Arista EOS 実践的なvxlan設定 – 自宅で体験できるファブリックネットワーク

Arista EOSにおける実践的なVXLANの設定を紹介します。冗長性かつActive/Active構成にするにはMLAGとVXLANを併用する必要があります。この構成を採用するためには、MLAGピア同士でIPアドレスを重複させたLoopbackアドレスを持たせる必要があります。

• Arista vEOSの基本的な使い方
• Arista cEOSの基本的な使い方
• Arista cEOS docker-composeを使った操作例
• Arista cEOS docker-topoを使った操作例
• Arista EOSの基本操作 SSHログインが出来るようになるまで
• Arista EOS vxlanの設定紹介
• Arista EOS Layer2 EVPNの設定紹介
• Arista EOS Layer3 EVPNの設定紹介
• Arista EOS Layer3 EVPNとダイナミックルーティングの併用
• Arista EOS MLAGの設定方法
• Arista EOS 実践的なvxlan設定 (いまここ)
• Arista EOS 実践的なLayer2 EVPN設定
• Arista EOS アップリンク二重障害の対応
• Arista EOS 実践的なLayer3 EVPN設定
• Arista EOS 実践的なEVPNとダイナミックルーティング併用例
• Arista EOS ゼロタッチプロビジョニングの設定

構成図

以下の環境で動作確認を行います。

初期設定

初期設定はIPアドレスのみです。

! Command: show running-config
! device: leaf01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$DY3Y0gCzGUIW6tJw$nwRBX5nN1rhpD/XBNRJPg8w24AcWPIdP.6zXysf6xGB5jEdSE0VDkFm9vw4OA8Kjg92E8F/IWlZG2ykyeGwl/0
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.15.1/24
!
interface Ethernet2
   no switchport
   ip address 192.168.16.1/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
!
interface Loopback0
   ip address 10.1.1.1/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.41/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: leaf02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9JQ5M00Xnj2AqWvA$JyN3mfa1nwjGDEvIqHsOuBH3qvT9gyhxjjHFEm..gN31rjrsNYsQygNBTQnP7LKzwNUsQp7gJdJePjiEG4RBv/
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.25.2/24
!
interface Ethernet2
   no switchport
   ip address 192.168.26.2/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
!
interface Loopback0
   ip address 10.2.2.2/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.42/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: leaf03 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf03
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$TGVrvmoc9sf9EJQn$TEUpiD7T.OzdOWCnT4os043XKrmLnORhQVTllouCnYVcTvD.CWMgDjeuGOVJmgfOYPQiSIv84s6c7LQVr.BxG1
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.35.3/24
!
interface Ethernet2
   no switchport
   ip address 192.168.36.3/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
!
interface Loopback0
   ip address 10.3.3.3/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.43/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: leaf04 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf04
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9S0BfO0AdilA2Hi6$.Faho8IMxokJDTGTu9oVEGLgMJKxilgpKbTV/7/DlhIVaHOqbBuftfq3el/hszBaPHVh9lEn7tJaMGp/eK.Zc.
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.45.4/24
!
interface Ethernet2
   no switchport
   ip address 192.168.46.4/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
!
interface Loopback0
   ip address 10.4.4.4/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.44/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: spine05 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine05
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$XFkOMPhEDNS1wWd4$Oe2lPKNVkMayb9d9CBNV8HRXqEkrWJd0zZMQvRYnZKkgiQXD/Asur3Fa1GxKnl0RavkMT9.7GqgYTzjhNAG3L1
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.15.5/24
!
interface Ethernet2
   no switchport
   ip address 192.168.25.5/24
!
interface Ethernet3
   no switchport
   ip address 192.168.35.5/24
!
interface Ethernet4
   no switchport
   ip address 192.168.45.5/24
!
interface Loopback0
   ip address 10.5.5.5/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.45/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: spine06 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine06
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Oix6CIRpKHv7i8QG$pALu/2M0G83aGnlUS6xphzUQEJLdR/0ph75.n0JGq0.lKrC/mmvqC6gn8FnO0FTH4lI7KHUiMU2q/jwo.4uC4/
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.16.6/24
!
interface Ethernet2
   no switchport
   ip address 192.168.26.6/24
!
interface Ethernet3
   no switchport
   ip address 192.168.36.6/24
!
interface Ethernet4
   no switchport
   ip address 192.168.46.6/24
!
interface Loopback0
   ip address 10.6.6.6/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.46/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: host07 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host07
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$CVT.SBFewBoztbg4$Lt8hkoSUwYeQLpgs0i86cxyW2H9B5QPin0BEQ6D1sPhOZCaZKS1V9IZGDFYNyXCxt9axpDjhd3ziFwFpJnzSN1
!
vlan 78
!
vrf instance CONSOLE
!
interface Ethernet1
   switchport mode trunk
!
interface Ethernet2
   switchport mode trunk
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.47/24
!
interface Vlan78
   ip address 192.168.78.70/24
   ip address 192.168.78.71/24 secondary
   ip address 192.168.78.72/24 secondary
   ip address 192.168.78.73/24 secondary
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: host08 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host08
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Q0YNQvuLCDXy5o.A$fxTIZUs7UEjcM18CphWxwXddcAzMn43.FOTaGMR9uB.56r0Iv.xIHGlwaHDSmDApgDWmUKh7crSxMOxhL7z1H/
!
vlan 78
!
vrf instance CONSOLE
!
interface Ethernet1
   switchport mode trunk
!
interface Ethernet2
   switchport mode trunk
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.48/24
!
interface Vlan78
   ip address 192.168.78.80/24
   ip address 192.168.78.81/24 secondary
   ip address 192.168.78.82/24 secondary
   ip address 192.168.78.83/24 secondary
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

動作確認

MLAGの設定

leaf01とleaf02、leaf03とleaf04でMLAGを構成します。

# leaf01
vlan 12
interface Vlan12
   ip address 192.168.12.1/24
mlag configuration
   domain-id domain12
   local-interface Vlan12
   peer-address 192.168.12.2
   peer-link Ethernet3

# leaf02
vlan 12
interface Vlan12
   ip address 192.168.12.2/24
mlag configuration
   domain-id domain12
   local-interface Vlan12
   peer-address 192.168.12.1
   peer-link Ethernet3

# leaf03
vlan 34
interface Vlan34
   ip address 192.168.34.3/24
mlag configuration
   domain-id domain34
   local-interface Vlan34
   peer-address 192.168.34.4
   peer-link Ethernet3

# leaf04
vlan 34
interface Vlan34
   ip address 192.168.34.4/24
mlag configuration
   domain-id domain34
   local-interface Vlan34
   peer-address 192.168.34.3
   peer-link Ethernet3

MLAGがUP状態である事を確認します。

leaf02#show mlag 
MLAG Configuration:               
domain-id                          :            domain12
local-interface                    :              Vlan12
peer-address                       :        192.168.12.1
peer-link                          :           Ethernet3
peer-config                        :          consistent
                                                        
MLAG Status:                      
state                              :              Active
negotiation status                 :           Connected
peer-link status                   :                  Up
local-int status                   :                  Up
system-id                          :   02:50:56:03:94:09
dual-primary detection             :            Disabled
dual-primary interface errdisabled :               False
                                                        
MLAG Ports:                       
Disabled                           :                   0
Configured                         :                   0
Inactive                           :                   0
Active-partial                     :                   0
Active-full                        :                   0

leaf02#

leaf03#show mlag 
MLAG Configuration:               
domain-id                          :            domain34
local-interface                    :              Vlan34
peer-address                       :        192.168.34.4
peer-link                          :           Ethernet3
peer-config                        :          consistent
                                                        
MLAG Status:                      
state                              :              Active
negotiation status                 :           Connected
peer-link status                   :                  Up
local-int status                   :                  Up
system-id                          :   02:50:56:9e:a4:3a
dual-primary detection             :            Disabled
dual-primary interface errdisabled :               False
                                                        
MLAG Ports:                       
Disabled                           :                   0
Configured                         :                   0
Inactive                           :                   0
Active-partial                     :                   0
Active-full                        :                   1

leaf03#

LAGの作成

リーフスイッチとホストの間でLAGを構成します。

# leaf01, leaf02, leaf03, leaf04
interface Ethernet4
   switchport mode trunk
   channel-group 4 mode on
interface Port-Channel4
   switchport mode trunk
   mlag 4

# host07, host08
interface Ethernet1,2
   switchport mode trunk
   channel-group 12 mode on
interface Port-Channel12
   switchport mode trunk

LAGがUP状態である事を確認します。

leaf01#show port-channel summary 

                 Flags                                                          
------------------------ ---------------------------- ------------------------- 
  a - LACP Active          p - LACP Passive           * - static fallback       
  F - Fallback enabled     f - Fallback configured    ^ - individual fallback   
  U - In Use               D - Down                                             
  + - In-Sync              - - Out-of-Sync            i - incompatible with agg 
  P - bundled in Po        s - suspended              G - Aggregable            
  I - Individual           S - ShortTimeout           w - wait for agg          
  E - Inactive. The number of configured port channels exceeds the config limit

Number of channels in use: 1
Number of aggregators: 1

   Port-Channel       Protocol    Ports           
------------------ -------------- --------------- 
   Po4(U)             Static      Et4(P) PEt4(P)  

leaf01#

leaf03#show port-channel summary 

                 Flags                                                          
------------------------ ---------------------------- ------------------------- 
  a - LACP Active          p - LACP Passive           * - static fallback       
  F - Fallback enabled     f - Fallback configured    ^ - individual fallback   
  U - In Use               D - Down                                             
  + - In-Sync              - - Out-of-Sync            i - incompatible with agg 
  P - bundled in Po        s - suspended              G - Aggregable            
  I - Individual           S - ShortTimeout           w - wait for agg          
  E - Inactive. The number of configured port channels exceeds the config limit

Number of channels in use: 1
Number of aggregators: 1

   Port-Channel       Protocol    Ports           
------------------ -------------- --------------- 
   Po4(U)             Static      Et4(P) PEt4(P)  

leaf03#

アンダーレイのルーティング

リーフ/スパイン間のルーティングを設定します。Active/Activeの通信経路になるよう、maximum-pathsも忘れずに設定します。

# leaf01
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.15.5 remote-as 65000
   neighbor 192.168.16.6 remote-as 65000
   network 10.1.1.1/32

# leaf02
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.25.5 remote-as 65000
   neighbor 192.168.26.6 remote-as 65000
   network 10.2.2.2/32

# leaf03
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.35.5 remote-as 65000
   neighbor 192.168.36.6 remote-as 65000
   network 10.3.3.3/32

# leaf04
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.45.5 remote-as 65000
   neighbor 192.168.46.6 remote-as 65000
   network 10.4.4.4/32

# spine05
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.15.1 remote-as 65000
   neighbor 192.168.15.1 route-reflector-client
   neighbor 192.168.25.2 remote-as 65000
   neighbor 192.168.25.2 route-reflector-client
   neighbor 192.168.35.3 remote-as 65000
   neighbor 192.168.35.3 route-reflector-client
   neighbor 192.168.45.4 remote-as 65000
   neighbor 192.168.45.4 route-reflector-client
   network 192.168.15.0/24
   network 192.168.25.0/24
   network 192.168.35.0/24
   network 192.168.45.0/24
   network 10.5.5.5/32

# spine06
ip routing 
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.16.1 remote-as 65000
   neighbor 192.168.16.1 route-reflector-client
   neighbor 192.168.26.2 remote-as 65000
   neighbor 192.168.26.2 route-reflector-client
   neighbor 192.168.36.3 remote-as 65000
   neighbor 192.168.36.3 route-reflector-client
   neighbor 192.168.46.4 remote-as 65000
   neighbor 192.168.46.4 route-reflector-client
   network 192.168.16.0/24
   network 192.168.26.0/24
   network 192.168.36.0/24
   network 192.168.46.0/24
   network 10.6.6.6/32

leaf01,leaf02,leaf03,leaf04の間で互いに経路を交換できている事を確認します。また、Active/Activeの通信経路になっている事を確認します。

leaf01#show ip route 

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

Gateway of last resort is not set

 C        10.1.1.1/32 is directly connected, Loopback0
 B I      10.2.2.2/32 [200/0] via 192.168.15.5, Ethernet1
                              via 192.168.16.6, Ethernet2
 B I      10.3.3.3/32 [200/0] via 192.168.15.5, Ethernet1
                              via 192.168.16.6, Ethernet2
 B I      10.4.4.4/32 [200/0] via 192.168.15.5, Ethernet1
                              via 192.168.16.6, Ethernet2
 B I      10.5.5.5/32 [200/0] via 192.168.15.5, Ethernet1
 B I      10.6.6.6/32 [200/0] via 192.168.16.6, Ethernet2
 C        192.168.12.0/24 is directly connected, Vlan12
 C        192.168.15.0/24 is directly connected, Ethernet1
 C        192.168.16.0/24 is directly connected, Ethernet2

leaf01#

重複IPアドレスの作成

MLAGピアとなるリーフスイッチで、Loopbackに対して重複するIPアドレスを設定します。

後ほどの手順にて、このLoopbackをvxlanの送信元とする事で、Acitve/Active構成を実現します。

なお、この後に再起動操作をするとbgp router-idが重複してしまいますので、route-idの明示指定も必要です。

# leaf01
interface Loopback10
   ip address 10.12.12.12/32
router bgp 65000
   router-id 10.1.1.1
   network 10.12.12.12/32

# leaf02
interface Loopback10
   ip address 10.12.12.12/32
router bgp 65000
   router-id 10.2.2.2
   network 10.12.12.12/32

# leaf03
interface Loopback10
   ip address 10.34.34.34/32
router bgp 65000
   router-id 10.3.3.3
   network 10.34.34.34/32

# leaf04
interface Loopback10
   ip address 10.34.34.34/32
router bgp 65000
   router-id 10.4.4.4
   network 10.34.34.34/32

Loopback10のIPアドレスが互いに経路交換されている事を確認します。

leaf01#show ip route 10.34.34.34

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

 B I      10.34.34.34/32 [200/0] via 192.168.15.5, Ethernet1
                                 via 192.168.16.6, Ethernet2

leaf01#

VXLANの設定

リーフスイッチに対してvxlanの設定を行います。

# leaf01, leaf02
vlan 78
interface Vxlan1
   vxlan source-interface Loopback10
   vxlan vlan 78 vni 9078
   vxlan flood vtep 10.34.34.34

# leaf03, leaf04
vlan 78
interface Vxlan1
   vxlan source-interface Loopback10
   vxlan vlan 78 vni 9078
   vxlan flood vtep 10.12.12.12

インターフェースvxlanがup状態である事を確認します。また、staticに設定したflood vtepがMLAGピアでIPアドレスが重複しているLoopback10宛になっている事を確認します。

leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
  Hardware is Vxlan
  Source interface is Loopback10 and is active with 10.12.12.12
  Replication/Flood Mode is headend with Flood List Source: CLI
  Remote MAC learning via Datapath
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [78, 9078]       
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is not configured
  Headend replication flood vtep list is:
    78 10.34.34.34    
  MLAG Shared Router MAC is 0000.0000.0000

疎通

host07とhost08の間で互いに疎通可能である事を確認します。

host07#ping 192.168.78.80
PING 192.168.78.80 (192.168.78.80) 72(100) bytes of data.
80 bytes from 192.168.78.80: icmp_seq=1 ttl=64 time=67.6 ms
80 bytes from 192.168.78.80: icmp_seq=2 ttl=64 time=63.3 ms
80 bytes from 192.168.78.80: icmp_seq=3 ttl=64 time=55.9 ms
80 bytes from 192.168.78.80: icmp_seq=4 ttl=64 time=47.7 ms
80 bytes from 192.168.78.80: icmp_seq=5 ttl=64 time=36.9 ms

--- 192.168.78.80 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 45ms
rtt min/avg/max/mdev = 36.928/54.324/67.669/11.029 ms, pipe 5, ipg/ewma 11.369/60.162 ms
host07#

MACアドレス等の情報を互いに学習している事を確認します。

host07#show arp
Address         Age (sec)  Hardware Addr   Interface
192.168.78.80     0:00:37  0050.562d.680f  Vlan78, Port-Channel12
host07#

host08#show arp
Address         Age (sec)  Hardware Addr   Interface
192.168.78.70     0:00:47  0050.56ea.fea3  Vlan78, Port-Channel12
host08#

leaf01#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
  78  0050.562d.680f  DYNAMIC  Vx1  10.34.34.34      1       0:01:02 ago
Total Remote Mac Addresses for this criterion: 1
leaf01#

leaf03#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
  78  0050.56ea.fea3  DYNAMIC  Vx1  10.12.12.12      1       0:01:14 ago
Total Remote Mac Addresses for this criterion: 1
leaf03#