netlab: Building a Layer-2 Fabric

A friend of mine decided to use netlab to build a simple traditional data center fabric, and asked me a question along these lines:

How do I make all the ports be L2 by default i.e. not have IP address assigned to them?

Trying to answer his question way too late in the evening (I know, I shouldn’t be doing that), I focused on the “no IP addresses” part. To get there, you have to use the l2only pool or disable IPv4 prefixes in the built-in address pools, for example:

addressing:
  lan:
    ipv4: False
  p2p:
    ipv4: False

nodes:
  l1:
  l2:
  s1:
  s2:
  h1:
      device: linux
  h2:
      device: linux

links:
- l1-s1
- l2-s1
- l1-s2
- l2-s2
- l1-h1
- l2-h2
You have to use the ipv4: False instead of simpler p2p: {} syntax that is used to define the l2only pool because netlab merges lab topology settings with the default system settings, and the default settings already include ipv4 prefixes in most addressing pools.

It turned out my friend wanted to build a layer-2-only leaf-and-spine fabric, and the above topology wouldn’t do that. netlab assumes you want to use layer-3 interfaces unless you use VLANs on them and would configure something equivalent to no switchport on data center switches as part of initial configuration. To build a pure layer-2 fabric, you have to build it within a VLAN:

  • Use VLAN module in the lab topology1:
defaults.device: eos
provider: clab
module: [ vlan ]
  • Create a VLAN and optionally set its VLAN ID. Make sure the VLAN mode is set to bridge or you’ll get IP addresses on all VLAN interfaces.
vlans:
  fabric:
    id: 100
    mode: bridge
  • Configure access VLAN fabric on all links:
links:
- l1:
  s1:
  vlan.access: fabric
- l2:
  s1:
  vlan.access: fabric
- l1:
  s2:
  vlan.access: fabric
- l2:
  s2:
  vlan.access: fabric
- l1:
  h1:
  vlan.access: fabric
- l2:
  h2:
  vlan.access: fabric

Notes:

  • The links part of the lab topology is way too verbose for my tastes and will get significantly shorter once we implement link groups.
  • While the switches won’t get IP addresses on VLAN interfaces, hosts do (because they are not VLAN aware). You can ping between h1 and h2 once the lab is up and running.
  • You could use VLAN 1 as native VLAN on VLAN trunks between the switches, but that would make the lab topology even more verbose.

Now we’re ready to roll. Execute netlab up2, wait for STP to do its job, and check connectivity between h1 and h2.

For the two readers who haven’t installed netlab yet: here’s the Arista cEOS configuration for l1:

Cleaned-up Arista cEOS configuration for L1
spanning-tree mode mstp
!
vlan 100
   name fabric
!
interface Ethernet1
   switchport access vlan 100
!
interface Ethernet2
   switchport access vlan 100
!
interface Ethernet3
   switchport access vlan 100
!
interface Loopback0
   ip address 10.0.0.1/32
!
interface Management0
   ip address 192.168.121.101/24
   no lldp transmit
   no lldp receive
!
interface Vlan100
   description VLAN fabric (100) -> [s1,s2,h1,l2,h2]

Want to run this lab on your own, or try it out with different devices? No problem:


  1. I love to use Arista cEOS containers with clab – the lab start time is too short to make a coffee let alone a sandwich. ↩︎

  2. After doing the mandatory homework like creating a Ubuntu VM, installing the software, and downloading Arista cEOS container↩︎

Add comment
Sidebar