Network layer planning
How to draw on L3* pages
L3 features
NDAT provides following L3 features:
Automated IPv4 address distribution (assignment).
Detailed IP address plan exporting (in Excel format).
Number spaces management – VPN ID, BGP AS, L3VNI.
BGP sessions report. Static route report.
VRF report.
Installation maps (experimental feature).
A little L3 practice
Form L3-topology and define subnet addressing
To form basic L3 topology perform following steps:
In any order perform first two steps:
Draw L3 topology:
Put l3subnet shapes on L3* page;
Put l3devicevrf or l3vrf + l3device shapes on L3* page;
Put l3ports (L3 interfaces) define their addressing order and link them to subnets with l3links;
Optionally put l3sharedip shapes.
Develop in Excel an IP address plan that detailed to subnets and loopbacks.
Import subnet-level address plan to Visio as external data.
Link externa data entries to subnets and loopbacks.
Run auto addressing of interfaces, loopbacks and shared IPs.
Form detailed per-interface IP address report.
If address plan changes it can be relinked to subnets/loopbacks by unique names.
Static routes
To add static routes perform following steps:
Add static route shapes according to guidelines:
Static route shape’s “Round tail” must be glued to l3vrf or l3devicevrf – that is to routing table, in which this route should be configured.
Static route shape’s “Arrow tail” may not be glued anywhere, may be glued to non-functional anchor shape or may be glued to l3port/l3shared shape that is static route’s gateway.
Static route shape has two controls. The first one simply defines label position. The second one may be glued l3port/l3shared shape that is static route’s gateway.
After the gateway shape was glued, update gateway address field.
Now static routes report can be generated.
BGP sessions
To add BGP sessions perform following steps:
Add BGP AS numbers to a special dictionary (optionally).
Put BGP AS containers (l3bgpas) to diagram and put L3 nodes (l3device, l3devicevrf) into BGP AS containers.
Draw BGP sessions between L3 interfaces / loopbacks.
Attach callouts with additional info to BGP sessions.
Generate BGP sessions report.
L3 subnets
Each L3 interface (l3port) must be linked to subnet shape with l3link shape.
L3 subnets have several mode switches:
with Secondary addressing enabled/disabled;
with VXLAN attributes enabled/disabled;
Config name or Unique name display name.
It is assumed that Config name – it’s a subnet name that intended to be used in device’s config. This name is allowed to be non-unique in project scope, e.g. to duplicate in different venues.
Vice versa Unique name – is a value that is intended to used as subnet unique ID in project scope. It’s useful to generate unique name in format “[Venue ID] Config name”.
Interfaces and Shared IPs
There are two types of L3 interfaces:
l3port – ordinary interfaces – physical (untagged), suf-if (tagged) or SVI (virtual VLAN interface).
l3loopback - Loopbacks (if Router-id must be defined, then use Loopback shape too).
Ordinary interface must be connected to l3vrf or l3devicevrf on one side and to L3 subnet with l3link on other side. Loopback must be connected to l3vrf or l3devicevrf on one side only. l3sharedip must be connected to several l3link (up to 4 in current version).
l3haredip and l3port shapes support Secondary addressing (including Secondary-only).
Interface adderss is defined by interface’s addressing order inside subnet. Used orders can be discontinuous – that is with gaps. Primary and secondary addresses have separate orders.
There is a per-interface option to allow/disallow address duplication (it is needed e.g. for anycast gateway addresses in some implementations).
NDAT supports SVI / L3 sub-if auto naming. Put a point “.” at the end of interface name, or use one of interface name prefixes – “VLAN”, “Vlan”, “VBDIF”, and NDAT will finish it with VLAN ID of connected subnet.
For each Loopback and Router-id a separate line must be present in subnet level address plan (that should be untagged subnet with /32 mask – see sample).
Loopbacks and Router-ids there is other recommendation to form Unique name / Config name:
Unique name – Hostname + Short if name – e.g. DCA-IA-BR-1 Lo0
Config name – Config interface name – e.g. Loopback0
For Loopbacks - Config name will always be displayed on diagrams.
To [re]assign addresses just run NDAT -> L3 -> Update and refresh -> Renumber all IP interfaces.
If IP addressing report creation called, then:
At first NDAT loops over subnets and renumbers all connected interfaces and shared IPs;
After that NDAT loops over l3loopbacks.
If address plan changes – then update external data then, if needed, [auto]relink it to subnets and loopbacks. Run renumbering and all interfaces will be readdressed.
L3 nodes
There are two ways to draw L3 nodes:
L3 device is a container, that contains VRFs:
l3device shape – is a device container; l3vrf shape – is a VRF;
l3device + l3vrf way should be used when several VRFs inside single device need to be shown on single page; useful when need to show RT import/export, RD;
Combined shape – VRF + L3 device – l3devicevrf:
Should be used when device has only 1-2 VRFs and there is no need to show several VRFs inside single device. l3devicevrf combines all the attributes of l3device and l3vrf.
VPN/VRF ID management
Management performed via VPN-ID dictionary (see NDAT -> General -> Dictionaries button):
Entity name – VPN / VRF name (no spaces allowed);
Entity value – ID VPN / VRF – usually numeric value from 1 to 999;
Entity description – optional VPN / VRF description (spaces allowed).
NDAT distributes values from dictionary to l3vrf/l3devicevrf shapes. During distribution NDAT compares Entity name to VRF name in shape.
VPN ID is also used for:
RD generation (formats AS:VPN ID and Loopback0:VPN ID supported);
Symmetric RT generation (in AS:VPN ID format).
VRF/L3VPN
VRF report is supported (NDAT also collects RTi/RTe, RD, L3VNI to this report). On VRF report generation NDAT can also generate RD in Lo0:VPN-ID or AS:VPN-ID formats. It is also possible to clear all RDs to “Auto”. NDAT can generate symmetric RTi/RTe in AS:VPN-ID format. In case VPN ID or AS Number are unavailable – NDAT will show appropriate warning.
Static routes
Static routes should be glued to L3VRF or L3DeviceVRF. Static route control or arrow tail should be glued to l3port or l3sharedip, which depicts a gateway IP. Static routes support gateway refresh (e.g. on addressing changes). Additionally static route shapes has metric and tracking fields. Static routes can be collected to separate report.
BGP info
BGP AS
BGP AS – is a Visio container into which l3devicevrf or l3device should be put. Same BGP AS can be used several times in single file on different pages.
BGP AS number can be set directly in shape or via Dictionary:
Entity name – conventional BGP AS name (no spaces allowed);
Entity value – BGP AS number;
Entity description – optional BGP AS description (spaces allowed).
During distribution NDAT compares Entity name to BGP AS name in shape and Entity description to BGP AS description. Any single match is enough to set AS number from dictionary.
l3devicevrf or l3device into BGP AS inclusion is a must for BGP AS report generaton.
BGP sessions and hubs
BGP sessions can be drawn in three ways:
Full session (l3bgpsession);
«Half-session» via eBGP hub (l3bgphalfsession + l3ebgphub);
«Half-session» via iBGP hub (l3bgphalfsession + l3ibgphub);
eBGP hub operation rule:
NDAT couples all connected to hub peers – only those from different AS are put into report.
iBGP hub operation rule:
NDAT couples all connected to hub peers – only those with different Hostname + VRF Name combination are put into report. BGP AS equality is not checked in current release.
If BGP session report creation called, then at first NDAT loops over BGP hubs, then NDAT loops over full sessions.
BGP session report can be symmetric or asymmetric – just like link reports.
BGP sessions and callouts
l3bgpession and l3bgphalfsession shapes have connection points. BGP session properties (address-family, BGP policies, peering options, etc.) should be defined in name-value pairs in connected callouts. Standard callouts should be used (generaladdinfo) – like on Racks/L2 pages. Any name-value pairs can be written in callouts - up to configuration fragments. Callout contents will be collected into report.
In BGP session callouts some substitutable variables can be used:
LHostname - local hostname;
RHostname - remote hostname;
LVRF - local VRF name;
RVRF - remote VRF name;
LSourceIP - local update-source IP address;
RSourceIP - remote update-source IP address;
LSourceInterface - local IP interface name;
RSourceInterface - remote IP interface name;
LAS - local BGP AS number;
RAS - remote BGP AS number.
BGP sessions and route-policy / prefix-set names
For each BGP session NDAT prepares route-policy / route-map and prefix-set / prefix-list names. Names are defined by formulas linke in L2 interface description; they can include variables:
LHostname - local hostname;
RHostname - remote hostname;
LVRF - local VRF name;
RVRF - remote VRF name;
LSourceIP - local update-source IP address;
RSourceIP - remote update-source IP address;
LSourceInterface - local IP interface name;
RSourceInterface - remote IP interface name;
LAS - local BGP AS number;
RAS - remote BGP AS number.
Multiplicators on L3 diagrams
Multiplicators are supported only for L3DeviceVRF. L3VRF multiplication is unsupported.
Multiplicators perform well together with Secondary addressing, BGP sessions, Loopback interfaces.
Profiles and callouts
On L3 diagrams profiles and callouts can be attached to:
VRF and DeviceVRF (l3vrf, l3devicevrf).
L3 interfaces (l3port).
Loopback-interfaces (l3loopback).
Shared IPs (l3sharedip).
And also profiles can be attached to static routes (l3staticroute).
And also callouts can be attached to BGP sessions (l3bgpsession, l3bgphalfsession).
Callouts and profile contents will be collected to appropriate profiled reports (except BGP session report – it always includes callouts contents).
Installation maps
Installation map – is an Excel document, which combines info about IP addresses and arbitrary data defined in profiles and callouts that attached to L3 nodes. Complex sample of profiles usage can be found in file IM testing v00x.vsdx. In current release NDAT includes in IM only profiles that attached to L3 nodes.
Dictionaries
Dictionaries is a tool to manage number spaces. In current release can be used to manage:
VPN ID;
BGP AS;
Loopback0 for devices where l3loopback shape not used;
L3VNI.
NDAT can collect absent entries to mandatory dictionaries (VPN ID, BGP AS, L3 device loopback, L3VNI).
Last updated