{"id":37639106,"url":"https://github.com/dbono711/clab-crpd-evpn-vxlan","last_synced_at":"2026-01-16T11:14:15.894Z","repository":{"id":254626680,"uuid":"840790227","full_name":"dbono711/clab-crpd-evpn-vxlan","owner":"dbono711","description":"L3LS EVPN/VXLAN fabric using CONTAINERlab and cRPD","archived":false,"fork":false,"pushed_at":"2025-01-11T14:36:33.000Z","size":48,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-11T15:36:23.519Z","etag":null,"topics":["clab-topo"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dbono711.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-10T17:33:42.000Z","updated_at":"2025-01-11T14:36:36.000Z","dependencies_parsed_at":"2024-08-24T21:29:03.007Z","dependency_job_id":"a234dc75-611c-4f51-ad37-752a47d17236","html_url":"https://github.com/dbono711/clab-crpd-evpn-vxlan","commit_stats":null,"previous_names":["dbono711/clab-crpd-evpn-vxlan"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dbono711/clab-crpd-evpn-vxlan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbono711%2Fclab-crpd-evpn-vxlan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbono711%2Fclab-crpd-evpn-vxlan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbono711%2Fclab-crpd-evpn-vxlan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbono711%2Fclab-crpd-evpn-vxlan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dbono711","download_url":"https://codeload.github.com/dbono711/clab-crpd-evpn-vxlan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbono711%2Fclab-crpd-evpn-vxlan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478161,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clab-topo"],"created_at":"2026-01-16T11:14:15.230Z","updated_at":"2026-01-16T11:14:15.882Z","avatar_url":"https://github.com/dbono711.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# clab-crpd-evpn-vxlan\n\n## Overview\n\nA three-stage Layer 3 Leaf/Spine (L3LS) EVPN/VXLAN fabric using [CONTAINERlab](https://containerlab.dev/) and [cRPD](https://www.juniper.net/documentation/us/en/software/crpd/crpd-deployment/topics/concept/understanding-crpd.html) nodes to enable Layer 2 (intra-VNI) and Layer 3 (inter-VNI) connectivity between three clients, and a firewall.\n\n## Requirements\n\n- [CONTAINERlab](https://containerlab.dev/install/)\n - _The [CONTAINERlab](https://containerlab.dev/install/) installation guide outlines various installation methods. This lab assumes all [pre-requisites](https://containerlab.dev/install/#pre-requisites) (including Docker) are met and CONTAINERlab is installed via the [install script](https://containerlab.dev/install/#install-script)._\n- Docker cRPD [image](https://www.juniper.net/documentation/us/en/software/crpd/crpd-deployment/topics/task/crpd-linux-server-install.html#id-loading-the-crr-image) \u003e= 22.4R1-S2.1\n - Adjust the ```topology.kinds.crpd.image``` value in [setup.yml](setup.yml) to reflect the proper image and tag\n\n ```shell\n $ docker image ls | grep crpd\n crpd 22.4R1-S2.1 9ed0a701769a 14 months ago 546MB\n ```\n\n- A valid Juniper cRPD license key placed in a file called ```junos.lic``` at the root of the repository (same level as [setup.yml](setup.yml)).\n - **_NOTE: The features required by this lab will not function without a valid license installed on the cRPD nodes and therefore the Makefile will exit before even proceeding with setup if one is not detected. You can obtain a free evaluation license from [here](https://www.juniper.net/us/en/dm/crpd-free-trial.html)_**\n- Python 3\n\n## Topology\n\n```mermaid\ngraph TD\n spine01---west-leaf01\n spine01---west-leaf02\n spine01---east-leaf03\n spine01---border-leaf04\n spine02---west-leaf01\n spine02---west-leaf02\n spine02---east-leaf03\n spine02---border-leaf04\n firewall01---border-leaf04\n west-client1---west-leaf01\n west-client2---west-leaf02\n east-client3---east-leaf03\n```\n\n![Topology](images/topology.png)\n\n## Network Resources\n\n### IP Assignments\n\n_**NOTE**: The Overlay/VTEP assignments for spine01/spine02 are not actually implemented, or even required, since our VTEP's in this lab are on the leaf switches. The assignments are therefore just for consistency purposes_\n\n| Scope | Network | Sub-Network | Assignment | Name |\n| ------------------ | ------------- | ------------- | ------------- | ---------------------- |\n| Management | 10.0.0.0/24 | | 10.0.0.2/24 | spine01 |\n| Management | 10.0.0.0/24 | | 10.0.0.3/24 | spine02 |\n| Management | 10.0.0.0/24 | | 10.0.0.4/24 | west-leaf01 |\n| Management | 10.0.0.0/24 | | 10.0.0.5/24 | west-leaf02 |\n| Management | 10.0.0.0/24 | | 10.0.0.6/24 | east-leaf03 |\n| Management | 10.0.0.0/24 | | 10.0.0.7/24 | border-leaf04 |\n| Management | 10.0.0.0/24 | | 10.0.0.8/24 | firewall01 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.1/32 | spine01 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.2/32 | spine02 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.3/32 | west-leaf01 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.4/32 | west-leaf02 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.5/32 | east-leaf03 |\n| Router ID (lo0.0) | 10.1.0.0/24 | | 10.1.0.6/32 | border-leaf04 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.0/31 | 10.2.0.0/31 | spine01::west-leaf01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.0/31 | 10.2.0.1/31 | west-leaf01::spine01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.2/31 | 10.2.0.2/31 | spine01::west-leaf02 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.2/31 | 10.2.0.3/31 | west-leaf02::spine01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.4/31 | 10.2.0.4/31 | spine01::east-leaf03 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.4/31 | 10.2.0.5/31 | east-leaf03::spine01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.6/31 | 10.2.0.6/31 | spine01::border-leaf04 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.6/31 | 10.2.0.7/31 | border-leaf04::spine01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.8/31 | 10.2.0.8/31 | spine02::west-leaf01 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.8/31 | 10.2.0.9/31 | west-leaf01::spine02 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.10/31 | 10.2.0.10/31 | spine02::west-leaf02 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.10/31 | 10.2.0.11/31 | west-leaf02::spine02 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.12/31 | 10.2.0.12/31 | spine02::east-leaf03 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.12/31 | 10.2.0.13/31 | east-leaf03::spine02 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.14/31 | 10.2.0.14/31 | spine02::border-leaf04 |\n| P2P Links | 10.2.0.0/24 | 10.2.0.14/31 | 10.2.0.15/31 | border-leaf04::spine02 |\n\n### Underlay ASN Assignments\n\n| ASN | Device |\n| ----- | ------------- |\n| 65500 | spine01 |\n| 65501 | spine02 |\n| 65502 | west-leaf01 |\n| 65503 | west-leaf02 |\n| 65504 | east-leaf03 |\n| 65505 | border-leaf04 |\n\n### Overlay ASN Assignment\n\n| ASN | Device |\n| ----- | ------- |\n| 65555 | all |\n\n### VXLAN Segments (L2VNI)\n\n| vni | name | vlan | mac-vrf isolation | network | leaf | host | host ip | host gateway |\n| ----- | -------- | ---- | ----------------- | ------------- | -------------- | ------------- | ----------- | ---------------- |\n| 50101 | BLUE | 101 | vlan-based | 10.10.1.0/24 | west-leaf01 | west-client1 | 10.10.1.1 | 10.10.1.254 |\n| 50101 | BLUE | 101 | vlan-based | 10.10.1.0/24 | border-leaf04 | firewall01 | 10.10.1.254 | N/A |\n| 50102 | RED | 102 | vlan-based | 10.10.2.0/24 | west-leaf01 | west-client1 | 10.10.2.1 | 10.10.2.254 |\n| 50102 | RED | 102 | vlan-based | 10.10.2.0/24 | border-leaf04 | firewall01 | 10.10.2.254 | N/A |\n| 50103 | GREEN1 | 103 | vlan-aware | 10.10.3.0/24 | west-leaf02 | west-client2 | 10.10.3.1 | 10.10.3.254 |\n| 50103 | GREEN1 | 103 | vlan-aware | 10.10.3.0/24 | east-leaf03 | east-client3 | 10.10.3.2 | 10.10.3.254 |\n| 50104 | GREEN2 | 104 | vlan-aware | 10.10.4.0/24 | west-leaf02 | west-client2 | 10.10.4.1 | 10.10.4.254 |\n| 50104 | GREEN2 | 104 | vlan-aware | 10.10.4.0/24 | east-leaf03 | east-client3 | 10.10.4.2 | 10.10.4.254 |\n\n### VXLAN Tenants (L3VNI)\n\n| vni | name |\n| --- | ------------ |\n| 999 | GREEN-TENANT |\n\n## Deployment\n\nClone this repsoitory and start the lab\n\n```shell\ngit clone https://github.com/dbono711/clab-crpd-evpn-vxlan.git\ncd clab-crpd-evpn-vxlan\nmake all\n```\n\n**_NOTE: CONTAINERlab requires SUDO privileges in order to execute_**\n\n**_NOTE: As indicated in [Requirements](#requirements), a valid Juniper license file named ```junos.lic``` is required_**\n\n- Initializes the ```setup.log``` file\n- Creates the [CONTAINERlab network](setup.yml) based on the [topology definition](https://containerlab.dev/manual/topo-def-file/)\n - Apply's the ```config``` file from the respective ```spine``` and ```leaf``` folders on each cRPD node\n - This configuration is only meant to bootstrap the root authentication password and enable SSH\n- Apply's the cRPD license on each cRPD node\n- Loops through each client to execute the configuration SHELL scripts within the [clients](clients) folder\n - The script configures the clients Ethernet/VLAN interface connected to the leaf\n- Executes an Ansible playbook for configuring the fabric underlay, overlay, EVPN, \u0026 VXLAN on each cRPD node\n\n## Accessing the container SHELL\n\nThe container SHELL can be accessed by using the ```docker exec``` command, as follows:\n\n```docker exec -it \u003ccontainer\u003e bash```\n\nFor example, to access the SHELL on the ```spine01``` cRPD container\n\n```shell\n$ docker exec -it clab-crpd-evpn-vxlan-spine01 bash\nbash-5.1#\n```\n\n## Accessing the JUNOS CLI (via Docker)\n\nThe JUNOS CLI can be accessed by using the ```docker exec``` command, as follows:\n\n```docker exec -it \u003ccontainer\u003e cli```\n\nFor example, to access the JUNOS CLI via Docker on the ```spine01``` cRPD container\n\n```shell\n$ docker exec -it clab-crpd-evpn-vxlan-spine01 cli\nbash-5.1#\n```\n\n## Accessing the JUNOS CLI (via SSH)\n\nEach cRPD node also has an SSH port mapped in the [topology](setup.yml). In fact, this is how Ansible communicates with the cRPD nodes to configure them as part of the ```configure``` target in the [Makefile](Makefile).\n\n**Username:** root\n**Password:** clab123\n\nFor example, to access the JUNOS CLI via SSH on the ```spine01``` cRPD container\n\n```shell\n$ ssh -p 10022 root@10.0.0.2\nbash-5.1#\n```\n\n## Capturing packets\n\nHere is an example on how to capture packets directly on the host which CONTAINERlab is running\n\n```sudo ip netns exec clab-crpd-evpn-vxlan-west-leaf01 tcpdump -nni eth1```\n\nHere is an example on how to capture packets from a remote host, to the host which CONTAINERlab is running (Note that this example is piping directly to Wireshark which in my case is running on my MAC OS X host)\n\n```ssh [ containerlab host ] \"sudo -S ip netns exec [ containerlab container name ] tcpdump -nni eth1 -w -\" | /Applications/Wireshark.app/Contents/MacOS/Wireshark -k -i -```\n\n## Data Plane Validation\n\nThe [Makefile](Makefile) performs data plane validation by executing the [validate.py](validate.py) Python script which performs a PING from ```client``` to ```client2``` for validating Layer 2 (intra-VNI) connectivity, and a PING from ```client1``` to ```client3``` for validating Layer 3 (inter-VNI) connectivity, and thats it. The script therefore leaves plenty of room for more advanced validation such as parsing JSON output from the cRPD nodes, analyzing bridge fdb tables at the Linux level of the cRPD and client nodes, etc.\n\n## Cleanup\n\nStop the lab, tear down the CONTAINERlab containers\n\n```shell\nmake clean\n```\n\n## Logging\n\nAll activity is logged to a file called ```setup.log``` at the root of the repository.\n\n## Authors\n\n- Darren Bono - [darren.bono@att.net](mailto://darren.bono@att.net)\n\n## License\n\nThis project is licensed under the MIT License. See [LICENSE](LICENSE) for details\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbono711%2Fclab-crpd-evpn-vxlan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdbono711%2Fclab-crpd-evpn-vxlan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbono711%2Fclab-crpd-evpn-vxlan/lists"}