ -0,0 +1,93 @@
+# Ansible Managed File
+frr defaults datacenter
+hostname border01
+log syslog informational
+zebra nexthop proto only
+service integrated-vtysh-config
+!
+ip pim rp 10.10.100.100 239.1.1.0/24
+ip pim ecmp
+ip pim keep-alive-timer 3600
+ip msdp mesh-group rpmesh source 10.10.10.63
+ip msdp mesh-group rpmesh member 10.10.10.64
+interface lo
+  ip igmp
+  ip pim
+  ip pim use-source 10.10.10.63
+interface swp51
+  evpn mh uplink
+  ip pim
+interface swp52
+  evpn mh uplink
+  ip pim
+interface swp53
+  evpn mh uplink
+  ip pim
+interface swp54
+  evpn mh uplink
+  ip pim
+interface bond1
+  evpn mh es-df-pref 50000
+  evpn mh es-id 1
+  evpn mh es-sys-mac 44:38:39:BE:EF:FF
+
+vrf mgmt
+ ip route 0.0.0.0/0 192.168.200.1
+ exit-vrf
+!
+vrf RED
+ vni 4001
+ ip route 10.1.30.0/24 10.1.101.4
+ exit-vrf
+!
+vrf BLUE
+ vni 4002
+ ip route 10.1.10.0/24 10.1.102.4
+ ip route 10.1.20.0/24 10.1.102.4
+ exit-vrf
+!
+!
+router bgp 65163
+ bgp router-id 10.10.10.63
+ neighbor underlay peer-group
+ neighbor underlay remote-as external
+ neighbor swp51 interface peer-group underlay
+ neighbor swp52 interface peer-group underlay
+ neighbor swp53 interface peer-group underlay
+ neighbor swp54 interface peer-group underlay
+ !
+ !
+ address-family ipv4 unicast
+  redistribute connected
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  neighbor underlay activate
+  advertise-all-vni
+ exit-address-family
+!
+router bgp 65163 vrf RED
+ bgp router-id 10.10.10.63
+ !
+ address-family ipv4 unicast
+  redistribute static
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise ipv4 unicast
+ exit-address-family
+!
+router bgp 65163 vrf BLUE
+ bgp router-id 10.10.10.63
+ !
+ address-family ipv4 unicast
+  redistribute static
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise ipv4 unicast
+ exit-address-family
+!
+!
+line vty
+!

lab-examples/cvx04/evpn-mh/border01/etc/network/interfaces

@@ -0,0 +1,125 @@
+# Ansible Managed File
+auto lo
+iface lo inet loopback
+    address 10.10.10.63/32
+    address 10.10.100.100/32
+    vxlan-local-tunnelip 10.10.10.63
+
+auto eth0
+iface eth0 inet dhcp
+    vrf mgmt
+
+auto mgmt
+iface mgmt
+  vrf-table auto
+  address 127.0.0.1/8
+  address ::1/128
+
+auto RED
+iface RED
+  vrf-table auto
+
+auto BLUE
+iface BLUE
+  vrf-table auto
+
+auto bridge
+iface bridge
+    bridge-ports vni101 vni102 vniRED vniBLUE bond1 
+    bridge-vids 101 102  
+    bridge-vlan-aware yes
+
+auto vni101
+iface vni101
+    bridge-access 101
+    vxlan-id 101
+    mstpctl-portbpdufilter yes
+    mstpctl-bpduguard yes
+    bridge-learning off
+    bridge-arp-nd-suppress on
+    vxlan-mcastgrp 239.1.1.101
+
+auto vni102
+iface vni102
+    bridge-access 102
+    vxlan-id 102
+    mstpctl-portbpdufilter yes
+    mstpctl-bpduguard yes
+    bridge-learning off
+    bridge-arp-nd-suppress on
+    vxlan-mcastgrp 239.1.1.102
+
+auto vniRED
+iface vniRED
+    bridge-access 4001
+    vxlan-id 4001
+    mstpctl-portbpdufilter yes
+    mstpctl-bpduguard yes
+    bridge-learning off
+    bridge-arp-nd-suppress on
+
+auto vniBLUE
+iface vniBLUE
+    bridge-access 4002
+    vxlan-id 4002
+    mstpctl-portbpdufilter yes
+    mstpctl-bpduguard yes
+    bridge-learning off
+    bridge-arp-nd-suppress on
+
+auto vlan101
+iface vlan101
+    address 10.1.101.64/24
+    address-virtual 00:00:00:00:00:01 10.1.101.1/24
+    vrf RED
+    vlan-raw-device bridge
+    vlan-id 101
+
+auto vlan102
+iface vlan102
+    address 10.1.102.64/24
+    address-virtual 00:00:00:00:00:02 10.1.102.1/24
+    vrf BLUE
+    vlan-raw-device bridge
+    vlan-id 102
+
+auto vlan4001
+iface vlan4001
+    hwaddress 44:38:39:BE:EF:FF
+    vrf RED
+    vlan-raw-device bridge
+    vlan-id 4001
+
+auto vlan4002
+iface vlan4002
+    hwaddress 44:38:39:BE:EF:FF
+    vrf BLUE
+    vlan-raw-device bridge
+    vlan-id 4002
+
+auto swp51
+iface swp51
+    alias to spine
+
+auto swp52
+iface swp52
+    alias to spine
+
+auto swp53
+iface swp53
+    alias to spine
+
+auto swp54
+iface swp54
+    alias to spine
+
+auto swp3
+iface swp3
+    alias bond member of bond1
+auto bond1
+iface bond1
+    bond-slaves swp3 
+    es-sys-mac 44:38:39:BE:EF:FF
+    bridge-vids 101 102
+    mtu 9000
+