From d31e21186c03afd779649df41b2fbbcd9c58a259 Mon Sep 17 00:00:00 2001 From: Mitch Vaughan Date: Fri, 4 Oct 2024 19:29:22 +0000 Subject: [PATCH 1/2] remove mac address aging time on routers --- .../wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg | 8 +++----- .../wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg | 8 +++----- .../wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg | 8 +++----- .../wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg | 8 +++----- .../wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg | 6 ++---- .../wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg | 6 ++---- .../wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg | 6 ++---- 7 files changed, 18 insertions(+), 32 deletions(-) diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index fe6c4c32..d1852bb3 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -140,8 +140,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -188,9 +186,9 @@ router bgp 65000 ! address-family evpn neighbor LOCAL-EVPN-PEERS activate - neighbor LOCAL-EVPN-PEERS encapsulation vxlan + neighbor LOCAL-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -252,4 +250,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index a02b003c..38056907 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -131,8 +131,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -179,9 +177,9 @@ router bgp 65000 ! address-family evpn neighbor LOCAL-EVPN-PEERS activate - neighbor LOCAL-EVPN-PEERS encapsulation vxlan + neighbor LOCAL-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -239,4 +237,4 @@ stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index 47ea9df5..ab8747f3 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -140,8 +140,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -188,9 +186,9 @@ router bgp 65000 ! address-family evpn neighbor LOCAL-EVPN-PEERS activate - neighbor LOCAL-EVPN-PEERS encapsulation vxlan + neighbor LOCAL-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -252,4 +250,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 568d12e8..6c4fd6bf 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -131,8 +131,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -179,9 +177,9 @@ router bgp 65000 ! address-family evpn neighbor LOCAL-EVPN-PEERS activate - neighbor LOCAL-EVPN-PEERS encapsulation vxlan + neighbor LOCAL-EVPN-PEERS encapsulation vxlan neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection neighbor WAN-OVERLAY-PEERS domain remote route import match-failure action discard ! @@ -237,4 +235,4 @@ stun server local-interface Ethernet2 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 8aa75438..394eb9d6 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -147,8 +147,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -177,7 +175,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -212,4 +210,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index abc8e5b0..ef7c2758 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -148,8 +148,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -178,7 +176,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -213,4 +211,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index e8b7bfc0..9afbd79a 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -148,8 +148,6 @@ interface Vxlan1 vxlan vrf PROD vni 51 vxlan vrf default vni 50 ! -mac address-table aging-time 1800 -! ip routing ip routing vrf DEV no ip routing vrf MGMT @@ -178,7 +176,7 @@ router bgp 65000 ! address-family evpn neighbor WAN-OVERLAY-PEERS activate - neighbor WAN-OVERLAY-PEERS encapsulation path-selection + neighbor WAN-OVERLAY-PEERS encapsulation path-selection ! address-family path-selection bgp additional-paths receive @@ -205,4 +203,4 @@ stun server-profile DC2-R2-Ethernet2 ip address 192.0.2.14 ! -end \ No newline at end of file +end From 369891fdc4c60555c862dd535818635c0b576a03 Mon Sep 17 00:00:00 2001 From: Mitch Vaughan Date: Fri, 4 Oct 2024 20:09:47 +0000 Subject: [PATCH 2/2] remove flow entropy --- tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg | 2 -- tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg | 2 -- 7 files changed, 14 deletions(-) diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg index d1852bb3..cec46c5f 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R1.cfg @@ -97,8 +97,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! key controller profile IPSEC-PROFILE diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg index 38056907..3b80aba6 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC1-R2.cfg @@ -91,8 +91,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! interface Dps1 description TEP IP diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg index ab8747f3..965465ca 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R1.cfg @@ -97,8 +97,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! key controller profile IPSEC-PROFILE diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg index 6c4fd6bf..65db6b7b 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/DC2-R2.cfg @@ -91,8 +91,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! interface Dps1 description TEP IP diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg index 394eb9d6..ed0187d6 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R1.cfg @@ -97,8 +97,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! key controller profile IPSEC-PROFILE diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg index ef7c2758..c2e5cf9e 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S1-R2.cfg @@ -97,8 +97,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! key controller profile IPSEC-PROFILE diff --git a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg index 9afbd79a..a500c173 100644 --- a/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg +++ b/tech-library/wan/autovpn/zbackend-infra/clab/configs/S2-R1.cfg @@ -97,8 +97,6 @@ ip security shared-key 7 0110100A480E0A0E231D1E dpd 10 50 clear mode transport - ! - flow entropy udp ! key controller profile IPSEC-PROFILE