Add Leafs to Data Center

Final Deployment

Introduction
NaC Introduction
Manual Validation
CXTM Introduction
CXTM Projects
CXTM Test Cases
CXTM Test Automation
CXTM Git Integration
CXTM Batches
CXTM Notifications
Final Deployment
CXTM Reporting
CXTM References
Bonus Content

Add Leafs to Data Center

In this section, you will expand your Nexus fabric by adding Leaf-3 (L3) and Leaf-4 (L4) switches to the data center topology. This represents a typical Day 2 operational change where you scale your network infrastructure to accommodate growth, increase capacity, or enhance redundancy based on evolving business requirements.

Step 1 - Update Deployment Inventory File

First, you need to update the inventory.nac.yaml file to include the L3 and L4 switches.

Select the data/inventory.nac.yaml file from the file explorer on the left side menu to open and edit it.

Add the L3 and L4 devices to the inventory file. Your complete inventory should look like this:


---
nxos:
  devices:
    - name: S1
      url: https://10.15.103.21
    - name: S2
      url: https://10.15.103.22
    - name: L1
      url: https://10.15.103.23
    - name: L2
      url: https://10.15.103.24
    - name: L3
      url: https://10.15.103.25
    - name: L4
      url: https://10.15.103.26

📋 Alternative: You can also copy and paste the entire inventory configuration below to replace the complete content of the data/inventory.nac.yaml file, then proceed to step 3 to save.

---
nxos:
  devices:
    - name: S1
      url: https://10.15.103.21
    - name: S2
      url: https://10.15.103.22
    - name: L1
      url: https://10.15.103.23
    - name: L2
      url: https://10.15.103.24
    - name: L3
      url: https://10.15.103.25
    - name: L4
      url: https://10.15.103.26

Press Ctrl + s to save the inventory.nac.yaml file.
If the keyboard shortcut does not work, please open the VS Code Server hamburger menu and click File > Save.

Step 2 - Update S1 (Spine-1)

Before adding the new leaf switches, you need to update the Spine switch configurations to include interfaces and BGP neighbors for the L3 and L4 connections.

Select the data/S1.nac.yaml file from the file explorer to open it.

Add the following ethernet interfaces connections towards L3 and L4 switches.


            - id: 1/3
              description: "connected to L3 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.13.1/30
              admin_state: true
            - id: 1/13
              description: "connected to L3 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.13.5/30
              admin_state: true
            - id: 1/4
              description: "connected to L4 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.14.1/30
              admin_state: true
            - id: 1/14
              description: "connected to L4 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.14.5/30
              admin_state: true

Add the following BGP neighbor configurations towards L3 and L4 switches


                  - ip: 10.1.13.2
                    asn: "65013"
                    description: "L3-Eth1/29"
                    source_interface: eth1/3
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.13.6
                    asn: "65013"
                    description: "L3-Eth1/30"
                    source_interface: eth1/13
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.14.2
                    asn: "65014"
                    description: "L4-Eth1/29"
                    source_interface: eth1/4
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.14.6
                    asn: "65014"
                    description: "L4-Eth1/30"
                    source_interface: eth1/14
                    address_families:
                      - address_family: ipv4_unicast

📋 Alternative: You can also copy and paste the entire S1 configuration below to replace the complete content of the data/S1.nac.yaml file, then proceed to step 4 to save.

---
nxos:
  devices:
    - name: S1
      url: https://10.15.103.21
      configuration:
        system:
          hostname: S1
          feature:
            bgp: true
            lldp: true
        interfaces:
          loopbacks:
            - id: 0
              ipv4_address: 10.0.0.1/32
              admin_state: true
          ethernets:
            - id: 1/1
              description: "connected to L1 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.11.1/30
              admin_state: true
            - id: 1/11
              description: "connected to L1 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.11.5/30
              admin_state: true
            - id: 1/2
              description: "connected to L2 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.12.1/30
              admin_state: true
            - id: 1/12
              description: "connected to L2 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.12.5/30
              admin_state: true
            - id: 1/3
              description: "connected to L3 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.13.1/30
              admin_state: true
            - id: 1/13
              description: "connected to L3 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.13.5/30
              admin_state: true
            - id: 1/4
              description: "connected to L4 Ethernet1/29"
              layer3: true
              ipv4_address: 10.1.14.1/30
              admin_state: true
            - id: 1/14
              description: "connected to L4 Ethernet1/30"
              layer3: true
              ipv4_address: 10.1.14.5/30
              admin_state: true
        routing:
          ipv4_prefix_lists:
            - name: REDISTRIBUTE_PREFIXES
              entries:
                - order: 10
                  action: permit
                  prefix: 10.0.0.1/32
                  criteria: exact
          route_maps:
            - name: fabric-rmap-redist-subnet
              entries:
                - order: 10
                  action: permit
                  match_prefix_list: REDISTRIBUTE_PREFIXES
          bgp:
            asn: "65535"
            vrfs:
              - vrf: default
                router_id: 10.0.0.1
                address_families:
                  - address_family: ipv4_unicast
                    max_ecmp_paths: 4
                    redistributions:
                      - protocol: direct
                        protocol_instance: "none"
                        route_map: fabric-rmap-redist-subnet
                neighbors:
                  - ip: 10.1.11.2
                    asn: "65011"
                    description: "L1-Eth1/29"
                    source_interface: eth1/1
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.11.6
                    asn: "65011"
                    description: "L1-Eth1/30"
                    source_interface: eth1/11
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.12.2
                    asn: "65012"
                    description: "L2-Eth1/29"
                    source_interface: eth1/2
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.12.6
                    asn: "65012"
                    description: "L2-Eth1/30"
                    source_interface: eth1/12
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.13.2
                    asn: "65013"
                    description: "L3-Eth1/29"
                    source_interface: eth1/3
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.13.6
                    asn: "65013"
                    description: "L3-Eth1/30"
                    source_interface: eth1/13
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.14.2
                    asn: "65014"
                    description: "L4-Eth1/29"
                    source_interface: eth1/4
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.14.6
                    asn: "65014"
                    description: "L4-Eth1/30"
                    source_interface: eth1/14
                    address_families:
                      - address_family: ipv4_unicast

Press Ctrl + s to save the S1.nac.yaml file.
If the keyboard shortcut does not work, please open the VS Code Server hamburger menu and click File > Save.

Update S2 (Spine-2) Configuration

Select the data/S2.nac.yaml file from the file explorer to open it.

Add the following ethernet interfaces for L3 and L4 connections after the existing L2 interfaces in the ethernets section:


                  - ip: 10.1.23.2
                    asn: "65013"
                    description: "L3-Eth1/31"
                    source_interface: eth1/3
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.6
                    asn: "65013"
                    description: "L3-Eth1/32"
                    source_interface: eth1/13
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.2
                    asn: "65014"
                    description: "L4-Eth1/31"
                    source_interface: eth1/4
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.6
                    asn: "65014"
                    description: "L4-Eth1/32"
                    source_interface: eth1/14
                    address_families:
                      - address_family: ipv4_unicast

Add the following BGP neighbors for L3 and L4 after the existing L2 neighbors in the neighbors section:


                   - ip: 10.1.23.2
                    asn: "65013"
                    description: "L3-Eth1/31"
                    source_interface: eth1/3
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.6
                    asn: "65013"
                    description: "L3-Eth1/32"
                    source_interface: eth1/13
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.2
                    asn: "65014"
                    description: "L4-Eth1/31"
                    source_interface: eth1/4
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.6
                    asn: "65014"
                    description: "L4-Eth1/32"
                    source_interface: eth1/14
                    address_families:
                      - address_family: ipv4_unicast

📋 Alternative: You can also copy and paste the entire S2 configuration below to replace the complete content of the data/S2.nac.yaml file, then proceed to step 4 to save.

---
nxos:
  devices:
    - name: S2
      url: https://10.15.103.22
      configuration:
        system:
          hostname: S2
          feature:
            bgp: true
            lldp: true
        interfaces:
          loopbacks:
            - id: 0
              ipv4_address: 10.0.0.2/32
              admin_state: true
          ethernets:
            - id: 1/1
              description: "connected to L1 Ethernet1/31"
              layer3: true
              ipv4_address: 10.1.21.1/30
              admin_state: true
            - id: 1/11
              description: "connected to L1 Ethernet1/32"
              layer3: true
              ipv4_address: 10.1.21.5/30
              admin_state: true
            - id: 1/2
              description: "connected to L2 Ethernet1/31"
              layer3: true
              ipv4_address: 10.1.22.1/30
              admin_state: true
            - id: 1/12
              description: "connected to L2 Ethernet1/32"
              layer3: true
              ipv4_address: 10.1.22.5/30
              admin_state: true
            - id: 1/3
              description: "connected to L3 Ethernet1/31"
              layer3: true
              ipv4_address: 10.1.23.1/30
              admin_state: true
            - id: 1/13
              description: "connected to L3 Ethernet1/32"
              layer3: true
              ipv4_address: 10.1.23.5/30
              admin_state: true
            - id: 1/4
              description: "connected to L4 Ethernet1/31"
              layer3: true
              ipv4_address: 10.1.24.1/30
              admin_state: true
            - id: 1/14
              description: "connected to L4 Ethernet1/32"
              layer3: true
              ipv4_address: 10.1.24.5/30
              admin_state: true
        routing:
          ipv4_prefix_lists:
            - name: REDISTRIBUTE_PREFIXES
              entries:
                - order: 10
                  action: permit
                  prefix: 10.0.0.2/32
                  criteria: exact
          route_maps:
            - name: fabric-rmap-redist-subnet
              entries:
                - order: 10
                  action: permit
                  match_prefix_list: REDISTRIBUTE_PREFIXES
          bgp:
            asn: "65535"
            vrfs:
              - vrf: default
                router_id: 10.0.0.2
                address_families:
                  - address_family: ipv4_unicast
                    max_ecmp_paths: 4
                    redistributions:
                      - protocol: direct
                        protocol_instance: "none"
                        route_map: fabric-rmap-redist-subnet
                neighbors:
                  - ip: 10.1.21.2
                    asn: "65011"
                    description: "L1-Eth1/31"
                    source_interface: eth1/1
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.21.6
                    asn: "65011"
                    description: "L1-Eth1/32"
                    source_interface: eth1/11
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.22.2
                    asn: "65012"
                    description: "L2-Eth1/31"
                    source_interface: eth1/2
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.22.6
                    asn: "65012"
                    description: "L2-Eth1/32"
                    source_interface: eth1/12
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.2
                    asn: "65013"
                    description: "L3-Eth1/31"
                    source_interface: eth1/3
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.6
                    asn: "65013"
                    description: "L3-Eth1/32"
                    source_interface: eth1/13
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.2
                    asn: "65014"
                    description: "L4-Eth1/31"
                    source_interface: eth1/4
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.6
                    asn: "65014"
                    description: "L4-Eth1/32"
                    source_interface: eth1/14
                    address_families:
                      - address_family: ipv4_unicast

Press Ctrl + s to save the S2.nac.yaml file.
If the keyboard shortcut does not work, please open the VS Code Server hamburger menu and click File > Save.

Step 3 - Create L3 (Leaf-3) Switch Configuration File

Create the configuration file L3.nac.yaml for Leaf-3 switch (L3) in the data directory. This YAML file defines the complete configuration for the Leaf-3 switch including system settings, VLANs, interfaces, and BGP routing.

Copy and paste the below command in the VS Code Server terminal window to create the L3.nac.yaml file in the data directory.


code-server -r data/L3.nac.yaml

Copy the following code into your newly created L3.nac.yaml file.


---
nxos:
  devices:
    - name: L3
      url: https://10.15.103.25
      configuration:
        system:
          hostname: L3
          feature:
            bgp: true
            interface_vlan: true
            lldp: true
        vlans:
          - id: 103
            name: VLAN103
        interfaces:
          loopbacks:
            - id: 0
              ipv4_address: 10.0.3.3/32
              admin_state: true
          vlans:
            - id: 103
              description: "SVI for VLAN 103"
              ipv4_address: 10.254.103.1/24
              admin_state: true
          ethernets:
            - id: 1/1
              description: "host3-ens2"
              access_vlan: 103
              admin_state: true
            - id: 1/2
              description: "host4-ens2"
              access_vlan: 103
              admin_state: true
            - id: 1/29
              description: "connected to S1 Ethernet1/3"
              layer3: true
              ipv4_address: 10.1.13.2/30
              admin_state: true
            - id: 1/30
              description: "connected to S1 Ethernet1/13"
              layer3: true
              ipv4_address: 10.1.13.6/30
              admin_state: true
            - id: 1/31
              description: "connected to S2 Ethernet1/3"
              layer3: true
              ipv4_address: 10.1.23.2/30
              admin_state: true
            - id: 1/32
              description: "connected to S2 Ethernet1/13"
              layer3: true
              ipv4_address: 10.1.23.6/30
              admin_state: true
        routing:
          ipv4_prefix_lists:
            - name: REDISTRIBUTE_PREFIXES
              entries:
                - order: 10
                  action: permit
                  prefix: 10.0.3.3/32
                  criteria: exact
                - order: 20
                  action: permit
                  prefix: 10.254.103.0/24
                  criteria: exact
          route_maps:
            - name: fabric-rmap-redist-subnet
              entries:
                - order: 10
                  action: permit
                  match_prefix_list: REDISTRIBUTE_PREFIXES
          bgp:
            asn: "65013"
            vrfs:
              - vrf: default
                router_id: 10.0.3.3
                address_families:
                  - address_family: ipv4_unicast
                    max_ecmp_paths: 4
                    redistributions:
                      - protocol: direct
                        protocol_instance: "none"
                        route_map: fabric-rmap-redist-subnet
                neighbors:
                  - ip: 10.1.13.1
                    asn: "65535"
                    description: "S1-Eth1/3"
                    source_interface: eth1/29
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.13.5
                    asn: "65535"
                    description: "S1-Eth1/13"
                    source_interface: eth1/30
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.1
                    asn: "65535"
                    description: "S2-Eth1/3"
                    source_interface: eth1/31
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.23.5
                    asn: "65535"
                    description: "S2-Eth1/13"
                    source_interface: eth1/32
                    address_families:
                      - address_family: ipv4_unicast

Press Ctrl + s to save the L3.nac.yaml file.
If the keyboard shortcut does not work, please open the VS Code Server hamburger menu and click File > Save.

Step 4 - Create L4 (Leaf-4) Switch Configuration File

Create the configuration file L4.nac.yaml for Leaf-4 switch (L4) in the data directory. This YAML file defines the complete configuration for the Leaf-4 switch including system settings, VLANs, interfaces, and BGP routing.

Copy and paste the below command in the VS Code Server terminal window to create the L4.nac.yaml file in the data directory.


code-server -r data/L4.nac.yaml

Copy the following code into your newly created L4.nac.yaml file.


---
nxos:
  devices:
    - name: L4
      url: https://10.15.103.26
      configuration:
        system:
          hostname: L4
          feature:
            bgp: true
            interface_vlan: true
            lldp: true
        vlans:
          - id: 104
            name: VLAN104
        interfaces:
          loopbacks:
            - id: 0
              ipv4_address: 10.0.4.4/32
              admin_state: true
          vlans:
            - id: 104
              description: "SVI for VLAN 103"
              ipv4_address: 10.254.104.1/24
              admin_state: true
          ethernets:
            - id: 1/1
              description: "host3-ens3"
              access_vlan: 104
              admin_state: true
            - id: 1/2
              description: "host4-ens3"
              access_vlan: 104
              admin_state: true
            - id: 1/29
              description: "connected to S1 Ethernet1/4"
              layer3: true
              ipv4_address: 10.1.14.2/30
              admin_state: true
            - id: 1/30
              description: "connected to S1 Ethernet1/14"
              layer3: true
              ipv4_address: 10.1.14.6/30
              admin_state: true
            - id: 1/31
              description: "connected to S2 Ethernet1/4"
              layer3: true
              ipv4_address: 10.1.24.2/30
              admin_state: true
            - id: 1/32
              description: "connected to S2 Ethernet1/14"
              layer3: true
              ipv4_address: 10.1.24.6/30
              admin_state: true
        routing:
          ipv4_prefix_lists:
            - name: REDISTRIBUTE_PREFIXES
              entries:
                - order: 10
                  action: permit
                  prefix: 10.0.4.4/32
                  criteria: exact
                - order: 20
                  action: permit
                  prefix: 10.254.104.0/24
                  criteria: exact
          route_maps:
            - name: fabric-rmap-redist-subnet
              entries:
                - order: 10
                  action: permit
                  match_prefix_list: REDISTRIBUTE_PREFIXES
          bgp:
            asn: "65014"
            vrfs:
              - vrf: default
                router_id: 10.0.4.4
                address_families:
                  - address_family: ipv4_unicast
                    max_ecmp_paths: 4
                    redistributions:
                      - protocol: direct
                        protocol_instance: "none"
                        route_map: fabric-rmap-redist-subnet
                neighbors:
                  - ip: 10.1.14.1
                    asn: "65535"
                    description: "S1-Eth1/4"
                    source_interface: eth1/29
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.14.5
                    asn: "65535"
                    description: "S1-Eth1/14"
                    source_interface: eth1/30
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.1
                    asn: "65535"
                    description: "S2-Eth1/4"
                    source_interface: eth1/31
                    address_families:
                      - address_family: ipv4_unicast
                  - ip: 10.1.24.5
                    asn: "65535"
                    description: "S2-Eth1/14"
                    source_interface: eth1/32
                    address_families:
                      - address_family: ipv4_unicast

Press Ctrl + s to save the L4.nac.yaml file.
If the keyboard shortcut does not work, please open the VS Code Server hamburger menu and click File > Save.

Continue to the next section to execute the complete GitLab CI/CD pipeline with all stages.

GitLab

USER: pod03

PASS: cisco.123

VS Code Server

USER: user03

PASS: cisco.123

NX-OS Devices

USER: admin

PASS: cisco.123

S1 : 10.15.103.21

S2 : 10.15.103.22

L1 : 10.15.103.23

L2 : 10.15.103.24

L3 : 10.15.103.25

L4 : 10.15.103.26

CXTM

USER: pod03

PASS: cisco.123

Add Leafs to Data Center

Step 1 - Update Deployment Inventory File

Step 2 - Update S1 (Spine-1)

Update S2 (Spine-2) Configuration

Step 3 - Create L3 (Leaf-3) Switch Configuration File

Step 4 - Create L4 (Leaf-4) Switch Configuration File