Labs

 View Only
last person joined: 3 days ago 

Discover how to get the most of Juniper labs and share what you've built.
  • 1.  EVPN-VXLAN on vQFX (EVE-NG Lab)

    Posted 11-13-2020 05:39
      |   view attached
    This is a test to see if I can share my awesome Labs with you :)
    Attached you find the EVPN-VXLAN Lab on vQFX that I created last year to play with EVPN on my EVE-NG Server.
    EVPN-VXLAN on vQFX


    ------------------------------
    Christian Scholz
    ------------------------------


  • 2.  RE: EVPN-VXLAN on vQFX (EVE-NG Lab)

    Posted 01-23-2022 15:58
    Spine-1:
    
    set version 17.4R1.16
    set system host-name Spine-1
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set interfaces xe-0/0/0 unit 0 description "to Leaf 1"
    set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.100/24
    set interfaces xe-0/0/2 unit 0 description "to Leaf 2"
    set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.100/24
    set interfaces xe-0/0/4 unit 0 description "to Leaf 3"
    set interfaces xe-0/0/4 unit 0 family inet address 172.16.5.100/24
    set interfaces xe-0/0/6 unit 0 description "to Leaf 4"
    set interfaces xe-0/0/6 unit 0 family inet address 172.16.7.100/24
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.50.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.50.1
    set routing-options autonomous-system 65500
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Leaf 1/2/3/4"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.1.1 peer-as 65100
    set protocols bgp group underlay neighbor 172.16.3.1 peer-as 65200
    set protocols bgp group underlay neighbor 172.16.5.1 peer-as 65300
    set protocols bgp group underlay neighbor 172.16.7.1 peer-as 65400
    set protocols igmp-snooping vlan default
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set vlans default vlan-id 1
    Spine-2:
    
    set version 17.4R1.16
    set system host-name Spine-2
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set interfaces xe-0/0/1 unit 0 description "to Leaf 1"
    set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.100/24
    set interfaces xe-0/0/3 unit 0 description "to Leaf 2"
    set interfaces xe-0/0/3 unit 0 family inet address 172.16.4.100/24
    set interfaces xe-0/0/5 unit 0 description "to Leaf 3"
    set interfaces xe-0/0/5 unit 0 family inet address 172.16.6.100/24
    set interfaces xe-0/0/7 unit 0 description "to Leaf 4"
    set interfaces xe-0/0/7 unit 0 family inet address 172.16.8.100/24
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.60.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.60.1
    set routing-options autonomous-system 65600
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Leaf 1/2/3/4"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.2.1 peer-as 65100
    set protocols bgp group underlay neighbor 172.16.4.1 peer-as 65200
    set protocols bgp group underlay neighbor 172.16.6.1 peer-as 65300
    set protocols bgp group underlay neighbor 172.16.8.1 peer-as 65400
    set protocols igmp-snooping vlan default
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set vlans default vlan-id 1
    Leaf-1:
    
    set version 17.4R1.16
    set system host-name Leaf-1
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set interfaces xe-0/0/0 unit 0 description "to Spine 1"
    set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/24
    set interfaces xe-0/0/1 unit 0 description "to Spine 2"
    set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.1/24
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.10.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.10.1
    set routing-options autonomous-system 65100
    set routing-options forwarding-table export loadbalance
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Spine 1/2"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.1.100 peer-as 65500
    set protocols bgp group underlay neighbor 172.16.2.100 peer-as 65600
    set protocols bgp group overlay type internal
    set protocols bgp group overlay local-address 172.16.10.1
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay local-as 65700
    set protocols bgp group overlay multipath
    set protocols bgp group overlay neighbor 172.16.20.1
    set protocols bgp group overlay neighbor 172.16.30.1
    set protocols bgp group overlay neighbor 172.16.40.1
    set protocols evpn vni-options vni 10 vrf-target export target:1:10
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list 10
    set protocols igmp-snooping vlan default
    set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
    set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
    set policy-options policy-statement LEAF-IN term import_vni10 from community com10
    set policy-options policy-statement LEAF-IN term import_vni10 then accept
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set policy-options policy-statement loadbalance then load-balance per-packet
    set policy-options community com10 members target:1:10
    set policy-options community comm-leaf_esi members target:9999:9999
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 172.16.10.1:1
    set switch-options vrf-import LEAF-IN
    set switch-options vrf-target target:9999:9999
    set vlans default vlan-id 1
    set vlans vlan10 vlan-id 10
    set vlans vlan10 vxlan vni 10
    set vlans vlan10 vxlan ingress-node-replication
    Leaf-2:
    
    set version 17.4R1.16
    set system host-name Leaf-2
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set chassis aggregated-devices ethernet device-count 1
    set interfaces xe-0/0/2 unit 0 description "to Spine 1"
    set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.1/24
    set interfaces xe-0/0/3 unit 0 description "to Spine 2"
    set interfaces xe-0/0/3 unit 0 family inet address 172.16.4.1/24
    set interfaces xe-0/0/8 description "to Server"
    set interfaces xe-0/0/8 ether-options 802.3ad ae0
    set interfaces ae0 encapsulation ethernet-bridge
    set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01
    set interfaces ae0 esi all-active
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options lacp periodic fast
    set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01
    set interfaces ae0 unit 0 family ethernet-switching vlan members vlan10
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.20.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.20.1
    set routing-options autonomous-system 65200
    set routing-options forwarding-table export loadbalance
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Spine 1/2"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.3.100 peer-as 65500
    set protocols bgp group underlay neighbor 172.16.4.100 peer-as 65600
    set protocols bgp group overlay type internal
    set protocols bgp group overlay local-address 172.16.20.1
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay local-as 65700
    set protocols bgp group overlay multipath
    set protocols bgp group overlay neighbor 172.16.10.1
    set protocols bgp group overlay neighbor 172.16.30.1
    set protocols bgp group overlay neighbor 172.16.40.1
    set protocols evpn vni-options vni 10 vrf-target export target:1:10
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list 10
    set protocols igmp-snooping vlan default
    set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
    set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
    set policy-options policy-statement LEAF-IN term import_vni10 from community com10
    set policy-options policy-statement LEAF-IN term import_vni10 then accept
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set policy-options policy-statement loadbalance then load-balance per-packet
    set policy-options community com10 members target:1:10
    set policy-options community comm-leaf_esi members target:9999:9999
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 172.16.20.1:1
    set switch-options vrf-import LEAF-IN
    set switch-options vrf-target target:9999:9999
    set vlans default vlan-id 1
    set vlans vlan10 vlan-id 10
    set vlans vlan10 vxlan vni 10
    set vlans vlan10 vxlan ingress-node-replication
    Leaf-3:
    
    set version 17.4R1.16
    set system host-name Leaf-3
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set chassis aggregated-devices ethernet device-count 1
    set interfaces xe-0/0/4 unit 0 description "to Spine 1"
    set interfaces xe-0/0/4 unit 0 family inet address 172.16.5.1/24
    set interfaces xe-0/0/5 unit 0 description "to Spine 2"
    set interfaces xe-0/0/5 unit 0 family inet address 172.16.6.1/24
    set interfaces xe-0/0/9 description "to Server"
    set interfaces xe-0/0/9 ether-options 802.3ad ae0
    set interfaces ae0 encapsulation ethernet-bridge
    set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01
    set interfaces ae0 esi all-active
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options lacp periodic fast
    set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01
    set interfaces ae0 unit 0 family ethernet-switching vlan members vlan10
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.30.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.30.1
    set routing-options autonomous-system 65300
    set routing-options forwarding-table export loadbalance
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Spine 1/2"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.5.100 peer-as 65500
    set protocols bgp group underlay neighbor 172.16.6.100 peer-as 65600
    set protocols bgp group overlay type internal
    set protocols bgp group overlay local-address 172.16.30.1
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay local-as 65700
    set protocols bgp group overlay multipath
    set protocols bgp group overlay neighbor 172.16.10.1
    set protocols bgp group overlay neighbor 172.16.20.1
    set protocols bgp group overlay neighbor 172.16.40.1
    set protocols evpn vni-options vni 10 vrf-target export target:1:10
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list 10
    set protocols igmp-snooping vlan default
    set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
    set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
    set policy-options policy-statement LEAF-IN term import_vni10 from community com10
    set policy-options policy-statement LEAF-IN term import_vni10 then accept
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set policy-options policy-statement loadbalance then load-balance per-packet
    set policy-options community com10 members target:1:10
    set policy-options community comm-leaf_esi members target:9999:9999
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 172.16.30.1:1
    set switch-options vrf-import LEAF-IN
    set switch-options vrf-target target:9999:9999
    set vlans default vlan-id 1
    set vlans vlan10 vlan-id 10
    set vlans vlan10 vxlan vni 10
    set vlans vlan10 vxlan ingress-node-replication
    Leaf-4:
    
    set version 17.4R1.16
    set system host-name Leaf-4
    set system root-authentication encrypted-password "$6$rB5kPIFJ$91QMtJeCLoVn1o.TN5fPMhQF44MyQXrN0yfMn4Br6lasdBcdyX.XuHE7zYdAC8t4M07icNaSjlusHlVdu4Bxy."
    set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system login user vagrant uid 2000
    set system login user vagrant class super-user
    set system login user vagrant authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
    set system services ssh root-login allow
    set system services netconf ssh
    set system services rest http port 8080
    set system services rest enable-explorer
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system extensions providers juniper license-type juniper deployment-scope commercial
    set system extensions providers chef license-type juniper deployment-scope commercial
    set interfaces xe-0/0/6 unit 0 description "to Spine 1"
    set interfaces xe-0/0/6 unit 0 family inet address 172.16.7.1/24
    set interfaces xe-0/0/7 unit 0 description "to Spine 2"
    set interfaces xe-0/0/7 unit 0 family inet address 172.16.8.1/24
    set interfaces xe-0/0/9 description "to Client"
    set interfaces xe-0/0/9 encapsulation ethernet-bridge
    set interfaces xe-0/0/9 unit 0 family ethernet-switching vlan members vlan10
    set interfaces em0 unit 0 family inet dhcp
    set interfaces em1 unit 0 family inet address 169.254.0.2/24
    set interfaces lo0 unit 0 family inet address 172.16.40.1/32
    set forwarding-options storm-control-profiles default all
    set routing-options router-id 172.16.40.1
    set routing-options autonomous-system 65400
    set routing-options forwarding-table export loadbalance
    set protocols bgp group underlay type external
    set protocols bgp group underlay description "to Spine 1/2"
    set protocols bgp group underlay export directs
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.7.100 peer-as 65500
    set protocols bgp group underlay neighbor 172.16.8.100 peer-as 65600
    set protocols bgp group overlay type internal
    set protocols bgp group overlay local-address 172.16.40.1
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay local-as 65700
    set protocols bgp group overlay multipath
    set protocols bgp group overlay neighbor 172.16.10.1
    set protocols bgp group overlay neighbor 172.16.20.1
    set protocols bgp group overlay neighbor 172.16.30.1
    set protocols evpn vni-options vni 10 vrf-target export target:1:10
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list 10
    set protocols igmp-snooping vlan default
    set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
    set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
    set policy-options policy-statement LEAF-IN term import_vni10 from community com10
    set policy-options policy-statement LEAF-IN term import_vni10 then accept
    set policy-options policy-statement directs term 1 from protocol direct
    set policy-options policy-statement directs term 1 then accept
    set policy-options policy-statement loadbalance then load-balance per-packet
    set policy-options community com10 members target:1:10
    set policy-options community comm-leaf_esi members target:9999:9999
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 172.16.40.1:1
    set switch-options vrf-import LEAF-IN
    set switch-options vrf-target target:9999:9999
    set vlans default vlan-id 1
    set vlans vlan10 vlan-id 10
    set vlans vlan10 vxlan vni 10
    set vlans vlan10 vxlan ingress-node-replication


    ------------------------------
    Christian Scholz
    Juniper Networks Ambassador | JNCIE-SEC #374
    Mail: chs@ip4.de
    Blog: jncie.eu | Twitter: @chsjuniper | YT-Channel: netchron
    ------------------------------