evpn-vxlan-fabric

Name: evpn-vxlan-fabric
Author: automateyournetwork/netclaw

$npx mdskill add automateyournetwork/netclaw/evpn-vxlan-fabric

Audits and troubleshoots EVPN/VXLAN fabrics for overlay reachability and health

Resolves VXLAN overlay reachability and silent host issues in leaf-spine fabrics
Leverages pyATS, BGP EVPN, and NetBox for topology and configuration validation
Analyzes VTEP consistency, route types, VNIs, and multihoming states to identify misconfigurations
Delivers actionable reports with reconciliation of underlay/overlay health and intent

SKILL.md

.github/skills/evpn-vxlan-fabricView on GitHub ↗

---
name: evpn-vxlan-fabric
description: "EVPN/VXLAN fabric audit and troubleshooting — VTEPs, VNIs, route types, multihoming, underlay/overlay validation. Use when troubleshooting VXLAN overlay reachability, auditing leaf-spine fabric health, debugging silent hosts or asymmetric flooding, or validating anycast gateway and ESI multihoming state."
license: Apache-2.0
user-invocable: true
metadata:
{ "openclaw": { "requires": { "bins": ["python3"], "env": ["PYATS_TESTBED_PATH"] } } }
---

# EVPN/VXLAN Fabric

## Primary Backends

- `pyats-network`
- `pyats-routing`
- `pyats-topology`
- `netbox-reconcile`

## Focus Areas

- VTEP reachability and loopback consistency
- VXLAN VNI to VLAN mapping
- EVPN route types 2, 3, and 5
- Anycast gateway consistency
- Multihoming and Ethernet Segment state
- Underlay routing health vs overlay symptoms

## When to Use

- EVPN MAC/IP reachability issues
- Silent hosts or asymmetric flooding complaints
- Anycast gateway or ARP suppression problems
- Leaf-spine underlay failures impacting overlay forwarding
- Data-center fabric audit and documentation

## Workflow: Overlay Reachability

1. Verify underlay reachability between VTEPs.
2. Check BGP EVPN session health and route-type presence.
3. Validate VNI mapping, bridge domains, and anycast gateway settings.
4. Cross-check local MAC learning against EVPN advertisements.
5. Reconcile intended VLAN/VNI mappings against NetBox or ACI intent.

## Workflow: Multihoming / ESI Trouble

1. Confirm the access device and leaf pair are both healthy.
2. Validate Ethernet Segment identifiers and DF election state.
3. Check for duplicate MAC movement or split-horizon symptoms.
4. Verify LACP state, access VLANs, and host-facing port consistency.

## Important Rules

- **Always validate the underlay before blaming the overlay**
- **Do not push fabric config without approved change control**
- **Use route-type evidence, not assumptions, to explain forwarding**

More from automateyournetwork/netclaw

Skill	Description
aap-automation	Red Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-eda	Event-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lint	ansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploy	Safe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-audit	Comprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvp	Arista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-config	View and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfaces	Monitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switching	View and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-system	Discover Aruba CX switch system information, firmware versions, and VSF topology