Fix(eos_designs): WAN Preview - Update configs to align to best pract…

…ices (#3556) Co-authored-by: Guillaume Mulocher <[email protected]>
aristanetworks · Jan 29, 2024 · bf3f79f · bf3f79f
1 parent 3a7b140
commit bf3f79f
Show file tree

Hide file tree

Showing 56 changed files with 1,119 additions and 376 deletions.
diff --git a/...designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml b/...designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml
@@ -15,6 +15,7 @@ wan_path_groups:
 wan_edge:
   defaults:
     loopback_ipv4_pool: 192.168.0.0/24
+    vtep_loopback_ipv4_pool: 192.168.1.0/24
   nodes:
     - name: invalid-wan-role-cv-pathfinder-role-1
       # Trying to set edge as RR

diff --git a/...designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml b/...designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml
@@ -15,6 +15,7 @@ wan_path_groups:
 wan_rr:
   defaults:
     loopback_ipv4_pool: 192.168.0.0/24
+    vtep_loopback_ipv4_pool: 192.168.1.0/24
   nodes:
     - name: invalid-wan-role-cv-pathfinder-role-2
       # Trying to set pathfinder as RR client

diff --git a/...gns_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml b/...gns_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml
@@ -9,6 +9,7 @@ overlay_routing_protocol: none
 wan_edge:
   defaults:
     loopback_ipv4_pool: 192.168.0.0/24
+    vtep_loopback_ipv4_pool: 192.168.1.0/24
   nodes:
     - name: invalid-wan-role-overlay-routing-protocol
       id: 1

diff --git a/...designs_negative_unit_tests/inventory/host_vars/missing-data-plane_cpu-allocation-max.yml b/...designs_negative_unit_tests/inventory/host_vars/missing-data-plane_cpu-allocation-max.yml
@@ -3,6 +3,7 @@ bgp_as: 65000
 wan_rr:
   defaults:
     loopback_ipv4_pool: 10.42.0.0/24
+    vtep_loopback_ipv4_pool: 192.168.1.0/24
   nodes:
     - name: missing-data-plane_cpu-allocation-max
       id: 1

diff --git a/..._collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/..._collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg
@@ -9,6 +9,7 @@ service routing protocols model multi-agent
 hostname autovpn-edge
 !
 router path-selection
+   tcp mss ceiling ipv4 ingress
    !
    path-group INET id 101
       ipsec profile AUTOVPN
@@ -18,11 +19,11 @@ router path-selection
       !
       peer dynamic
       !
-      peer static router-ip 192.168.31.1
+      peer static router-ip 192.168.131.1
          name autovpn-rr1
          ipv4 address 10.7.7.7
       !
-      peer static router-ip 192.168.31.2
+      peer static router-ip 192.168.131.2
          name autovpn-rr2
          ipv4 address 10.8.8.8
    !
@@ -75,7 +76,7 @@ vrf instance PROD
 ip security
    !
    ike policy AUTOVPN-IKE
-      local-id 192.168.30.1
+      local-id 192.168.130.1
    !
    sa policy AUTOVPN-SA
    !
@@ -92,7 +93,7 @@ ip security
 !
 interface Dps1
    description DPS Interface
-   tcp mss ceiling ipv4 1000
+   ip address 192.168.130.1/32
 !
 interface Ethernet1
    no shutdown
@@ -107,7 +108,7 @@ interface Loopback0
 !
 interface Vxlan1
    description autovpn-edge_VTEP
-   vxlan source-interface Loopback0
+   vxlan source-interface Dps1
    vxlan udp-port 4789
    vxlan vrf default vni 1
    vxlan vrf IT vni 100
@@ -128,13 +129,22 @@ application traffic recognition
    application-profile VOICE
    !
    field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES
-      192.168.31.1/32 192.168.31.2/32
+      192.168.131.1/32 192.168.131.2/32
 !
 ip routing
 ip routing vrf IT
 no ip routing vrf MGMT
 ip routing vrf PROD
 !
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 192.168.30.0/24 eq 32
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
 router bfd
    multihop interval 300 min-rx 300 multiplier 3
 !
@@ -145,15 +155,16 @@ router bgp 65000
    no bgp default ipv4-unicast
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
-   neighbor WAN-OVERLAY-PEERS update-source Loopback0
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
    neighbor WAN-OVERLAY-PEERS bfd
    neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
    neighbor WAN-OVERLAY-PEERS send-community
    neighbor WAN-OVERLAY-PEERS maximum-routes 0
-   neighbor 192.168.31.1 peer group WAN-OVERLAY-PEERS
-   neighbor 192.168.31.1 description autovpn-rr1
-   neighbor 192.168.31.2 peer group WAN-OVERLAY-PEERS
-   neighbor 192.168.31.2 description autovpn-rr2
+   neighbor 192.168.131.1 peer group WAN-OVERLAY-PEERS
+   neighbor 192.168.131.1 description autovpn-rr1
+   neighbor 192.168.131.2 peer group WAN-OVERLAY-PEERS
+   neighbor 192.168.131.2 description autovpn-rr2
+   redistribute connected route-map RM-CONN-2-BGP
    !
    address-family evpn
       neighbor WAN-OVERLAY-PEERS activate
@@ -165,6 +176,26 @@ router bgp 65000
       bgp additional-paths receive
       bgp additional-paths send any
       neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf default
+      rd 192.168.30.1:1
+      route-target import evpn 1:1
+      route-target export evpn 1:1
+      route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
+   !
+   vrf IT
+      rd 192.168.30.1:100
+      route-target import evpn 100:100
+      route-target export evpn 100:100
+      router-id 192.168.30.1
+      redistribute connected
+   !
+   vrf PROD
+      rd 192.168.30.1:42
+      route-target import evpn 42:42
+      route-target export evpn 42:42
+      router-id 192.168.30.1
+      redistribute connected
 !
 management api http-commands
    protocol https

diff --git a/...e_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/...e_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg
@@ -10,13 +10,14 @@ hostname autovpn-rr1
 !
 router path-selection
    peer dynamic source stun
+   tcp mss ceiling ipv4 ingress
    !
    path-group INET id 101
       ipsec profile AUTOVPN
       !
       local interface Ethernet1
       !
-      peer static router-ip 192.168.31.2
+      peer static router-ip 192.168.131.2
          name autovpn-rr2
          ipv4 address 10.8.8.8
    !
@@ -73,7 +74,7 @@ vrf instance MGMT
 ip security
    !
    ike policy AUTOVPN-IKE
-      local-id 192.168.31.1
+      local-id 192.168.131.1
    !
    sa policy AUTOVPN-SA
    !
@@ -87,7 +88,7 @@ ip security
 !
 interface Dps1
    description DPS Interface
-   tcp mss ceiling ipv4 1000
+   ip address 192.168.131.1/32
 !
 interface Ethernet1
    no shutdown
@@ -102,7 +103,7 @@ interface Loopback0
 !
 interface Vxlan1
    description autovpn-rr1_VTEP
-   vxlan source-interface Loopback0
+   vxlan source-interface Dps1
    vxlan udp-port 4789
    vxlan vrf default vni 1
 !
@@ -121,11 +122,20 @@ application traffic recognition
    application-profile VOICE
    !
    field-set ipv4 prefix CONTROL-PLANE-APP-SRC-PREFIXES
-      192.168.31.1/32
+      192.168.131.1/32
 !
 ip routing
 no ip routing vrf MGMT
 !
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 192.168.31.0/24 eq 32
+!
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
 router bfd
    multihop interval 300 min-rx 300 multiplier 3
 !
@@ -135,23 +145,24 @@ router bgp 65000
    update wait-install
    no bgp default ipv4-unicast
    bgp cluster-id 192.168.31.1
-   bgp listen range 192.168.30.0/24 peer-group WAN-OVERLAY-PEERS remote-as 65000
+   bgp listen range 192.168.130.0/24 peer-group WAN-OVERLAY-PEERS remote-as 65000
    neighbor RR-OVERLAY-PEERS peer group
    neighbor RR-OVERLAY-PEERS remote-as 65000
-   neighbor RR-OVERLAY-PEERS update-source Loopback0
+   neighbor RR-OVERLAY-PEERS update-source Dps1
    neighbor RR-OVERLAY-PEERS bfd
    neighbor RR-OVERLAY-PEERS send-community
    neighbor RR-OVERLAY-PEERS maximum-routes 0
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
-   neighbor WAN-OVERLAY-PEERS update-source Loopback0
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
    neighbor WAN-OVERLAY-PEERS route-reflector-client
    neighbor WAN-OVERLAY-PEERS bfd
    neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
    neighbor WAN-OVERLAY-PEERS send-community
    neighbor WAN-OVERLAY-PEERS maximum-routes 0
-   neighbor 192.168.31.2 peer group RR-OVERLAY-PEERS
-   neighbor 192.168.31.2 description autovpn-rr2
+   neighbor 192.168.131.2 peer group RR-OVERLAY-PEERS
+   neighbor 192.168.131.2 description autovpn-rr2
+   redistribute connected route-map RM-CONN-2-BGP
    !
    address-family evpn
       neighbor RR-OVERLAY-PEERS activate
@@ -167,6 +178,12 @@ router bgp 65000
       bgp additional-paths send any
       neighbor RR-OVERLAY-PEERS activate
       neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf default
+      rd 192.168.31.1:1
+      route-target import evpn 1:1
+      route-target export evpn 1:1
+      route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
 !
 management api http-commands
    protocol https

diff --git a/...e_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/...e_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg
@@ -10,13 +10,14 @@ hostname autovpn-rr2
 !
 router path-selection
    peer dynamic source stun
+   tcp mss ceiling ipv4 ingress
    !
    path-group INET id 101
       ipsec profile AUTOVPN
       !
       local interface Ethernet1
       !
-      peer static router-ip 192.168.31.1
+      peer static router-ip 192.168.131.1
          name autovpn-rr1
          ipv4 address 10.7.7.7
    !
@@ -73,7 +74,7 @@ vrf instance MGMT
 ip security
    !
    ike policy AUTOVPN-IKE
-      local-id 192.168.31.2
+      local-id 192.168.131.2
    !
    sa policy AUTOVPN-SA
    !
@@ -87,7 +88,7 @@ ip security
 !
 interface Dps1
    description DPS Interface
-   tcp mss ceiling ipv4 1000
+   ip address 192.168.131.2/32
 !
 interface Ethernet1
    no shutdown
@@ -101,7 +102,7 @@ interface Loopback0
 !
 interface Vxlan1
    description autovpn-rr2_VTEP
-   vxlan source-interface Loopback0
+   vxlan source-interface Dps1
    vxlan udp-port 4789
    vxlan vrf default vni 1
 !
@@ -120,13 +121,22 @@ application traffic recognition
    application-profile VOICE
    !
    field-set ipv4 prefix CONTROL-PLANE-APP-SRC-PREFIXES
-      192.168.31.2/32
+      192.168.131.2/32
 !
 ip routing
 no ip routing vrf MGMT
 !
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+   seq 10 permit 192.168.31.0/24 eq 32
+!
 ip route 0.0.0.0/0 10.8.8.9
 !
+route-map RM-CONN-2-BGP permit 10
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30
+   match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+!
 router bfd
    multihop interval 300 min-rx 300 multiplier 3
 !
@@ -136,23 +146,24 @@ router bgp 65000
    update wait-install
    no bgp default ipv4-unicast
    bgp cluster-id 192.168.31.2
-   bgp listen range 192.168.30.0/24 peer-group WAN-OVERLAY-PEERS remote-as 65000
+   bgp listen range 192.168.130.0/24 peer-group WAN-OVERLAY-PEERS remote-as 65000
    neighbor RR-OVERLAY-PEERS peer group
    neighbor RR-OVERLAY-PEERS remote-as 65000
-   neighbor RR-OVERLAY-PEERS update-source Loopback0
+   neighbor RR-OVERLAY-PEERS update-source Dps1
    neighbor RR-OVERLAY-PEERS bfd
    neighbor RR-OVERLAY-PEERS send-community
    neighbor RR-OVERLAY-PEERS maximum-routes 0
    neighbor WAN-OVERLAY-PEERS peer group
    neighbor WAN-OVERLAY-PEERS remote-as 65000
-   neighbor WAN-OVERLAY-PEERS update-source Loopback0
+   neighbor WAN-OVERLAY-PEERS update-source Dps1
    neighbor WAN-OVERLAY-PEERS route-reflector-client
    neighbor WAN-OVERLAY-PEERS bfd
    neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
    neighbor WAN-OVERLAY-PEERS send-community
    neighbor WAN-OVERLAY-PEERS maximum-routes 0
-   neighbor 192.168.31.1 peer group RR-OVERLAY-PEERS
-   neighbor 192.168.31.1 description autovpn-rr1
+   neighbor 192.168.131.1 peer group RR-OVERLAY-PEERS
+   neighbor 192.168.131.1 description autovpn-rr1
+   redistribute connected route-map RM-CONN-2-BGP
    !
    address-family evpn
       neighbor RR-OVERLAY-PEERS activate
@@ -168,6 +179,12 @@ router bgp 65000
       bgp additional-paths send any
       neighbor RR-OVERLAY-PEERS activate
       neighbor WAN-OVERLAY-PEERS activate
+   !
+   vrf default
+      rd 192.168.31.2:1
+      route-target import evpn 1:1
+      route-target export evpn 1:1
+      route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
 !
 management api http-commands
    protocol https