-
Notifications
You must be signed in to change notification settings - Fork 203
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feat(eos_designs): Inject default VRF policy with a match-all stateme…
…nt when missing (#3560) Co-authored-by: Claus Holbech <[email protected]>
- Loading branch information
1 parent
c553814
commit 8fed1a3
Showing
9 changed files
with
1,363 additions
and
38 deletions.
There are no files selected for viewing
180 changes: 180 additions & 0 deletions
180
...a/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge-no-default-policy.cfg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,180 @@ | ||
| !RANCID-CONTENT-TYPE: arista | ||
| ! | ||
| vlan internal order ascending range 1006 1199 | ||
| ! | ||
| transceiver qsfp default-mode 4x10G | ||
| ! | ||
| service routing protocols model multi-agent | ||
| ! | ||
| hostname autovpn-edge-no-default-policy | ||
| ! | ||
| router path-selection | ||
| tcp mss ceiling ipv4 ingress | ||
| ! | ||
| path-group INET id 101 | ||
| ipsec profile AUTOVPN | ||
| ! | ||
| local interface Ethernet1 | ||
| stun server-profile INET-autovpn-rr3-Ethernet1 | ||
| ! | ||
| peer dynamic | ||
| ! | ||
| peer static router-ip 2.2.2.2 | ||
| name autovpn-rr3 | ||
| ipv4 address 10.7.7.7 | ||
| ! | ||
| load-balance policy LB-CONTROL-PLANE-PROFILE | ||
| path-group INET | ||
| ! | ||
| load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT | ||
| path-group INET | ||
| ! | ||
| policy DEFAULT-AVT-POLICY-WITH-CP | ||
| default-match | ||
| load-balance LB-DEFAULT-AVT-POLICY-DEFAULT | ||
| 10 application-profile CONTROL-PLANE-APPLICATION-PROFILE | ||
| load-balance LB-CONTROL-PLANE-PROFILE | ||
| ! | ||
| vrf default | ||
| path-selection-policy DEFAULT-AVT-POLICY-WITH-CP | ||
| ! | ||
| spanning-tree mode none | ||
| ! | ||
| no enable password | ||
| no aaa root | ||
| ! | ||
| vrf instance IT | ||
| ! | ||
| vrf instance MGMT | ||
| ! | ||
| vrf instance PROD | ||
| ! | ||
| ip security | ||
| ! | ||
| ike policy AUTOVPN-IKE | ||
| local-id 192.168.255.1 | ||
| ! | ||
| sa policy AUTOVPN-SA | ||
| ! | ||
| profile AUTOVPN | ||
| ike-policy AUTOVPN-IKE | ||
| sa-policy AUTOVPN-SA | ||
| connection start | ||
| shared-key 7 ABCDEF1234567890 | ||
| dpd 10 50 clear | ||
| mode transport | ||
| ! | ||
| key controller | ||
| profile AUTOVPN | ||
| ! | ||
| interface Dps1 | ||
| description DPS Interface | ||
| ip address 192.168.255.1/32 | ||
| ! | ||
| interface Ethernet1 | ||
| no shutdown | ||
| no switchport | ||
| ip address dhcp | ||
| dhcp client accept default-route | ||
| ! | ||
| interface Loopback0 | ||
| description Router_ID | ||
| no shutdown | ||
| ip address 192.168.30.1/32 | ||
| ! | ||
| interface Vxlan1 | ||
| description autovpn-edge-no-default-policy_VTEP | ||
| vxlan source-interface Dps1 | ||
| vxlan udp-port 4789 | ||
| vxlan vrf default vni 1 | ||
| vxlan vrf IT vni 100 | ||
| vxlan vrf PROD vni 42 | ||
| ! | ||
| application traffic recognition | ||
| ! | ||
| application ipv4 CONTROL-PLANE-APPLICATION | ||
| destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES | ||
| ! | ||
| application-profile CONTROL-PLANE-APPLICATION-PROFILE | ||
| application CONTROL-PLANE-APPLICATION | ||
| ! | ||
| field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES | ||
| 2.2.2.2/32 | ||
| ! | ||
| ip routing | ||
| ip routing vrf IT | ||
| no ip routing vrf MGMT | ||
| ip routing vrf PROD | ||
| ! | ||
| ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY | ||
| seq 10 permit 192.168.30.0/24 eq 32 | ||
| ! | ||
| route-map RM-CONN-2-BGP permit 10 | ||
| match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | ||
| ! | ||
| route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30 | ||
| match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY | ||
| ! | ||
| router bfd | ||
| multihop interval 300 min-rx 300 multiplier 3 | ||
| ! | ||
| router bgp 65000 | ||
| router-id 192.168.30.1 | ||
| maximum-paths 16 | ||
| update wait-install | ||
| no bgp default ipv4-unicast | ||
| neighbor WAN-OVERLAY-PEERS peer group | ||
| neighbor WAN-OVERLAY-PEERS remote-as 65000 | ||
| neighbor WAN-OVERLAY-PEERS update-source Dps1 | ||
| neighbor WAN-OVERLAY-PEERS bfd | ||
| neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== | ||
| neighbor WAN-OVERLAY-PEERS send-community | ||
| neighbor WAN-OVERLAY-PEERS maximum-routes 0 | ||
| neighbor 2.2.2.2 peer group WAN-OVERLAY-PEERS | ||
| neighbor 2.2.2.2 description autovpn-rr3 | ||
| redistribute connected route-map RM-CONN-2-BGP | ||
| ! | ||
| address-family evpn | ||
| neighbor WAN-OVERLAY-PEERS activate | ||
| ! | ||
| address-family ipv4 | ||
| no neighbor WAN-OVERLAY-PEERS activate | ||
| ! | ||
| address-family path-selection | ||
| bgp additional-paths receive | ||
| bgp additional-paths send any | ||
| neighbor WAN-OVERLAY-PEERS activate | ||
| ! | ||
| vrf default | ||
| rd 192.168.30.1:1 | ||
| route-target import evpn 1:1 | ||
| route-target export evpn 1:1 | ||
| route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT | ||
| ! | ||
| vrf IT | ||
| rd 192.168.30.1:100 | ||
| route-target import evpn 100:100 | ||
| route-target export evpn 100:100 | ||
| router-id 192.168.30.1 | ||
| redistribute connected | ||
| ! | ||
| vrf PROD | ||
| rd 192.168.30.1:42 | ||
| route-target import evpn 42:42 | ||
| route-target export evpn 42:42 | ||
| router-id 192.168.30.1 | ||
| redistribute connected | ||
| ! | ||
| management api http-commands | ||
| protocol https | ||
| no shutdown | ||
| ! | ||
| vrf MGMT | ||
| no shutdown | ||
| ! | ||
| stun | ||
| client | ||
| server-profile INET-autovpn-rr3-Ethernet1 | ||
| ip address 10.7.7.7 | ||
| ! | ||
| end |
Oops, something went wrong.