/home/pipi/.local/lib/python3.10/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "cipher": algorithms.TripleDES, /home/pipi/.local/lib/python3.10/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "class": algorithms.TripleDES, [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details [WARNING]: Could not match supplied host pattern, ignoring: unprovisioned [WARNING]: Found variable using reserved name: hosts PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find device readiness script] ******************************************** ok: [h1] ok: [h2] ok: [h4] ok: [h3] ok: [s1] ok: [s2] TASK [Wait for device to become ready] ***************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/vjunos-switch-clab.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/eos-clab.yml for s2 TASK [Wait for SSH server] ***************************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/vm-clab-ssh-check.yml for s1 TASK [Check if 'sshpass' is installed] ***************************************** ok: [s1 -> localhost] TASK [Check for 'timeout' command] ********************************************* ok: [s1 -> localhost] TASK [Execute local ssh command to check vjunos-switch readiness] ************** FAILED - RETRYING: [s1 -> localhost]: Execute local ssh command to check vjunos-switch readiness (40 retries left). FAILED - RETRYING: [s1 -> localhost]: Execute local ssh command to check vjunos-switch readiness (39 retries left). FAILED - RETRYING: [s1 -> localhost]: Execute local ssh command to check vjunos-switch readiness (38 retries left). ok: [s1 -> localhost] TASK [Confirm s1 SSH server works] ********************************************* ok: [s1] => msg: Node s1 is ready. TASK [Wait for ge-0/0/0 interface] ********************************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/vjunos-switch.yml for s1 TASK [Wait for ge-0/0/0 to appear] ********************************************* ok: [s1] TASK [Wait for cEOS SSH daemon to start] *************************************** ok: [s2] TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for normalize] ******************************* ok: [h1] ok: [h2] ok: [h4] ok: [h3] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for normalize] *************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] ok: [s2] => msg: |- normalize configuration for s2 ========================================= ! interface Ethernet1 shutdown mac-address 52dc.cafe.0601 ! interface Ethernet2 shutdown mac-address 52dc.cafe.0602 ! interface Ethernet3 shutdown mac-address 52dc.cafe.0603 TASK [Deploy normalize configuration] ****************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [eos_config: deploying normalize from /home/pipi/netlab_gh/netsim/ansible/templates/normalize/eos.j2] *** [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation changed: [s2] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for initial] ********************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for initial] ***************** ok: [h1] ok: [h2] ok: [h4] ok: [h3] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** ok: [h1] => msg: |- initial configuration for h1 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.1/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.1/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h2] => msg: |- initial configuration for h2 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.2/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.2/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h3] => msg: |- initial configuration for h3 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.3/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.3/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h4] => msg: |- initial configuration for h4 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.4/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.4/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [s2] => msg: |- initial configuration for s2 ========================================= hostname s2 ! logging monitor debugging aaa authorization exec default local ! lldp run ip routing no ipv6 unicast-routing ! vrf instance tenant rd 65000:1 ! ! ip host h1 172.31.1.1 ip host h2 172.31.1.2 ip host h3 172.31.1.3 ip host h4 172.31.1.4 ip host s1 10.0.0.5 10.1.0.1 ! interface Management0 no lldp transmit no lldp receive ! interface Loopback0 ip address 10.0.0.6/32 ! interface Ethernet1 no switchport mtu 1600 description s2 -> s1 ip address 10.1.0.2/30 ! mac-address 52dc.cafe.0601 no shutdown ! interface Ethernet2 no switchport description [Access VLAN red] s2 -> h2 ! mac-address 52dc.cafe.0602 no shutdown ! interface Ethernet3 no switchport description [Access VLAN blue] s2 -> h4 ! mac-address 52dc.cafe.0603 no shutdown ! interface Vlan1000 vrf tenant description VLAN red (1000) -> [h1,s1,h2] ! interface Vlan1001 vrf tenant description VLAN blue (1001) -> [h3,s1,h4] ! ok: [s1] => msg: |- initial configuration for s1 ========================================= system { host-name s1; static-host-mapping { h1 inet 172.31.1.1; h2 inet 172.31.1.2; h3 inet 172.31.1.3; h4 inet 172.31.1.4; s2 inet 10.0.0.6; } } policy-options { community tg_65000_1 members target:65000:1; } policy-options { policy-statement vrf-tenant-rt-export { term 1 { then { community add tg_65000_1; accept; } } } policy-statement vrf-tenant-rt-import { term 1 { from community [ tg_65000_1 ]; then accept; } term default { then reject; } } } routing-instances { tenant { instance-type vrf; route-distinguisher 65000:1; vrf-import vrf-tenant-rt-import; vrf-export vrf-tenant-rt-export; routing-options { auto-export; } interface irb.1000; interface irb.1001; } } interfaces { } interfaces { ge-0/0/0 { mtu 1614; } ge-0/0/1 { mtu 1514; } ge-0/0/2 { mtu 1514; } lo0.0 { family inet { address 10.0.0.5/32; } } ge-0/0/0.0 { description "s1 -> s2"; family inet { address 10.1.0.1/30; } } ge-0/0/1.0 { description "[Access VLAN red] s1 -> h1"; } ge-0/0/2.0 { description "[Access VLAN blue] s1 -> h3"; } irb.1000 { description "VLAN red (1000) -> [h1,h2,s2]"; } irb.1001 { description "VLAN blue (1001) -> [h3,h4,s2]"; } } protocols { lldp { interface fxp0 { disable; } interface all; } } TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h4] ok: [h3] TASK [Create a temporary file for the rendered script] ************************* changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h4 -> localhost] changed: [h3 -> localhost] TASK [Create container setup script from /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2] *** changed: [h1 -> localhost] changed: [h3 -> localhost] changed: [h2 -> localhost] changed: [h4 -> localhost] TASK [Copy script into running container at /tmp/config-h1_initial.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Execute /tmp/config-h1_initial.sh to deploy initial config based on /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Container configuration for initial based on /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2 executed in netns] *** changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h1 -> localhost] changed: [h4 -> localhost] TASK [Remove temporary file /tmp/h1_initial-1xyorx9o.sh] *********************** changed: [h3 -> localhost] changed: [h1 -> localhost] changed: [h4 -> localhost] changed: [h2 -> localhost] TASK [junos_config: deploying initial from /home/pipi/netlab_gh/netsim/ansible/templates/initial/junos.j2] *** [WARNING]: mgd: statement has no contents; ignored changed: [s1] TASK [eos_config: deploying initial from /home/pipi/netlab_gh/netsim/ansible/templates/initial/eos.j2] *** changed: [s2] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=vlan) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=routing) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=ospf) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=bgp) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=vrf) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=vxlan) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1, s2 => (item=evpn) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for vlan] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for vlan] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s2] => msg: |- vlan configuration for s2 ========================================= vlan 1000 name red ! vlan 1001 name blue ! ! interface Ethernet2 switchport switchport access vlan 1000 ! interface Ethernet3 switchport switchport access vlan 1001 ! interface Vlan1000 ! interface Vlan1001 ok: [s1] => msg: |- vlan configuration for s1 ========================================= vlans { red { vlan-id 1000; } blue { vlan-id 1001; } } interfaces { ge-0/0/1.0 { family ethernet-switching { vlan { members red; } } } ge-0/0/2.0 { family ethernet-switching { vlan { members blue; } } } } TASK [Deploy vlan configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying vlan from /home/pipi/netlab_gh/netsim/ansible/templates/vlan/vjunos-switch.j2] *** changed: [s1] TASK [eos_config: deploying vlan from /home/pipi/netlab_gh/netsim/ansible/templates/vlan/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module routing on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for routing] ********************************* ok: [h1] skipping: [s1] skipping: [s2] ok: [h2] ok: [h3] ok: [h4] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for routing] ***************** skipping: [s1] ok: [h1] skipping: [s2] ok: [h2] ok: [h3] ok: [h4] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [s1] ok: [h1] => msg: |- routing configuration for h1 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h2] => msg: |- routing configuration for h2 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route skipping: [s2] ok: [h4] => msg: |- routing configuration for h4 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h3] => msg: |- routing configuration for h3 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route TASK [Deploy routing configuration] ******************************************** skipping: [s1] skipping: [s2] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4 TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h4] ok: [h3] TASK [Create a temporary file for the rendered script] ************************* changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h1 -> localhost] changed: [h4 -> localhost] TASK [Create container setup script from /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] TASK [Copy script into running container at /tmp/config-h1_routing.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Execute /tmp/config-h1_routing.sh to deploy routing config based on /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Container configuration for routing based on /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2 executed in netns] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] TASK [Remove temporary file /tmp/h1_routing-ybeqhzcw.sh] *********************** changed: [h1 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] changed: [h2 -> localhost] TASK [Figure out whether to deploy the module ospf on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for ospf] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for ospf] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] => msg: |- ospf configuration for s1 ========================================= routing-options { router-id 10.0.0.5 } protocols { delete: ospf; } protocols { ospf { area 0.0.0.0 { interface lo0.0 { } } area 0.0.0.0 { interface ge-0/0/0.0 { interface-type p2p; } } } } ok: [s2] => msg: |- ospf configuration for s2 ========================================= ! ! OSPFv2 configuration ! router ospf 1 router-id 10.0.0.6 interface unnumbered hello mask tx 0.0.0.0 timers spf delay initial 100 200 500 timers lsa rx min interval 100 timers lsa tx delay initial 100 200 500 ! interface Loopback0 ! ip ospf area 0.0.0.0 ! interface Ethernet1 ! s2 -> s1 ip ospf area 0.0.0.0 ip ospf network point-to-point ! TASK [Deploy ospf configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying ospf from /home/pipi/netlab_gh/netsim/ansible/templates/ospf/junos.j2] *** [WARNING]: statement not found changed: [s1] TASK [eos_config: deploying ospf from /home/pipi/netlab_gh/netsim/ansible/templates/ospf/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module bgp on current device] *********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for bgp] ************************************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for bgp] ********************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s2] => msg: |- bgp configuration for s2 ========================================= ! route-map next-hop-self-ipv4 permit 10 match route-type external set ip next-hop peer-address ! route-map next-hop-self-ipv4 permit 20 ! ! router bgp 65000 bgp advertise-inactive bgp log-neighbor-changes no bgp default ipv4-unicast no bgp default ipv6-unicast router-id 10.0.0.6 ! neighbor 10.0.0.5 remote-as 65000 neighbor 10.0.0.5 description s1 neighbor 10.0.0.5 update-source Loopback0 neighbor 10.0.0.5 send-community standard extended large ! ! address-family ipv4 network 10.0.0.6/32 ! ! ! neighbor 10.0.0.5 activate neighbor 10.0.0.5 route-map next-hop-self-ipv4 out ! ok: [s1] => msg: |- bgp configuration for s1 ========================================= routing-options { autonomous-system 65000; router-id 10.0.0.5 } policy-options community x-route-permit-mark members large:65535:0:65536; policy-options { delete: policy-statement bgp-advertise; delete: policy-statement bgp-redistribute; delete: route-filter-list bgp-announce; } policy-options { route-filter-list bgp-announce { } policy-statement next-hop-self { term next-hop-self { from { route-type external; } then { next-hop self; } } } policy-statement bgp-advertise { term advertise { from { protocol direct; interface [ lo0.0 ]; } then { community add x-route-permit-mark; next policy; } } term originate { from { protocol static; route-filter-list bgp-announce; } then { community add x-route-permit-mark; next policy; } } } policy-statement bgp-redistribute { term redis_bgp { from protocol bgp; then { community add x-route-permit-mark; next policy; } } } policy-statement bgp-final { term final-option { from community x-route-permit-mark; then { community delete x-route-permit-mark; accept; } } term default-reject { then reject; } } policy-statement bgp-initial { term initial-cleanup { from community x-route-permit-mark; then { community delete x-route-permit-mark; next policy; } } } } protocols { delete: bgp; } protocols { bgp { group ibgp-peers-ipv4 { type internal; export [ next-hop-self bgp-advertise bgp-redistribute bgp-final ]; advertise-inactive; neighbor 10.0.0.6 { local-address 10.0.0.5; description s2; family inet { unicast; } } } group ebgp-peers { export [ bgp-advertise bgp-redistribute bgp-final ]; advertise-inactive; } } } TASK [Deploy bgp configuration] ************************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying bgp from /home/pipi/netlab_gh/netsim/ansible/templates/bgp/junos.j2] *** changed: [s1] TASK [eos_config: deploying bgp from /home/pipi/netlab_gh/netsim/ansible/templates/bgp/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module vrf on current device] *********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for vrf] ************************************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for vrf] ********************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] => msg: |- vrf configuration for s1 ========================================= policy-options { community x-route-permit-mark members large:65535:0:65536; policy-statement vrf-tenant-bgp-export { term redis_bgp { from { protocol bgp; } then { community add x-route-permit-mark; next policy; } } term redis_direct { from { protocol direct; } then { community add x-route-permit-mark; next policy; } } term redis_ospf { from { protocol ospf; } then { community add x-route-permit-mark; next policy; } } term redis_ospf3 { from { protocol ospf3; } then { community add x-route-permit-mark; next policy; } } } } routing-instances { tenant { routing-options { autonomous-system 65000; router-id 10.0.0.5 } protocols { bgp { group ebgp-peers { export [ vrf-tenant-bgp-export bgp-final ]; advertise-inactive; } } } } } ok: [s2] => msg: |- vrf configuration for s2 ========================================= ! mpls ip ! router bgp 65000 ! vrf tenant router-id 10.0.0.6 rd 65000:1 TASK [Deploy vrf configuration] ************************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying vrf from /home/pipi/netlab_gh/netsim/ansible/templates/vrf/junos.j2] *** changed: [s1] TASK [eos_config: deploying vrf from /home/pipi/netlab_gh/netsim/ansible/templates/vrf/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module vxlan on current device] ********* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for vxlan] *********************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for vxlan] ******************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] => msg: |- vxlan configuration for s1 ========================================= policy-options { policy-statement ecmp { then { load-balance per-flow; } } } routing-options { forwarding-table { export ecmp; } } switch-options { vtep-source-interface lo0.0; } vlans { } switch-options { route-distinguisher 10.0.0.5:65535; vrf-target target:65000:65535; } protocols evpn encapsulation vxlan; ok: [s2] => msg: |- vxlan configuration for s2 ========================================= interface vxlan 1 vxlan source-interface Loopback0 vxlan vlan 1000 vni 1000 vxlan vlan 1001 vni 1001 TASK [Deploy vxlan configuration] ********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying vxlan from /home/pipi/netlab_gh/netsim/ansible/templates/vxlan/vjunos-switch.j2] *** changed: [s1] TASK [eos_config: deploying vxlan from /home/pipi/netlab_gh/netsim/ansible/templates/vxlan/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module evpn on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] ok: [s2] TASK [Find configuration template for evpn] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for evpn] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s2] => msg: |- evpn configuration for s2 ========================================= ! router bgp 65000 address-family evpn ! neighbor 10.0.0.5 activate ! vlan-aware-bundle tenant rd 65000:1 route-target import 65000:1 route-target export 65000:1 redistribute learned vlan 1000,1001 ok: [s1] => msg: |- evpn configuration for s1 ========================================= protocols { bgp { group ibgp-peers-ipv4 { neighbor 10.0.0.6 { delete: shutdown; family evpn { signaling; } } } group ebgp-peers { } } } policy-options { } vlans { } routing-instances { } routing-instances { vlan_aware_tenant { instance-type mac-vrf; service-type vlan-aware; vtep-source-interface lo0.0; route-distinguisher 65000:2; vrf-target import target:65000:1; vrf-target export target:65000:1; interface ge-0/0/1.0; vlans { red { vlan-id 1000; vxlan { vni 1000; } } } interface ge-0/0/2.0; vlans { blue { vlan-id 1001; vxlan { vni 1001; } } } protocols { evpn { encapsulation vxlan; default-gateway no-gateway-community; extended-vni-list all; } } } } routing-instances { } policy-options { } interfaces { } TASK [Deploy evpn configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/junos.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [junos_config: deploying evpn from /home/pipi/netlab_gh/netsim/ansible/templates/evpn/vjunos-switch.j2] *** changed: [s1] TASK [eos_config: deploying evpn from /home/pipi/netlab_gh/netsim/ansible/templates/evpn/eos.j2] *** changed: [s2] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* h1 : ok=41 changed=8 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0 h2 : ok=41 changed=8 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0 h3 : ok=41 changed=8 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0 h4 : ok=41 changed=8 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0 s1 : ok=66 changed=7 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 s2 : ok=63 changed=8 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0 The device under test is an EVPN PE-device bridging two VLANs over VXLAN using VLAN-aware Bundle service. The other EVPN PE-device is an Arista EOS device. Both VLANs are using the same IP prefix to identify potential inter-VLAN leaking. * h1 and h2 should be able to ping each other * h3 and h4 should be able to ping each other * h1 should not be able to reach h3 or h4 Please note it might take a while for the lab to work due to STP learning phase