From e4cba93606bc69d1d299249daadff2d6710a291c Mon Sep 17 00:00:00 2001 From: gmuloc Date: Fri, 15 Dec 2023 14:32:22 +0100 Subject: [PATCH 01/31] WIP --- .../intended/configs/autovpn-edge.cfg | 5 + .../intended/configs/autovpn-rr1.cfg | 5 + .../intended/configs/autovpn-rr2.cfg | 5 + .../intended/configs/cv-pathfinder-edge.cfg | 5 + .../configs/cv-pathfinder-transit.cfg | 5 + .../structured_configs/autovpn-edge.yml | 6 + .../structured_configs/autovpn-rr1.yml | 6 + .../structured_configs/autovpn-rr2.yml | 6 + .../structured_configs/cv-pathfinder-edge.yml | 6 + .../cv-pathfinder-transit.yml | 6 + .../inventory/group_vars/AUTOVPN_TESTS.yml | 24 +++ .../group_vars/CV_PATHFINDER_TESTS.yml | 28 ++++ .../eos_designs_facts/eos_designs_facts.py | 3 +- .../plugin_utils/eos_designs_facts/wan.py | 34 +++++ .../eos_designs_shared_utils/wan.py | 40 ++++- .../docs/tables/wan-interfaces-settings.md | 142 ++++++++++++++++++ .../eos_designs/docs/tables/wan-settings.md | 4 +- .../schemas/eos_designs.jsonschema.json | 82 +++++++++- .../schemas/eos_designs.schema.yml | 43 +++++- .../defs_l3_edge_l3_interfaces.schema.yml | 37 +++++ .../wan_path_groups.schema.yml | 2 +- 21 files changed, 487 insertions(+), 7 deletions(-) create mode 100644 ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py create mode 100644 ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 7a3672a0edc..34a9b8d7707 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -48,6 +48,11 @@ interface Dps1 description DPS Interface tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address dhcp +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index e9ac302212f..30aa020e18a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -46,6 +46,11 @@ interface Dps1 description DPS Interface tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address dhcp +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index c0e59ba8dc2..45a0ad49f53 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -46,6 +46,11 @@ interface Dps1 description DPS Interface tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address dhcp +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 037a1e25223..49cf0bd6e98 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -74,6 +74,11 @@ interface Dps1 flow tracker hardware WAN-FLOW-TRACKER tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address dhcp +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 4178a894ef9..89a3947a734 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -74,6 +74,11 @@ interface Dps1 flow tracker hardware WAN-FLOW-TRACKER tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address dhcp +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index cad1d9abe9a..e77c6e9f794 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -101,6 +101,12 @@ router_path_selection: vrfs: - name: default path_selection_policy: dps-policy-default +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index 00fa1736937..93ced4ae12d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -120,6 +120,12 @@ router_path_selection: stun: server: local_interfaces: [] +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index 98ac4aefb99..b2cad5553c5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -120,6 +120,12 @@ router_path_selection: stun: server: local_interfaces: [] +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 134eb2791cf..886d84c9dad 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -144,6 +144,12 @@ router_bfd: router_path_selection: load_balance_policies: - name: LBPOLICY +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index a61e3bb05af..d02930a75fd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -144,6 +144,12 @@ router_bfd: router_path_selection: load_balance_policies: - name: LBPOLICY +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index 161d0c26286..a9b3f943800 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -45,3 +45,27 @@ wan_rr: id: 1 - name: autovpn-rr2 id: 2 + +wan_path_groups: + - name: MPLS + ipsec: False + - name: INET + - name: LTE + +l3_edge: + l3_interfaces: + - node: autovpn-edge + interface: Ethernet1 + wan_path_group: INET + wan_circuit_id: 666 + ip: dhcp + - node: autovpn-rr1 + interface: Ethernet1 + wan_path_group: INET + wan_circuit_id: 777 + ip: dhcp + - node: autovpn-rr2 + interface: Ethernet1 + wan_path_group: INET + wan_circuit_id: 888 + ip: dhcp diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 09f33ad2511..2af64dfc89b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -80,3 +80,31 @@ wan_path_groups: ipsec: False - name: INET - name: LTE + +l3_edge: + l3_interfaces: + - node: cv-pathfinder-edge + interface: Ethernet1 + wan_carrier: INET + wan_circuit_id: 666 + ip: dhcp + - node: cv-pathfinder-transit + interface: Ethernet1 + wan_carrier: INET + wan_circuit_id: 667 + ip: dhcp + - node: cv-pathinder-pathfinder + interface: Ethernet1 + wan_carrier: INET + wan_circuit_id: 777 + ip: dhcp + - node: cv-pathinder-pathfinder1 + interface: Ethernet1 + wan_carrier: INET + wan_circuit_id: 888 + ip: dhcp + - node: cv-pathinder-pathfinder2 + interface: Ethernet1 + wan_carrier: INET + wan_circuit_id: 999 + ip: dhcp diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py index f207628a4a1..6841363fec3 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py @@ -13,10 +13,11 @@ from .overlay import OverlayMixin from .short_esi import ShortEsiMixin from .uplinks import UplinksMixin +from .wan import WanMixin from .vlans import VlansMixin -class EosDesignsFacts(AvdFacts, MlagMixin, ShortEsiMixin, OverlayMixin, UplinksMixin, VlansMixin): +class EosDesignsFacts(AvdFacts, MlagMixin, ShortEsiMixin, OverlayMixin, WanMixin, UplinksMixin, VlansMixin): """ `EosDesignsFacts` is based on `AvdFacts`, so make sure to read the description there first. diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py new file mode 100644 index 00000000000..e0d9d0b64ff --- /dev/null +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -0,0 +1,34 @@ +# Copyright (c) 2023 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +from __future__ import annotations + +from functools import cached_property +from typing import TYPE_CHECKING + +from ansible_collections.arista.avd.plugins.filter.range_expand import range_expand +from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdError, AristaAvdMissingVariableError +from ansible_collections.arista.avd.plugins.plugin_utils.utils import default, get, get_item + +if TYPE_CHECKING: + from ansible_collections.arista.avd.plugins.plugin_utils.eos_designs_facts import EosDesignsFacts + + from .shared_utils import EosDesignsFacts + + +class WanMixin: + """ + Mixin Class providing a subset of EosDesignsFacts + Class should only be used as Mixin to the EosDesignsFacts class + Using type-hint on self to get proper type-hints on attributes across all Mixins. + """ + + @cached_property + def wan_path_groups(self: EosDesignsFacts) -> list | None: + """ + Return the list of WAN path_groups directly connected to this router + """ + # TODO check if needed + if not self.shared_utils.wan_mode: + return None + return [path_group.get("name") for path_group in self.shared_utils.wan_local_path_groups] diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index aacf931bd1e..fe7a94fecfc 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -7,7 +7,7 @@ from typing import TYPE_CHECKING from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdError -from ansible_collections.arista.avd.plugins.plugin_utils.utils import get +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item if TYPE_CHECKING: from .shared_utils import SharedUtils @@ -51,3 +51,41 @@ def cv_pathfinder_role(self: SharedUtils) -> str | None: if cv_pathfinder_role in ["transit", "edge"] and self.wan_role != "client": raise AristaAvdError("'wan_role' must be 'client' when 'cv_pathfinder_role' is set to 'transit' or 'edge'") return cv_pathfinder_role + + @cached_property + def wan_interfaces(self: SharedUtils) -> list: + """ + As a first approach, only interfaces under l3edge.l3_interfaces can be considered + as WAN interfaces. + This may need to be made wider. + This also may require a different format for the dictionaries inside the list. + """ + if self.wan_mode is None: + return [] + wan_interfaces = [] + for interface in get(self.hostvars, "l3_edge.l3_interfaces", default=[]): + # Potentially needs to resolve profile + if get(interface, "wan_path_group") is not None: + # TODO - may need to validate the path_group here + wan_interfaces.append(interface) + + return wan_interfaces + + @cached_property + def wan_local_path_groups(self: SharedUtils) -> list: + """ + List of path_groups present on this router based on the wan_interfaces + + TODO maybe a list of name is enough + """ + if self.wan_mode is None: + return [] + local_path_groups = [] + global_path_groups = get(self.hostvars, "wan_path_groups", required=True) + for interface in self.wan_interfaces: + iface_path_group = interface.get("wan_path_group") + path_group = get_item(global_path_groups, "name", iface_path_group, required=True, custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groupes`") + local_path_groups.append(path_group) + + return local_path_groups + diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md new file mode 100644 index 00000000000..655c3d39445 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md @@ -0,0 +1,142 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [core_interfaces](## "core_interfaces") | Dictionary | | | | | + | [  l3_interfaces_profiles](## "core_interfaces.l3_interfaces_profiles") | List, items: Dictionary | | | | | + | [    - profile](## "core_interfaces.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | + | [      wan_path_group](## "core_interfaces.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | + | [      wan_carrier](## "core_interfaces.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_circuit_id](## "core_interfaces.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [  l3_interfaces](## "core_interfaces.l3_interfaces") | List, items: Dictionary | | | | | + | [      wan_path_group](## "core_interfaces.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | + | [      wan_carrier](## "core_interfaces.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_circuit_id](## "core_interfaces.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [l3_edge](## "l3_edge") | Dictionary | | | | | + | [  l3_interfaces_profiles](## "l3_edge.l3_interfaces_profiles") | List, items: Dictionary | | | | | + | [    - profile](## "l3_edge.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | + | [      wan_path_group](## "l3_edge.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | + | [      wan_carrier](## "l3_edge.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_circuit_id](## "l3_edge.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [  l3_interfaces](## "l3_edge.l3_interfaces") | List, items: Dictionary | | | | | + | [      wan_path_group](## "l3_edge.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | + | [      wan_carrier](## "l3_edge.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_circuit_id](## "l3_edge.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | + | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + +=== "YAML" + + ```yaml + core_interfaces: + l3_interfaces_profiles: + + # L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. + - profile: + + # PREVIEW: This key is currently not supported + + # The WAN path-group this interface is connected to. + wan_path_group: + + # PREVIEW: This key is currently not supported + + # The WAN Carrier this interface is connected to. + # This is not rendered in the configuration but used for WAN designs. + wan_carrier: + + # PREVIEW: This key is currently not supported + + # The WAN Circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # PREVIEW: This key is currently not supported + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # Default True. + cv_pathfinder_connected_to_pathfinder: + l3_interfaces: + + # PREVIEW: This key is currently not supported + + # The WAN path-group this interface is connected to. + wan_path_group: + + # PREVIEW: This key is currently not supported + + # The WAN Carrier this interface is connected to. + # This is not rendered in the configuration but used for WAN designs. + wan_carrier: + + # PREVIEW: This key is currently not supported + + # The WAN Circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # PREVIEW: This key is currently not supported + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # Default True. + cv_pathfinder_connected_to_pathfinder: + l3_edge: + l3_interfaces_profiles: + + # L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. + - profile: + + # PREVIEW: This key is currently not supported + + # The WAN path-group this interface is connected to. + wan_path_group: + + # PREVIEW: This key is currently not supported + + # The WAN Carrier this interface is connected to. + # This is not rendered in the configuration but used for WAN designs. + wan_carrier: + + # PREVIEW: This key is currently not supported + + # The WAN Circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # PREVIEW: This key is currently not supported + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # Default True. + cv_pathfinder_connected_to_pathfinder: + l3_interfaces: + + # PREVIEW: This key is currently not supported + + # The WAN path-group this interface is connected to. + wan_path_group: + + # PREVIEW: This key is currently not supported + + # The WAN Carrier this interface is connected to. + # This is not rendered in the configuration but used for WAN designs. + wan_carrier: + + # PREVIEW: This key is currently not supported + + # The WAN Circuit ID for this interface. + # This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + + # PREVIEW: This key is currently not supported + + # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # Default True. + cv_pathfinder_connected_to_pathfinder: + ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 27e12d519ab..735b25fa981 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -23,7 +23,7 @@ | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | | [    id](## "wan_path_groups.[].id") | String | | | | Path-group id. | | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | - | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the carrier (default is True). | + | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the path_group (default is True). | | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | | [      - remote](## "wan_path_groups.[].import_path_groups.[].remote") | String | | | | Remote path-group to import. | | [        local](## "wan_path_groups.[].import_path_groups.[].local") | String | | | | Optional, if not set, the path-group `name` is used as local. | @@ -92,7 +92,7 @@ # Additional information about the path-group for documentation purposes. description: - # Flag to configure IPsec on the carrier (default is True). + # Flag to configure IPsec on the path_group (default is True). ipsec: # List of [ath-groups to import in this path-group. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 9c512a3597d..79d32dac1b2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3269,6 +3269,26 @@ "description": "QOS service profile.", "title": "QOS Profile" }, + "wan_path_group": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", + "title": "Wan Path Group" + }, + "wan_carrier": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Carrier" + }, + "wan_circuit_id": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Circuit ID" + }, + "cv_pathfinder_connected_to_pathfinder": { + "type": "boolean", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "title": "Cv Pathfinder Connected To Pathfinder" + }, "raw_eos_cli": { "type": "string", "description": "EOS CLI rendered directly on the interface in the final EOS configuration.", @@ -5931,6 +5951,26 @@ "description": "QOS service profile.", "title": "QOS Profile" }, + "wan_path_group": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", + "title": "Wan Path Group" + }, + "wan_carrier": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Carrier" + }, + "wan_circuit_id": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Circuit ID" + }, + "cv_pathfinder_connected_to_pathfinder": { + "type": "boolean", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "title": "Cv Pathfinder Connected To Pathfinder" + }, "raw_eos_cli": { "type": "string", "description": "EOS CLI rendered directly on the interface in the final EOS configuration.", @@ -9986,6 +10026,26 @@ "description": "QOS service profile.", "title": "QOS Profile" }, + "wan_path_group": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", + "title": "Wan Path Group" + }, + "wan_carrier": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Carrier" + }, + "wan_circuit_id": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Circuit ID" + }, + "cv_pathfinder_connected_to_pathfinder": { + "type": "boolean", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "title": "Cv Pathfinder Connected To Pathfinder" + }, "raw_eos_cli": { "type": "string", "description": "EOS CLI rendered directly on the interface in the final EOS configuration.", @@ -12648,6 +12708,26 @@ "description": "QOS service profile.", "title": "QOS Profile" }, + "wan_path_group": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", + "title": "Wan Path Group" + }, + "wan_carrier": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Carrier" + }, + "wan_circuit_id": { + "type": "string", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", + "title": "Wan Circuit ID" + }, + "cv_pathfinder_connected_to_pathfinder": { + "type": "boolean", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "title": "Cv Pathfinder Connected To Pathfinder" + }, "raw_eos_cli": { "type": "string", "description": "EOS CLI rendered directly on the interface in the final EOS configuration.", @@ -30952,7 +31032,7 @@ }, "ipsec": { "type": "boolean", - "description": "Flag to configure IPsec on the carrier (default is True).", + "description": "Flag to configure IPsec on the path_group (default is True).", "title": "Ipsec" }, "import_path_groups": { diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 4b811c6da80..dc35a2e5c56 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3262,7 +3262,7 @@ keys: purposes. ipsec: type: bool - description: Flag to configure IPsec on the carrier (default is True). + description: Flag to configure IPsec on the path_group (default is True). import_path_groups: type: list description: List of [ath-groups to import in this path-group. @@ -4177,6 +4177,47 @@ $defs: qos_profile: type: str description: QOS service profile. + wan_path_group: + type: str + documentation_options: + table: wan-interfaces-settings + description: 'PREVIEW: This key is currently not supported + + + The WAN path-group this interface is connected to.' + wan_carrier: + type: str + documentation_options: + table: wan-interfaces-settings + description: 'PREVIEW: This key is currently not supported + + + The WAN Carrier this interface is connected to. + + This is not rendered in the configuration but used for WAN designs.' + wan_circuit_id: + type: str + documentation_options: + table: wan-interfaces-settings + convert_types: + - int + description: 'PREVIEW: This key is currently not supported + + + The WAN Circuit ID for this interface. + + This is not rendered in the configuration but used for WAN designs.' + cv_pathfinder_connected_to_pathfinder: + type: bool + documentation_options: + table: wan-interfaces-settings + description: 'PREVIEW: This key is currently not supported + + + For a WAN interface (`wan_carrier` is set), allow to disable the static + tunnel towards Pathfinders. + + Default True.' raw_eos_cli: type: str description: EOS CLI rendered directly on the interface in the final EOS diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index b2bd48ea7ed..ed85d9a4ddf 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -52,6 +52,43 @@ $defs: qos_profile: type: str description: QOS service profile. + wan_path_group: + type: str + documentation_options: + table: wan-interfaces-settings + description: |- + PREVIEW: This key is currently not supported + + The WAN path-group this interface is connected to. + wan_carrier: + type: str + documentation_options: + table: wan-interfaces-settings + description: |- + PREVIEW: This key is currently not supported + + The WAN Carrier this interface is connected to. + This is not rendered in the configuration but used for WAN designs. + wan_circuit_id: + type: str + documentation_options: + table: wan-interfaces-settings + convert_types: + - int + description: |- + PREVIEW: This key is currently not supported + + The WAN Circuit ID for this interface. + This is not rendered in the configuration but used for WAN designs. + cv_pathfinder_connected_to_pathfinder: + type: bool + documentation_options: + table: wan-interfaces-settings + description: |- + PREVIEW: This key is currently not supported + + For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + Default True. raw_eos_cli: type: str description: EOS CLI rendered directly on the interface in the final EOS configuration. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml index 2dd0908dd1d..d6595049f53 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml @@ -28,7 +28,7 @@ keys: description: Additional information about the path-group for documentation purposes. ipsec: type: bool - description: Flag to configure IPsec on the carrier (default is True). + description: Flag to configure IPsec on the path_group (default is True). import_path_groups: type: list description: List of [ath-groups to import in this path-group. From 4711478d3caf9384f7922d96e021984a3dd7b202 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Sat, 16 Dec 2023 23:43:42 +0100 Subject: [PATCH 02/31] WIP: Handle Stun - need to fix l3edge shared_utils --- .../intended/configs/autovpn-edge.cfg | 7 +++ .../intended/configs/autovpn-rr1.cfg | 3 +- .../intended/configs/autovpn-rr2.cfg | 3 +- .../intended/configs/cv-pathfinder-edge.cfg | 5 ++ .../configs/cv-pathfinder-pathfinder.cfg | 6 ++ .../configs/cv-pathfinder-pathfinder1.cfg | 6 ++ .../configs/cv-pathfinder-pathfinder2.cfg | 6 ++ .../configs/cv-pathfinder-transit.cfg | 5 ++ .../structured_configs/autovpn-edge.yml | 7 +++ .../structured_configs/autovpn-rr1.yml | 5 +- .../structured_configs/autovpn-rr2.yml | 5 +- .../structured_configs/cv-pathfinder-edge.yml | 5 ++ .../cv-pathfinder-pathfinder.yml | 9 ++- .../cv-pathfinder-pathfinder1.yml | 9 ++- .../cv-pathfinder-pathfinder2.yml | 9 ++- .../cv-pathfinder-transit.yml | 5 ++ .../inventory/group_vars/AUTOVPN_TESTS.yml | 4 +- .../group_vars/CV_PATHFINDER_TESTS.yml | 29 +++++---- .../plugin_utils/eos_designs_facts/wan.py | 28 ++++++--- .../l3_edge_l3_interfaces.py | 59 +++++++++++++++++++ .../eos_designs_shared_utils/shared_utils.py | 2 + .../eos_designs_shared_utils/wan.py | 12 +++- .../python_modules/overlay/stun.py | 22 ++++++- .../python_modules/overlay/utils.py | 19 ++++-- 24 files changed, 227 insertions(+), 43 deletions(-) create mode 100644 ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 34a9b8d7707..0d679d837d8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -105,4 +105,11 @@ management api http-commands vrf MGMT no shutdown ! +stun + client + server-profile autovpn-rr1-INET-0 + ip address 10.7.7.7/31 + server-profile autovpn-rr2-INET-0 + ip address 10.8.8.8/31 +! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index 30aa020e18a..1d8599f0f27 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -49,7 +49,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport - ip address dhcp + ip address 10.7.7.7/31 ! interface Loopback0 description Router_ID @@ -116,5 +116,6 @@ management api http-commands ! stun server + local-interface Ethernet1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index 45a0ad49f53..b4296e1ce48 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -49,7 +49,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport - ip address dhcp + ip address 10.8.8.8/31 ! interface Loopback0 description Router_ID @@ -116,5 +116,6 @@ management api http-commands ! stun server + local-interface Ethernet1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 49cf0bd6e98..7fbbceaeb48 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -136,4 +136,9 @@ management api http-commands vrf MGMT no shutdown ! +stun + client + server-profile cv-pathfinder-pathfinder-INET-0 + ip address 10.7.7.7/31 +! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 13b2ab77cc2..2458b3cb194 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -69,6 +69,11 @@ interface Dps1 flow tracker hardware WAN-FLOW-TRACKER tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address 10.7.7.7/31 +! interface Loopback0 description Router_ID no shutdown @@ -132,5 +137,6 @@ management api http-commands ! stun server + local-interface Ethernet1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 7ae3699255b..3e3927f3609 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -69,6 +69,11 @@ interface Dps1 flow tracker hardware WAN-FLOW-TRACKER tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address 10.8.8.8/31 +! interface Loopback0 description Router_ID no shutdown @@ -147,5 +152,6 @@ management api http-commands ! stun server + local-interface Ethernet1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index c8665f3038a..ad590d60796 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -69,6 +69,11 @@ interface Dps1 flow tracker hardware WAN-FLOW-TRACKER tcp mss ceiling ipv4 1000 ! +interface Ethernet1 + no shutdown + no switchport + ip address 10.9.9.9/31 +! interface Loopback0 description Router_ID no shutdown @@ -147,5 +152,6 @@ management api http-commands ! stun server + local-interface Ethernet1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 89a3947a734..14c4897751a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -136,4 +136,9 @@ management api http-commands vrf MGMT no shutdown ! +stun + client + server-profile cv-pathfinder-pathfinder-INET-0 + ip address 10.7.7.7/31 +! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index e77c6e9f794..2a8b1aa7556 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -101,6 +101,13 @@ router_path_selection: vrfs: - name: default path_selection_policy: dps-policy-default +stun: + client: + server_profiles: + - name: autovpn-rr1-INET-0 + ip_address: 10.7.7.7/31 + - name: autovpn-rr2-INET-0 + ip_address: 10.8.8.8/31 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index 93ced4ae12d..ceb8459355f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -119,11 +119,12 @@ router_path_selection: peer_dynamic_source: stun stun: server: - local_interfaces: [] + local_interfaces: + - Ethernet1 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface - ip_address: dhcp + ip_address: 10.7.7.7/31 shutdown: false type: routed dps_interfaces: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index b2cad5553c5..b2a4534706e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -119,11 +119,12 @@ router_path_selection: peer_dynamic_source: stun stun: server: - local_interfaces: [] + local_interfaces: + - Ethernet1 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface - ip_address: dhcp + ip_address: 10.8.8.8/31 shutdown: false type: routed dps_interfaces: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 886d84c9dad..0831c5275e5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -144,6 +144,11 @@ router_bfd: router_path_selection: load_balance_policies: - name: LBPOLICY +stun: + client: + server_profiles: + - name: cv-pathfinder-pathfinder-INET-0 + ip_address: 10.7.7.7/31 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 444449de5db..4029dd1c8dc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -145,7 +145,14 @@ router_path_selection: peer_dynamic_source: stun stun: server: - local_interfaces: [] + local_interfaces: + - Ethernet1 +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: 10.7.7.7/31 + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index 90a8fa49297..eddada36d87 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -171,7 +171,14 @@ router_path_selection: peer_dynamic_source: stun stun: server: - local_interfaces: [] + local_interfaces: + - Ethernet1 +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: 10.8.8.8/31 + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 4c3deda4500..a782a0264e5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -171,7 +171,14 @@ router_path_selection: peer_dynamic_source: stun stun: server: - local_interfaces: [] + local_interfaces: + - Ethernet1 +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: 10.9.9.9/31 + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index d02930a75fd..83cf901fdb4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -144,6 +144,11 @@ router_bfd: router_path_selection: load_balance_policies: - name: LBPOLICY +stun: + client: + server_profiles: + - name: cv-pathfinder-pathfinder-INET-0 + ip_address: 10.7.7.7/31 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index a9b3f943800..ed47d2a630a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -63,9 +63,9 @@ l3_edge: interface: Ethernet1 wan_path_group: INET wan_circuit_id: 777 - ip: dhcp + ip: 10.7.7.7/31 - node: autovpn-rr2 interface: Ethernet1 wan_path_group: INET wan_circuit_id: 888 - ip: dhcp + ip: 10.8.8.8/31 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 2af64dfc89b..8daca888f1a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -77,7 +77,7 @@ wan_rr: wan_path_groups: - name: MPLS - ipsec: False + ipsec: false - name: INET - name: LTE @@ -85,26 +85,31 @@ l3_edge: l3_interfaces: - node: cv-pathfinder-edge interface: Ethernet1 - wan_carrier: INET + wan_path_group: INET + wan_carrier: ATT wan_circuit_id: 666 ip: dhcp - node: cv-pathfinder-transit interface: Ethernet1 - wan_carrier: INET + wan_path_group: INET + wan_carrier: Comcast wan_circuit_id: 667 ip: dhcp - - node: cv-pathinder-pathfinder + - node: cv-pathfinder-pathfinder interface: Ethernet1 - wan_carrier: INET + wan_path_group: INET + wan_carrier: Bouygues Telecom wan_circuit_id: 777 - ip: dhcp - - node: cv-pathinder-pathfinder1 + ip: 10.7.7.7/31 + - node: cv-pathfinder-pathfinder1 interface: Ethernet1 - wan_carrier: INET + wan_path_group: INET + wan_carrier: Orange wan_circuit_id: 888 - ip: dhcp - - node: cv-pathinder-pathfinder2 + ip: 10.8.8.8/31 + - node: cv-pathfinder-pathfinder2 interface: Ethernet1 - wan_carrier: INET + wan_path_group: INET + wan_carrier: SFR wan_circuit_id: 999 - ip: dhcp + ip: 10.9.9.9/31 diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index e0d9d0b64ff..21ce3e49fd9 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -6,14 +6,10 @@ from functools import cached_property from typing import TYPE_CHECKING -from ansible_collections.arista.avd.plugins.filter.range_expand import range_expand -from ansible_collections.arista.avd.plugins.plugin_utils.errors import AristaAvdError, AristaAvdMissingVariableError -from ansible_collections.arista.avd.plugins.plugin_utils.utils import default, get, get_item +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item if TYPE_CHECKING: - from ansible_collections.arista.avd.plugins.plugin_utils.eos_designs_facts import EosDesignsFacts - - from .shared_utils import EosDesignsFacts + from .eos_designs_facts import EosDesignsFacts class WanMixin: @@ -26,9 +22,23 @@ class WanMixin: @cached_property def wan_path_groups(self: EosDesignsFacts) -> list | None: """ - Return the list of WAN path_groups directly connected to this router + Return the list of WAN path_groups directly connected to this router, with a list of dictionaries + containing the (interface, ip_address) in the path_group. """ - # TODO check if needed if not self.shared_utils.wan_mode: return None - return [path_group.get("name") for path_group in self.shared_utils.wan_local_path_groups] + + res = [] + for interface in self.shared_utils.wan_interfaces: + pg_name = get(interface, "wan_path_group", required=True) + if (pg_dict := get_item(res, "name", pg_name)) is None: + res.append( + { + "name": pg_name, + "interfaces": [{"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}], + } + ) + else: + pg_dict.append({"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}) + + return res diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py new file mode 100644 index 00000000000..0be7707cfc1 --- /dev/null +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py @@ -0,0 +1,59 @@ +# Copyright (c) 2023 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +from __future__ import annotations + +from functools import cached_property +from typing import TYPE_CHECKING + +from ansible_collections.arista.avd.plugins.plugin_utils.merge import merge +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item + +if TYPE_CHECKING: + from .shared_utils import SharedUtils + + +# TODO only handle l3_edge for now +class L3EdgeMixin: + """ + Mixin Class providing a subset of SharedUtils + Class should only be used as Mixin to the SharedUtils class + Using type-hint on self to get proper type-hints on attributes across all Mixins. + """ + + def _apply_profile(self: SharedUtils, type: str, target_dict: dict) -> dict: + """ + Apply a profile to a p2p_link or a l3_interface + """ + if "profile" not in target_dict: + # Nothing to do + return target_dict + + # Silently ignoring missing profile and wrong types. + if type == "l3_interfaces": + profiles = get(self.hostvars, "l3_edge.l3_interfaces_profiles", default=[]) + profile = get_item(profiles, "profile", target_dict["profile"], default={}) + target_dict.pop("profile", None) + elif type == "p2p_links": + profile = get_item(self._p2p_links_profiles, "name", target_dict["profile"], default={}) + target_dict.pop("name", None) + else: + return target_dict + + target_dict = merge(profile, target_dict, list_merge="replace", destructive_merge=False) + + return target_dict + + @cached_property + def filtered_l3_interfaces(self: SharedUtils) -> list: + """ + Returns a filtered list of l3_interfaces, which only contains interfaces with our hostname. + For each interface any referenced profiles are applied. + """ + if not (l3_interfaces := get(self.hostvars, "l3_edge.l3_interfaces", default=[])): + return [] + + l3_interfaces = [self._apply_profile("l3_interfaces", l3_interface) for l3_interface in l3_interfaces] + + # Filter to only include l3_interfaces with our hostname as node + return [l3_interface for l3_interface in l3_interfaces if self.hostname == get(l3_interface, "node", required=True)] diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/shared_utils.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/shared_utils.py index 27f2b5d72d7..ab1813c25c2 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/shared_utils.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/shared_utils.py @@ -7,6 +7,7 @@ from .inband_management import InbandManagementMixin from .interface_descriptions import InterfaceDescriptionsMixin from .ip_addressing import IpAddressingMixin +from .l3_edge_l3_interfaces import L3EdgeMixin from .link_tracking_groups import LinkTrackingGroupsMixin from .mgmt import MgmtMixin from .misc import MiscMixin @@ -30,6 +31,7 @@ class SharedUtils( InterfaceDescriptionsMixin, IpAddressingMixin, LinkTrackingGroupsMixin, + L3EdgeMixin, CvTopology, MgmtMixin, MlagMixin, diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index fe7a94fecfc..12622945eee 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -62,8 +62,9 @@ def wan_interfaces(self: SharedUtils) -> list: """ if self.wan_mode is None: return [] + wan_interfaces = [] - for interface in get(self.hostvars, "l3_edge.l3_interfaces", default=[]): + for interface in self.filtered_l3_interfaces: # Potentially needs to resolve profile if get(interface, "wan_path_group") is not None: # TODO - may need to validate the path_group here @@ -84,8 +85,13 @@ def wan_local_path_groups(self: SharedUtils) -> list: global_path_groups = get(self.hostvars, "wan_path_groups", required=True) for interface in self.wan_interfaces: iface_path_group = interface.get("wan_path_group") - path_group = get_item(global_path_groups, "name", iface_path_group, required=True, custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groupes`") + path_group = get_item( + global_path_groups, + "name", + iface_path_group, + required=True, + custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groupes`", + ) local_path_groups.append(path_group) return local_path_groups - diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py index 1625c09949b..a5b33c7f1fb 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py @@ -5,6 +5,8 @@ from functools import cached_property +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get + from .utils import UtilsMixin @@ -26,14 +28,30 @@ def stun(self) -> dict | None: stun = {} if self.shared_utils.wan_role == "server": local_interfaces = [] - # TODO - once the WAN interfaces are implemented, add them here + for wan_interface in self.shared_utils.wan_interfaces: + local_interfaces.append(wan_interface.get("interface")) stun["server"] = {"local_interfaces": local_interfaces} if self.shared_utils.wan_role == "client": server_profiles = [] - # TODO - once the WAN interfaces are implemented, add them here + local_path_group_names = [path_group["name"] for path_group in self.shared_utils.wan_local_path_groups] + + for wan_route_server, data in self._wan_route_servers.items(): + for path_group in data.get("wan_path_groups", []): + if path_group["name"] not in local_path_group_names: + continue + + for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)): + # Today one wan_path_group can only have one IP. May need to relax this in the futur + server_profiles.append( + { + "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), + "ip_address": get(interface_dict, "ip_address", required=True), + } + ) + if server_profiles: stun["client"] = {"server_profiles": server_profiles} diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index e5575767f7f..0ca9416487b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -380,12 +380,12 @@ def _wan_route_servers(self) -> dict: ) # TODO - enable this once the wan_path_groups peer fact is implemented as this requires WAN interfaces not # covered in this PR. - # if wan_path_groups is None: - # raise AristaAvdMissingVariableError( - # f"'wan_path_groups' is missing for peering with {wan_rr}, either set it in under 'wan_route_servers'" - # " or something is wrong with the peer" - # " facts." - # ) + if wan_path_groups is None: + raise AristaAvdMissingVariableError( + f"'wan_path_groups' is missing for peering with {wan_rr}, either set it in under 'wan_route_servers'" + " or something is wrong with the peer" + " facts." + ) else: # Retrieve the values from the dictionary, making them required if the peer_facts were not found @@ -408,3 +408,10 @@ def _wan_route_servers(self) -> dict: wan_route_servers[wan_rr] = strip_empties_from_dict(wan_rr_result_dict) return wan_route_servers + + def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: str, id: int | None = None) -> str: + """ + Return a string to use as the name of the stun server_profile + """ + name = f"{wan_route_server_name}-{path_group_name}" + return f"{name}-{id}" if id is not None else name From 74ed1f39de8e9d0691da02172b5172dfc9c256d0 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Sun, 17 Dec 2023 00:51:23 +0100 Subject: [PATCH 03/31] Feat: Add path-groups --- .../intended/configs/autovpn-edge.cfg | 17 ++++ .../intended/configs/autovpn-rr1.cfg | 6 ++ .../intended/configs/autovpn-rr2.cfg | 6 ++ .../intended/configs/cv-pathfinder-edge.cfg | 13 +++ .../configs/cv-pathfinder-pathfinder.cfg | 6 ++ .../configs/cv-pathfinder-pathfinder1.cfg | 6 ++ .../configs/cv-pathfinder-pathfinder2.cfg | 6 ++ .../configs/cv-pathfinder-transit.cfg | 13 +++ .../structured_configs/autovpn-edge.yml | 23 +++++ .../structured_configs/autovpn-rr1.yml | 8 ++ .../structured_configs/autovpn-rr2.yml | 8 ++ .../structured_configs/cv-pathfinder-edge.yml | 18 ++++ .../cv-pathfinder-pathfinder.yml | 8 ++ .../cv-pathfinder-pathfinder1.yml | 8 ++ .../cv-pathfinder-pathfinder2.yml | 8 ++ .../cv-pathfinder-transit.yml | 18 ++++ .../eos_designs_facts/eos_designs_facts.py | 2 +- .../eos_designs_shared_utils/wan.py | 2 +- .../overlay/router_path_selection.py | 86 +++++++++++++------ 19 files changed, 232 insertions(+), 30 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 0d679d837d8..4309ce29431 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -10,7 +10,24 @@ hostname autovpn-edge ! router path-selection ! + path-group INET id 500 + ipsec profile AUTOVPN + ! + local interface Ethernet1 + stun server-profile autovpn-rr1-INET-0 autovpn-rr2-INET-0 + ! + peer dynamic + ! + peer static router-ip 192.168.31.1 + name autovpn-rr1 + ipv4 address 10.7.7.7 + ! + peer static router-ip 192.168.31.2 + name autovpn-rr2 + ipv4 address 10.8.8.8 + ! load-balance policy LBPOLICY + path-group INET ! policy dps-policy-default default-match diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index 1d8599f0f27..615ff5f900d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -11,7 +11,13 @@ hostname autovpn-rr1 router path-selection peer dynamic source stun ! + path-group INET id 500 + ipsec profile AUTOVPN + ! + local interface Ethernet1 + ! load-balance policy LBPOLICY + path-group INET ! policy dps-policy-default default-match diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index b4296e1ce48..1af8598877c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -11,7 +11,13 @@ hostname autovpn-rr2 router path-selection peer dynamic source stun ! + path-group INET id 500 + ipsec profile AUTOVPN + ! + local interface Ethernet1 + ! load-balance policy LBPOLICY + path-group INET ! policy dps-policy-default default-match diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 7fbbceaeb48..90f6d4660ce 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -19,7 +19,20 @@ hostname cv-pathfinder-edge ! router path-selection ! + path-group INET id 500 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile cv-pathfinder-pathfinder-INET-0 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ! load-balance policy LBPOLICY + path-group INET ! router adaptive-virtual-topology topology role edge diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 2458b3cb194..7b7f9d6354f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -20,7 +20,13 @@ hostname cv-pathfinder-pathfinder router path-selection peer dynamic source stun ! + path-group INET id 500 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + ! load-balance policy LBPOLICY + path-group INET ! router adaptive-virtual-topology topology role pathfinder diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 3e3927f3609..87c7244e3bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -20,7 +20,13 @@ hostname cv-pathfinder-pathfinder1 router path-selection peer dynamic source stun ! + path-group INET id 500 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + ! load-balance policy LBPOLICY + path-group INET ! router adaptive-virtual-topology topology role pathfinder diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index ad590d60796..f5fc770d4fe 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -20,7 +20,13 @@ hostname cv-pathfinder-pathfinder2 router path-selection peer dynamic source stun ! + path-group INET id 500 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + ! load-balance policy LBPOLICY + path-group INET ! router adaptive-virtual-topology topology role pathfinder diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 14c4897751a..681382b5873 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -19,7 +19,20 @@ hostname cv-pathfinder-transit ! router path-selection ! + path-group INET id 500 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile cv-pathfinder-pathfinder-INET-0 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ! load-balance policy LBPOLICY + path-group INET ! router adaptive-virtual-topology topology role transit region diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index 2a8b1aa7556..1b657889b56 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -92,8 +92,31 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - autovpn-rr1-INET-0 + - autovpn-rr2-INET-0 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.31.1 + name: autovpn-rr1 + ipv4_addresses: + - 10.7.7.7 + - router_ip: 192.168.31.2 + name: autovpn-rr2 + ipv4_addresses: + - 10.8.8.8 + ipsec_profile: AUTOVPN load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET policies: - name: dps-policy-default default_match: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index ceb8459355f..a8f7308d14e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -107,8 +107,16 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + ipsec_profile: AUTOVPN load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET policies: - name: dps-policy-default default_match: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index b2a4534706e..88307161868 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -107,8 +107,16 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + ipsec_profile: AUTOVPN load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET policies: - name: dps-policy-default default_match: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 0831c5275e5..5d7b5ade5d6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -142,8 +142,26 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - cv-pathfinder-pathfinder-INET-0 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 4029dd1c8dc..db4df06f371 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -140,8 +140,16 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index eddada36d87..44735c0bb3e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -166,8 +166,16 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index a782a0264e5..9a2a589e157 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -166,8 +166,16 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 83cf901fdb4..819cab5619d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -142,8 +142,26 @@ router_bfd: min_rx: 300 multiplier: 3 router_path_selection: + path_groups: + - name: INET + id: 500 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - cv-pathfinder-pathfinder-INET-0 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY + path_groups: + - name: INET stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py index 6841363fec3..e880f5bb4e4 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/eos_designs_facts.py @@ -13,8 +13,8 @@ from .overlay import OverlayMixin from .short_esi import ShortEsiMixin from .uplinks import UplinksMixin -from .wan import WanMixin from .vlans import VlansMixin +from .wan import WanMixin class EosDesignsFacts(AvdFacts, MlagMixin, ShortEsiMixin, OverlayMixin, WanMixin, UplinksMixin, VlansMixin): diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index 12622945eee..9776ab7cfba 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -90,7 +90,7 @@ def wan_local_path_groups(self: SharedUtils) -> list: "name", iface_path_group, required=True, - custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groupes`", + custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groups`", ) local_path_groups.append(path_group) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 89cf725b4e7..3c21532c01d 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -44,32 +44,26 @@ def _get_path_groups(self) -> list: """ Generate the required path-groups locally """ - # TODO - get this once WAN interface are available - # TODO - this function will need to handle Crossconnection of public path_groups - # - local_path_groups = [] - # The value will be set based on the WAN interfaces configuration - # local_path_groups = self.shared_utils.path_groups - - if not local_path_groups: - return [] - path_groups = [] # TODO - need to have default value in one place only -> maybe facts / shared_utils ? - ipsec_profile_name = get(self._hostvars, "wan_ipsec_profiles.control_plane.profile_name", required=True) - - for carrier in local_path_groups: - path_groups.append( - { - "name": carrier.get("name"), - "id": self._get_carrier_id(carrier), - "ipsec_profile": ipsec_profile_name, # TODO - disable on a per carrier basis - "local_interfaces": self._get_local_interfaces(carrier), - "dynamic_peers": self._get_dynamic_peers(), - "static_peers": self._get_static_peers(carrier), - } - ) + ipsec_profile_name = get(self._hostvars, "wan_ipsec_profiles.control_plane.profile_name", default="CP-PROFILE") + + for path_group in self.shared_utils.wan_local_path_groups: + pg_name = path_group.get("name") + + path_group_data = { + "name": pg_name, + "id": self._get_path_group_id(pg_name), + "local_interfaces": self._get_local_interfaces(pg_name), + "dynamic_peers": self._get_dynamic_peers(), + "static_peers": self._get_static_peers(pg_name), + } + + if path_group.get("ipsec", True): + path_group_data["ipsec_profile"] = ipsec_profile_name + + path_groups.append(path_group_data) if self.shared_utils.cv_pathfinder_role: pass @@ -81,7 +75,7 @@ def _get_load_balance_policies(self, path_groups: dict) -> dict | None: """ """ # TODO for now a default load balance policy with all path-groups. load_balance_policies = [] - load_balance_policies.append({"name": "LBPOLICY", "path_groups": [pg.get("name") for pg in path_groups]}) + load_balance_policies.append({"name": "LBPOLICY", "path_groups": [{"name": pg.get("name")} for pg in path_groups]}) return load_balance_policies def _get_policies(self) -> list | None: @@ -108,22 +102,40 @@ def _get_vrfs(self) -> list | None: return vrfs return None - def _get_carrier_id(self, carrier: dict) -> int: + def _get_path_group_id(self, path_group_name: str) -> int: """ TODO - implement algorithm to auto assign IDs - cf internal documenation TODO - also implement algorithm for cross connects on public path_groups """ - if carrier["name"] == "LAN_HA": + if path_group_name == "LAN_HA": return 65535 return 500 - def _get_local_interfaces(self, carrier: dict) -> list | None: + def _get_local_interfaces(self, path_group_name: str) -> list | None: """ Generate the router_path_selection.local_interfaces list For AUTOVPN clients, configure the stun server profiles as appropriate """ local_interfaces = [] + for wan_interface in self.shared_utils.wan_interfaces: + # Skipping interface not in the target path_group + if wan_interface.get("wan_path_group") != path_group_name: + continue + + local_interface = {"name": get(wan_interface, "interface", required=True)} + + if self.shared_utils.wan_role == "client": + stun_server_profiles = [ + self._stun_server_profile_name(wrr, path_group_name, index) + for wrr, data in self._wan_route_servers.items() + for index, path_group in enumerate(get(data, "wan_path_groups", required=True)) + ] + if stun_server_profiles: + local_interface["stun"] = {"server_profiles": stun_server_profiles} + + local_interfaces.append(local_interface) + return local_interfaces def _get_dynamic_peers(self) -> dict | None: @@ -132,11 +144,29 @@ def _get_dynamic_peers(self) -> dict | None: return None return {"enabled": True} - def _get_static_peers(self, transport: dict) -> list | None: + def _get_static_peers(self, path_group_name: str) -> list | None: """ TODO """ if self.shared_utils.wan_role != "client": return None static_peers = [] + for wan_route_server, data in self._wan_route_servers.items(): + for path_group in get(data, "wan_path_groups", required=True): + if path_group["name"] != path_group_name: + continue + + for interface_dict in path_group.get("interfaces", []): + ipv4_addresses = [] + if (ip_address := interface_dict.get("ip_address")) is not None: + # TODO - removing mask using split but maybe a helper is clearer + ipv4_addresses.append(ip_address.split("/")[0]) + static_peers.append( + { + "router_ip": get(data, "router_id", required=True), + "name": wan_route_server, + "ipv4_addresses": ipv4_addresses, + } + ) + return static_peers From 32964855e3eed05006dd5e4dc2d4a8a7756c3546 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Sun, 17 Dec 2023 01:00:30 +0100 Subject: [PATCH 04/31] Fix: Filter properly on path-group name for stun profiles --- .../configs/cv-pathfinder-pathfinder.cfg | 11 ++++++++++ .../configs/cv-pathfinder-transit.cfg | 19 ++++++++++++++++ .../cv-pathfinder-pathfinder.yml | 11 ++++++++++ .../cv-pathfinder-transit.yml | 22 +++++++++++++++++++ .../group_vars/CV_PATHFINDER_TESTS.yml | 12 ++++++++++ .../overlay/router_path_selection.py | 1 + 6 files changed, 76 insertions(+) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 7b7f9d6354f..d46be584a46 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -25,8 +25,13 @@ router path-selection ! local interface Ethernet1 ! + path-group MPLS id 500 + ! + local interface Ethernet2 + ! load-balance policy LBPOLICY path-group INET + path-group MPLS ! router adaptive-virtual-topology topology role pathfinder @@ -80,6 +85,11 @@ interface Ethernet1 no switchport ip address 10.7.7.7/31 ! +interface Ethernet2 + no shutdown + no switchport + ip address 172.16.0.1/31 +! interface Loopback0 description Router_ID no shutdown @@ -144,5 +154,6 @@ management api http-commands stun server local-interface Ethernet1 + local-interface Ethernet2 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 681382b5873..a81f193ab1d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -31,8 +31,20 @@ router path-selection name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 ! + path-group MPLS id 500 + ! + local interface Ethernet2 + stun server-profile cv-pathfinder-pathfinder-MPLS-1 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 172.16.0.1 + ! load-balance policy LBPOLICY path-group INET + path-group MPLS ! router adaptive-virtual-topology topology role transit region @@ -92,6 +104,11 @@ interface Ethernet1 no switchport ip address dhcp ! +interface Ethernet2 + no shutdown + no switchport + ip address 172.16.6.6/31 +! interface Loopback0 description Router_ID no shutdown @@ -153,5 +170,7 @@ stun client server-profile cv-pathfinder-pathfinder-INET-0 ip address 10.7.7.7/31 + server-profile cv-pathfinder-pathfinder-MPLS-0 + ip address 172.16.0.1/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index db4df06f371..0c3e684e56e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -146,21 +146,32 @@ router_path_selection: local_interfaces: - name: Ethernet1 ipsec_profile: CP-PROFILE + - name: MPLS + id: 500 + local_interfaces: + - name: Ethernet2 load_balance_policies: - name: LBPOLICY path_groups: - name: INET + - name: MPLS peer_dynamic_source: stun stun: server: local_interfaces: - Ethernet1 + - Ethernet2 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface ip_address: 10.7.7.7/31 shutdown: false type: routed +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.16.0.1/31 + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 819cab5619d..8c0ed174b0e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -158,21 +158,43 @@ router_path_selection: ipv4_addresses: - 10.7.7.7 ipsec_profile: CP-PROFILE + - name: MPLS + id: 500 + local_interfaces: + - name: Ethernet2 + stun: + server_profiles: + - cv-pathfinder-pathfinder-MPLS-1 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 load_balance_policies: - name: LBPOLICY path_groups: - name: INET + - name: MPLS stun: client: server_profiles: - name: cv-pathfinder-pathfinder-INET-0 ip_address: 10.7.7.7/31 + - name: cv-pathfinder-pathfinder-MPLS-0 + ip_address: 172.16.0.1/31 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface ip_address: dhcp shutdown: false type: routed +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.16.6.6/31 + shutdown: false + type: routed dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 8daca888f1a..abdda27dcf8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -95,12 +95,24 @@ l3_edge: wan_carrier: Comcast wan_circuit_id: 667 ip: dhcp + - node: cv-pathfinder-transit + interface: Ethernet2 + wan_path_group: MPLS + wan_carrier: Colt + wan_circuit_id: 10666 + ip: 172.16.6.6/31 - node: cv-pathfinder-pathfinder interface: Ethernet1 wan_path_group: INET wan_carrier: Bouygues Telecom wan_circuit_id: 777 ip: 10.7.7.7/31 + - node: cv-pathfinder-pathfinder + interface: Ethernet2 + wan_path_group: MPLS + wan_carrier: Colt + wan_circuit_id: 10000 + ip: 172.16.0.1/31 - node: cv-pathfinder-pathfinder1 interface: Ethernet1 wan_path_group: INET diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 3c21532c01d..83bf133d64b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -130,6 +130,7 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: self._stun_server_profile_name(wrr, path_group_name, index) for wrr, data in self._wan_route_servers.items() for index, path_group in enumerate(get(data, "wan_path_groups", required=True)) + if path_group.get("name") == path_group_name ] if stun_server_profiles: local_interface["stun"] = {"server_profiles": stun_server_profiles} From b9bb353f561229cc1f2ef595a6c1dcf7e1f2781a Mon Sep 17 00:00:00 2001 From: gmuloc Date: Mon, 18 Dec 2023 10:47:52 +0100 Subject: [PATCH 05/31] Feat: Add flow-tracking on WAN interfaces --- .../intended/configs/cv-pathfinder-edge.cfg | 1 + .../intended/configs/cv-pathfinder-pathfinder.cfg | 2 ++ .../intended/configs/cv-pathfinder-pathfinder1.cfg | 1 + .../intended/configs/cv-pathfinder-pathfinder2.cfg | 1 + .../intended/configs/cv-pathfinder-transit.cfg | 2 ++ .../intended/structured_configs/cv-pathfinder-edge.yml | 2 ++ .../intended/structured_configs/cv-pathfinder-pathfinder.yml | 4 ++++ .../intended/structured_configs/cv-pathfinder-pathfinder1.yml | 2 ++ .../intended/structured_configs/cv-pathfinder-pathfinder2.yml | 2 ++ .../intended/structured_configs/cv-pathfinder-transit.yml | 4 ++++ .../python_modules/core_interfaces_and_l3_edge/utils.py | 3 +++ 11 files changed, 24 insertions(+) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 90f6d4660ce..829ef8c7aaa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -90,6 +90,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address dhcp ! interface Loopback0 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index d46be584a46..bb128853632 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -83,11 +83,13 @@ interface Dps1 interface Ethernet1 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address 10.7.7.7/31 ! interface Ethernet2 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address 172.16.0.1/31 ! interface Loopback0 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 87c7244e3bd..79dc7d4803e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -78,6 +78,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address 10.8.8.8/31 ! interface Loopback0 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index f5fc770d4fe..1ece436a44a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -78,6 +78,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address 10.9.9.9/31 ! interface Loopback0 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index a81f193ab1d..86bcc03f891 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -102,11 +102,13 @@ interface Dps1 interface Ethernet1 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address dhcp ! interface Ethernet2 no shutdown no switchport + flow tracker hardware WAN-FLOW-TRACKER ip address 172.16.6.6/31 ! interface Loopback0 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 5d7b5ade5d6..86f6a1355d9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -173,6 +173,8 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 0c3e684e56e..5fa0a3d32b2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -167,11 +167,15 @@ ethernet_interfaces: ip_address: 10.7.7.7/31 shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER - name: Ethernet2 peer_type: l3_interface ip_address: 172.16.0.1/31 shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index 44735c0bb3e..97211606a89 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -187,6 +187,8 @@ ethernet_interfaces: ip_address: 10.8.8.8/31 shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 9a2a589e157..a95be6e8623 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -187,6 +187,8 @@ ethernet_interfaces: ip_address: 10.9.9.9/31 shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 8c0ed174b0e..042661d922d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -190,11 +190,15 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER - name: Ethernet2 peer_type: l3_interface ip_address: 172.16.6.6/31 shutdown: false type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py index c51c918a3d3..75c80e62302 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py @@ -401,4 +401,7 @@ def _get_l3_interface_cfg(self, l3_interface: dict) -> dict | None: if ip_address == "dhcp" and l3_interface.get("dhcp_client_accept_default_route", False): interface["dhcp_client_accept_default_route"] = True + if self.shared_utils.cv_pathfinder_role: + interface["flow_tracker"] = {"hardware": "WAN-FLOW-TRACKER"} + return strip_empties_from_dict(interface) From f12f9facd4cbe1d529576a564ff2c9e4a09ed0a7 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Tue, 19 Dec 2023 17:11:43 +0100 Subject: [PATCH 06/31] Feat(eos_designs): Add support for cv_pathfinder_connected_to_pathfinder * Remove BGP neighborship if no common path-group * Remove router path-selection local_interface stun profile if cv_pathfinder_connected_to_pathfinder is False on the interface * Prevent stun profile value generation --- .../intended/configs/cv-pathfinder-edge.cfg | 13 +++++++++++++ .../structured_configs/cv-pathfinder-edge.yml | 14 ++++++++++++++ .../group_vars/CV_PATHFINDER_TESTS.yml | 7 +++++++ .../python_modules/overlay/router_bgp.py | 2 ++ .../overlay/router_path_selection.py | 17 +++++++++++------ .../eos_designs/python_modules/overlay/stun.py | 4 +--- .../python_modules/overlay/utils.py | 18 ++++++++++++++++++ 7 files changed, 66 insertions(+), 9 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 829ef8c7aaa..0719721ce0d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -31,8 +31,15 @@ router path-selection name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 ! + path-group MPLS id 500 + ! + local interface Ethernet2 + ! + peer dynamic + ! load-balance policy LBPOLICY path-group INET + path-group MPLS ! router adaptive-virtual-topology topology role edge @@ -93,6 +100,12 @@ interface Ethernet1 flow tracker hardware WAN-FLOW-TRACKER ip address dhcp ! +interface Ethernet2 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.15.5.5/31 +! interface Loopback0 description Router_ID no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 86f6a1355d9..332765c59a5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -158,10 +158,17 @@ router_path_selection: ipv4_addresses: - 10.7.7.7 ipsec_profile: CP-PROFILE + - name: MPLS + id: 500 + local_interfaces: + - name: Ethernet2 + dynamic_peers: + enabled: true load_balance_policies: - name: LBPOLICY path_groups: - name: INET + - name: MPLS stun: client: server_profiles: @@ -175,6 +182,13 @@ ethernet_interfaces: type: routed flow_tracker: hardware: WAN-FLOW-TRACKER +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.15.5.5/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index abdda27dcf8..6ec711d9832 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -89,6 +89,13 @@ l3_edge: wan_carrier: ATT wan_circuit_id: 666 ip: dhcp + - node: cv-pathfinder-edge + interface: Ethernet2 + wan_path_group: MPLS + wan_carrier: Colt + wan_circuit_id: 10555 + ip: 172.15.5.5/31 + cv_pathfinder_connected_to_pathfinder: False - node: cv-pathfinder-transit interface: Ethernet1 wan_path_group: INET diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py index 4b2f1c658f7..ccf4e5f5d7b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py @@ -485,6 +485,8 @@ def _neighbors(self) -> list | None: " 'bgp_peer_groups.wan_overlay_peers.listen_range_prefixes'." ) for wan_route_server, data in self._wan_route_servers.items(): + if not self._should_connect_to_wan_rr([pg["name"] for pg in get(data, "wan_path_groups", required=True)]): + continue neighbor = self._create_neighbor(data["router_id"], wan_route_server, self.shared_utils.bgp_peer_groups["wan_overlay_peers"]["name"]) neighbors.append(neighbor) if self.shared_utils.wan_role == "server": diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 83bf133d64b..51472889de1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -126,12 +126,15 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: local_interface = {"name": get(wan_interface, "interface", required=True)} if self.shared_utils.wan_role == "client": - stun_server_profiles = [ - self._stun_server_profile_name(wrr, path_group_name, index) - for wrr, data in self._wan_route_servers.items() - for index, path_group in enumerate(get(data, "wan_path_groups", required=True)) - if path_group.get("name") == path_group_name - ] + stun_server_profiles = [] + for wrr, data in self._wan_route_servers.items(): + for index, path_group in enumerate(get(data, "wan_path_groups", required=True)): + if path_group.get("name") != path_group_name: + continue + if not self._should_connect_to_wan_rr([path_group["name"]]): + continue + stun_server_profiles.append(self._stun_server_profile_name(wrr, path_group_name, index)) + if stun_server_profiles: local_interface["stun"] = {"server_profiles": stun_server_profiles} @@ -156,6 +159,8 @@ def _get_static_peers(self, path_group_name: str) -> list | None: for path_group in get(data, "wan_path_groups", required=True): if path_group["name"] != path_group_name: continue + if not self._should_connect_to_wan_rr([path_group["name"]]): + continue for interface_dict in path_group.get("interfaces", []): ipv4_addresses = [] diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py index a5b33c7f1fb..5528c66d2b9 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py @@ -36,11 +36,9 @@ def stun(self) -> dict | None: if self.shared_utils.wan_role == "client": server_profiles = [] - local_path_group_names = [path_group["name"] for path_group in self.shared_utils.wan_local_path_groups] - for wan_route_server, data in self._wan_route_servers.items(): for path_group in data.get("wan_path_groups", []): - if path_group["name"] not in local_path_group_names: + if not self._should_connect_to_wan_rr([path_group["name"]]): continue for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)): diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 0ca9416487b..53327dc8bd3 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -415,3 +415,21 @@ def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: """ name = f"{wan_route_server_name}-{path_group_name}" return f"{name}-{id}" if id is not None else name + + def _should_connect_to_wan_rr(self, path_groups: list) -> bool: + """ + This helper implements wherther or not a connection to the wan_rr should be made or not based on a list of path-groups. + + To do this the logic is the following: + * Look at the wan_interfaces on the router and check if there is any path-group in common with the RR where + `cv_pathfinder_connected_to_pathfinder` is not False. + """ + return any( + wan_interface["wan_path_group"] in path_groups + and get( + wan_interface, + "cv_pathfinder_connected_to_pathfinder", + default=True, + ) + for wan_interface in self.shared_utils.wan_interfaces + ) From 999e6375b1462b522dd89f49c9ad32ae6e3563f6 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 09:57:41 +0100 Subject: [PATCH 07/31] Refactor: Fix in place modification of l3_edge.l3_interfaces --- .../l3_edge_l3_interfaces.py | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py index 0be7707cfc1..793640aa98b 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py @@ -13,7 +13,7 @@ from .shared_utils import SharedUtils -# TODO only handle l3_edge for now +# TODO only handle l3_edge for now need to look at core_interfaces too class L3EdgeMixin: """ Mixin Class providing a subset of SharedUtils @@ -21,7 +21,7 @@ class L3EdgeMixin: Using type-hint on self to get proper type-hints on attributes across all Mixins. """ - def _apply_profile(self: SharedUtils, type: str, target_dict: dict) -> dict: + def _apply_profile(self: SharedUtils, target_dict: dict) -> dict: """ Apply a profile to a p2p_link or a l3_interface """ @@ -29,19 +29,13 @@ def _apply_profile(self: SharedUtils, type: str, target_dict: dict) -> dict: # Nothing to do return target_dict - # Silently ignoring missing profile and wrong types. - if type == "l3_interfaces": - profiles = get(self.hostvars, "l3_edge.l3_interfaces_profiles", default=[]) - profile = get_item(profiles, "profile", target_dict["profile"], default={}) - target_dict.pop("profile", None) - elif type == "p2p_links": - profile = get_item(self._p2p_links_profiles, "name", target_dict["profile"], default={}) - target_dict.pop("name", None) - else: - return target_dict + profiles = get(self.hostvars, "l3_edge.l3_interfaces_profiles", default=[]) + profile = get_item(profiles, "profile", target_dict["profile"], default={}) target_dict = merge(profile, target_dict, list_merge="replace", destructive_merge=False) + target_dict.pop("profile", None) + return target_dict @cached_property @@ -53,7 +47,7 @@ def filtered_l3_interfaces(self: SharedUtils) -> list: if not (l3_interfaces := get(self.hostvars, "l3_edge.l3_interfaces", default=[])): return [] - l3_interfaces = [self._apply_profile("l3_interfaces", l3_interface) for l3_interface in l3_interfaces] + l3_interfaces = [self._apply_profile(l3_interface) for l3_interface in l3_interfaces] # Filter to only include l3_interfaces with our hostname as node return [l3_interface for l3_interface in l3_interfaces if self.hostname == get(l3_interface, "node", required=True)] From 482b99b663b04bc6f4b3f421820145f59be95171 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 10:10:40 +0100 Subject: [PATCH 08/31] Doc: Update documentation for wan interfaces --- .../arista/avd/roles/eos_designs/docs/wan-preview.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index f8591bbd43a..7f66704d89f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -103,6 +103,12 @@ roles/eos_designs/docs/tables/wan-settings.md roles/eos_designs/docs/tables/wan-cv-pathfinder-regions.md --8<-- +#### WAN interfaces + +--8<-- +roles/eos_designs/docs/tables/wan-interfaces-settings.md +--8<-- + #### New BGP peer-group --8<-- From 01213c3cb366cc995031546f029be7d85352c269 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 11:18:43 +0100 Subject: [PATCH 09/31] Doc: Add limitation --- .../arista/avd/roles/eos_designs/docs/wan-preview.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index 7f66704d89f..1807a2a96d4 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -48,6 +48,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co ``` - No IPv6 support +- For WAN interfaces only `l3_edge.l3_interfaces` is supported and not `core_interfaces.l3_interfaces`. ## Future work @@ -105,6 +106,9 @@ roles/eos_designs/docs/tables/wan-cv-pathfinder-regions.md #### WAN interfaces +!!! note + The current code implements only `l3_edge.l3_interfaces` and not `core_interfaces.l3_interfaces` + --8<-- roles/eos_designs/docs/tables/wan-interfaces-settings.md --8<-- From 09599ea6d2c021b244004a5cb705114460ce8d85 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 12:29:35 +0100 Subject: [PATCH 10/31] Doc: Fix schema documentation as per PR review --- .../docs/tables/wan-interfaces-settings.md | 16 ++++++++-------- .../schemas/eos_designs.jsonschema.json | 8 ++++---- .../eos_designs/schemas/eos_designs.schema.yml | 2 +- .../defs_l3_edge_l3_interfaces.schema.yml | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md index 655c3d39445..4d944c246b1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md @@ -13,24 +13,24 @@ | [      wan_path_group](## "core_interfaces.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | | [      wan_carrier](## "core_interfaces.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "core_interfaces.l3_interfaces") | List, items: Dictionary | | | | | | [      wan_path_group](## "core_interfaces.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | | [      wan_carrier](## "core_interfaces.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [l3_edge](## "l3_edge") | Dictionary | | | | | | [  l3_interfaces_profiles](## "l3_edge.l3_interfaces_profiles") | List, items: Dictionary | | | | | | [    - profile](## "l3_edge.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | | [      wan_path_group](## "l3_edge.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | | [      wan_carrier](## "l3_edge.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | | [      wan_circuit_id](## "l3_edge.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "l3_edge.l3_interfaces") | List, items: Dictionary | | | | | | [      wan_path_group](## "l3_edge.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | | [      wan_carrier](## "l3_edge.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | | [      wan_circuit_id](## "l3_edge.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | === "YAML" @@ -60,7 +60,7 @@ # PREVIEW: This key is currently not supported - # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. cv_pathfinder_connected_to_pathfinder: l3_interfaces: @@ -84,7 +84,7 @@ # PREVIEW: This key is currently not supported - # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. cv_pathfinder_connected_to_pathfinder: l3_edge: @@ -112,7 +112,7 @@ # PREVIEW: This key is currently not supported - # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. cv_pathfinder_connected_to_pathfinder: l3_interfaces: @@ -136,7 +136,7 @@ # PREVIEW: This key is currently not supported - # For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. cv_pathfinder_connected_to_pathfinder: ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 79019e24e4a..032b6c33b9a 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3286,7 +3286,7 @@ }, "cv_pathfinder_connected_to_pathfinder": { "type": "boolean", - "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", "title": "Cv Pathfinder Connected To Pathfinder" }, "raw_eos_cli": { @@ -5968,7 +5968,7 @@ }, "cv_pathfinder_connected_to_pathfinder": { "type": "boolean", - "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", "title": "Cv Pathfinder Connected To Pathfinder" }, "raw_eos_cli": { @@ -10043,7 +10043,7 @@ }, "cv_pathfinder_connected_to_pathfinder": { "type": "boolean", - "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", "title": "Cv Pathfinder Connected To Pathfinder" }, "raw_eos_cli": { @@ -12725,7 +12725,7 @@ }, "cv_pathfinder_connected_to_pathfinder": { "type": "boolean", - "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", + "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", "title": "Cv Pathfinder Connected To Pathfinder" }, "raw_eos_cli": { diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 405530559a2..309f313e7ac 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -4214,7 +4214,7 @@ $defs: description: 'PREVIEW: This key is currently not supported - For a WAN interface (`wan_carrier` is set), allow to disable the static + For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. Default True.' diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index ed85d9a4ddf..295daae9234 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -87,7 +87,7 @@ $defs: description: |- PREVIEW: This key is currently not supported - For a WAN interface (`wan_carrier` is set), allow to disable the static tunnel towards Pathfinders. + For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. Default True. raw_eos_cli: type: str From 227a6696c5711a8dbfeb39eb4fac4745d2d92851 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 14:42:00 +0100 Subject: [PATCH 11/31] Refactor: Support dhcp on pathfinder interface when set via wan_path_groups --- .../intended/configs/autovpn-rr1.cfg | 2 +- .../structured_configs/autovpn-rr1.yml | 2 +- .../inventory/group_vars/AUTOVPN_TESTS.yml | 10 +++++-- .../eos_designs/docs/tables/wan-settings.md | 12 ++++++-- .../avd/roles/eos_designs/docs/wan-preview.md | 1 + .../python_modules/overlay/utils.py | 6 ++++ .../schemas/eos_designs.jsonschema.json | 29 ++++++++++++++++--- .../schemas/eos_designs.schema.yml | 17 ++++++++--- .../wan_route_servers.schema.yml | 16 +++++++--- 9 files changed, 76 insertions(+), 19 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index 615ff5f900d..62d437c57f1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -55,7 +55,7 @@ interface Dps1 interface Ethernet1 no shutdown no switchport - ip address 10.7.7.7/31 + ip address dhcp ! interface Loopback0 description Router_ID diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index a8f7308d14e..36f274b1dca 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -132,7 +132,7 @@ stun: ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface - ip_address: 10.7.7.7/31 + ip_address: dhcp shutdown: false type: routed dps_interfaces: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index ed47d2a630a..1964233f371 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -11,8 +11,13 @@ bgp_peer_groups: - 192.168.30.0/24 wan_route_servers: - # Not testing the overloading + # Testing having the interface configured with DHPC - hostname: autovpn-rr1 + path_groups: + - name: INET + interfaces: + - name: Ethernet1 + ip_address: 10.7.7.7/31 - hostname: autovpn-rr2 wan_ipsec_profiles: @@ -63,7 +68,8 @@ l3_edge: interface: Ethernet1 wan_path_group: INET wan_circuit_id: 777 - ip: 10.7.7.7/31 + ip: dhcp + # ip: 10.7.7.7/31 - node: autovpn-rr2 interface: Ethernet1 wan_path_group: INET diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 735b25fa981..354716b0874 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -32,7 +32,9 @@ | [    router_id](## "wan_route_servers.[].router_id") | String | | | | Route-Reflector router id. | | [    path_groups](## "wan_route_servers.[].path_groups") | List, items: Dictionary | | | | Path-groups through which the Route Reflector/Pathfinder is reached. | | [      - name](## "wan_route_servers.[].path_groups.[].name") | String | | | | Path-group name. | - | [        ip_address](## "wan_route_servers.[].path_groups.[].ip_address") | String | | | | The public IP address of the Route Reflector for this path-group. | + | [        interfaces](## "wan_route_servers.[].path_groups.[].interfaces") | List, items: Dictionary | | | | | + | [          - name](## "wan_route_servers.[].path_groups.[].interfaces.[].name") | String | Required, Unique | | | Interface name. | + | [            ip_address](## "wan_route_servers.[].path_groups.[].interfaces.[].ip_address") | String | | | | The public IP address of the Route Reflector for this path-group. | === "YAML" @@ -124,7 +126,11 @@ # Path-group name. - name: + interfaces: - # The public IP address of the Route Reflector for this path-group. - ip_address: + # Interface name. + - name: + + # The public IP address of the Route Reflector for this path-group. + ip_address: ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index 1807a2a96d4..af95fcf7022 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -49,6 +49,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - No IPv6 support - For WAN interfaces only `l3_edge.l3_interfaces` is supported and not `core_interfaces.l3_interfaces`. +- For WAN interfaces, NAT IP on the Pathfinder side can be supported using the `wan_route_servers.path_groups.interfaces` key. ## Future work diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 53327dc8bd3..27e26a54b74 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -405,6 +405,12 @@ def _wan_route_servers(self) -> dict: "wan_path_groups": wan_path_groups, } + if any(interface["ip_address"] == "dhcp" for path_group in wan_rr_result_dict["wan_path_groups"] for interface in path_group.get("interfaces", [])): + raise AristaAvdError( + f"The IP address for a WAN interface on a Route Reflector cannot be 'dhcp', this is the case for '{wan_rr}'. Set an ip address to use under" + " the 'wan_route_servers.path_groups.interfaces' key." + ) + wan_route_servers[wan_rr] = strip_empties_from_dict(wan_rr_result_dict) return wan_route_servers diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 032b6c33b9a..67537671434 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -31107,10 +31107,31 @@ "description": "Path-group name.", "title": "Name" }, - "ip_address": { - "type": "string", - "description": "The public IP address of the Route Reflector for this path-group.", - "title": "IP Address" + "interfaces": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Interface name.", + "title": "Name" + }, + "ip_address": { + "type": "string", + "description": "The public IP address of the Route Reflector for this path-group.", + "title": "IP Address" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "required": [ + "name" + ] + }, + "title": "Interfaces" } }, "additionalProperties": false, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 309f313e7ac..f5f7795bef8 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3311,10 +3311,19 @@ keys: name: type: str description: Path-group name. - ip_address: - type: str - description: The public IP address of the Route Reflector for this - path-group. + interfaces: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + description: Interface name. + ip_address: + type: str + description: The public IP address of the Route Reflector for + this path-group. dynamic_keys: connected_endpoints_keys.key: $ref: eos_designs#/$defs/connected_endpoints diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml index 3a200f316c4..88d36624715 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml @@ -37,7 +37,15 @@ keys: name: type: str description: Path-group name. - # TODO - should it be multiple IP address - ip_address: - type: str - description: The public IP address of the Route Reflector for this path-group. + interfaces: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + description: Interface name. + ip_address: + type: str + description: The public IP address of the Route Reflector for this path-group. From bdbc14e6bedc71260d7ef5e2f72c23ff309c8ab2 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 14:53:57 +0100 Subject: [PATCH 12/31] Refactor: Make Path-group ID mandatory for now --- .../inventory/group_vars/AUTOVPN_TESTS.yml | 3 +++ .../inventory/group_vars/CV_PATHFINDER_TESTS.yml | 4 ++++ .../roles/eos_designs/docs/tables/wan-settings.md | 6 ++++-- .../avd/roles/eos_designs/docs/wan-preview.md | 5 +++-- .../python_modules/overlay/router_path_selection.py | 6 ++++-- .../eos_designs/schemas/eos_designs.jsonschema.json | 13 +++++++------ .../eos_designs/schemas/eos_designs.schema.yml | 10 ++++++++-- .../schema_fragments/wan_path_groups.schema.yml | 10 ++++++++-- 8 files changed, 41 insertions(+), 16 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index 1964233f371..71a42f2ab16 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -54,8 +54,11 @@ wan_rr: wan_path_groups: - name: MPLS ipsec: False + id: 100 - name: INET + id: 101 - name: LTE + id: 102 l3_edge: l3_interfaces: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 6ec711d9832..ee6c7db7009 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -78,8 +78,12 @@ wan_rr: wan_path_groups: - name: MPLS ipsec: false + # TODO remove one once auto-id is implemented - for now required in schema + id: 100 - name: INET + id: 101 - name: LTE + id: 102 l3_edge: l3_interfaces: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 354716b0874..7008b11dccb 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -21,7 +21,7 @@ | [wan_mode](## "wan_mode") | String | | `cv-pathfinder` | Valid Values:
- autovpn
- cv-pathfinder | PREVIEW: This key is currently not supported

Select if the WAN should be run using CV Pathfinder or Auto VPN only. | | [wan_path_groups](## "wan_path_groups") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported
List of path-groups used for the WAN configuration. | | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | - | [    id](## "wan_path_groups.[].id") | String | | | | Path-group id. | + | [    id](## "wan_path_groups.[].id") | Integer | Required | | | Path-group id.

TODO: Required until an auto ID algorithm is implemented. | | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the path_group (default is True). | | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | @@ -89,7 +89,9 @@ - name: # Path-group id. - id: + + # TODO: Required until an auto ID algorithm is implemented. + id: # Additional information about the path-group for documentation purposes. description: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index af95fcf7022..b89f7ab8200 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -50,12 +50,13 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - No IPv6 support - For WAN interfaces only `l3_edge.l3_interfaces` is supported and not `core_interfaces.l3_interfaces`. - For WAN interfaces, NAT IP on the Pathfinder side can be supported using the `wan_route_servers.path_groups.interfaces` key. +- Path-group ID is currently required under `wan_path_groups` until an algorithm is implemented to auto generate IDs. ## Future work - As of now, only the fundations of the `eos_designs` functionality for WAN is - being introduced without any support for LAN and WAN interfaces. - This implies that path-groups are not configured. + being introduced without any support for LAN interfaces. +- Auto generation of Path-group IDs. - The configuration of AVT policies is not supported yet and will be introduced later. - HA for sites will be covered in a future PR diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 51472889de1..b87d8d0353b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -54,7 +54,7 @@ def _get_path_groups(self) -> list: path_group_data = { "name": pg_name, - "id": self._get_path_group_id(pg_name), + "id": self._get_path_group_id(pg_name, path_group.get("id")), "local_interfaces": self._get_local_interfaces(pg_name), "dynamic_peers": self._get_dynamic_peers(), "static_peers": self._get_static_peers(pg_name), @@ -102,13 +102,15 @@ def _get_vrfs(self) -> list | None: return vrfs return None - def _get_path_group_id(self, path_group_name: str) -> int: + def _get_path_group_id(self, path_group_name: str, config_id: int | None = None) -> int: """ TODO - implement algorithm to auto assign IDs - cf internal documenation TODO - also implement algorithm for cross connects on public path_groups """ if path_group_name == "LAN_HA": return 65535 + if config_id is not None: + return config_id return 500 def _get_local_interfaces(self, path_group_name: str) -> list | None: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 67537671434..c6d3b019171 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -31031,8 +31031,8 @@ "title": "Name" }, "id": { - "type": "string", - "description": "Path-group id.", + "type": "integer", + "description": "Path-group id.\n\nTODO: Required until an auto ID algorithm is implemented.", "title": "ID" }, "description": { @@ -31070,13 +31070,14 @@ "title": "Import Path Groups" } }, + "required": [ + "id", + "name" + ], "additionalProperties": false, "patternProperties": { "^_.+$": {} - }, - "required": [ - "name" - ] + } }, "title": "Wan Path Groups" }, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index f5f7795bef8..f612241dbe4 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3254,8 +3254,14 @@ keys: type: str description: Path-group name. id: - type: str - description: Path-group id. + type: int + convert_types: + - str + description: 'Path-group id. + + + TODO: Required until an auto ID algorithm is implemented.' + required: true description: type: str description: Additional information about the path-group for documentation diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml index d6595049f53..311ee0857e5 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml @@ -21,8 +21,14 @@ keys: type: str description: Path-group name. id: - type: str - description: Path-group id. + type: int + convert_types: + - str + description: |- + Path-group id. + + TODO: Required until an auto ID algorithm is implemented. + required: true description: type: str description: Additional information about the path-group for documentation purposes. From f77afa0decabf421a75f11ea767c9adb2c9308b0 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 14:56:59 +0100 Subject: [PATCH 13/31] CI: Run da pre-commit --- .../eos_designs_unit_tests/intended/configs/autovpn-edge.cfg | 2 +- .../eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg | 2 +- .../eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg | 2 +- .../intended/configs/cv-pathfinder-edge.cfg | 4 ++-- .../intended/configs/cv-pathfinder-pathfinder.cfg | 4 ++-- .../intended/configs/cv-pathfinder-pathfinder1.cfg | 2 +- .../intended/configs/cv-pathfinder-pathfinder2.cfg | 2 +- .../intended/configs/cv-pathfinder-transit.cfg | 4 ++-- .../intended/structured_configs/autovpn-edge.yml | 2 +- .../intended/structured_configs/autovpn-rr1.yml | 2 +- .../intended/structured_configs/autovpn-rr2.yml | 2 +- .../intended/structured_configs/cv-pathfinder-edge.yml | 4 ++-- .../intended/structured_configs/cv-pathfinder-pathfinder.yml | 4 ++-- .../intended/structured_configs/cv-pathfinder-pathfinder1.yml | 2 +- .../intended/structured_configs/cv-pathfinder-pathfinder2.yml | 2 +- .../intended/structured_configs/cv-pathfinder-transit.yml | 4 ++-- .../schemas/schema_fragments/wan_route_servers.schema.yml | 2 +- 17 files changed, 23 insertions(+), 23 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 4309ce29431..318e083ecc7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -10,7 +10,7 @@ hostname autovpn-edge ! router path-selection ! - path-group INET id 500 + path-group INET id 101 ipsec profile AUTOVPN ! local interface Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index 62d437c57f1..e60a1eae9c4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -11,7 +11,7 @@ hostname autovpn-rr1 router path-selection peer dynamic source stun ! - path-group INET id 500 + path-group INET id 101 ipsec profile AUTOVPN ! local interface Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index 1af8598877c..c843c71e3dc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -11,7 +11,7 @@ hostname autovpn-rr2 router path-selection peer dynamic source stun ! - path-group INET id 500 + path-group INET id 101 ipsec profile AUTOVPN ! local interface Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 0719721ce0d..f2dd6df2dfe 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -19,7 +19,7 @@ hostname cv-pathfinder-edge ! router path-selection ! - path-group INET id 500 + path-group INET id 101 ipsec profile CP-PROFILE ! local interface Ethernet1 @@ -31,7 +31,7 @@ router path-selection name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 ! - path-group MPLS id 500 + path-group MPLS id 100 ! local interface Ethernet2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index bb128853632..9499eb39342 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -20,12 +20,12 @@ hostname cv-pathfinder-pathfinder router path-selection peer dynamic source stun ! - path-group INET id 500 + path-group INET id 101 ipsec profile CP-PROFILE ! local interface Ethernet1 ! - path-group MPLS id 500 + path-group MPLS id 100 ! local interface Ethernet2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 79dc7d4803e..95809940237 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -20,7 +20,7 @@ hostname cv-pathfinder-pathfinder1 router path-selection peer dynamic source stun ! - path-group INET id 500 + path-group INET id 101 ipsec profile CP-PROFILE ! local interface Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index 1ece436a44a..450c0c94e51 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -20,7 +20,7 @@ hostname cv-pathfinder-pathfinder2 router path-selection peer dynamic source stun ! - path-group INET id 500 + path-group INET id 101 ipsec profile CP-PROFILE ! local interface Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 86bcc03f891..69f624e9703 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -19,7 +19,7 @@ hostname cv-pathfinder-transit ! router path-selection ! - path-group INET id 500 + path-group INET id 101 ipsec profile CP-PROFILE ! local interface Ethernet1 @@ -31,7 +31,7 @@ router path-selection name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 ! - path-group MPLS id 500 + path-group MPLS id 100 ! local interface Ethernet2 stun server-profile cv-pathfinder-pathfinder-MPLS-1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index 1b657889b56..2f3d13e53ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -94,7 +94,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 stun: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index 36f274b1dca..c1ce6085b0b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -109,7 +109,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 ipsec_profile: AUTOVPN diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index 88307161868..d9b6acaff16 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -109,7 +109,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 ipsec_profile: AUTOVPN diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 332765c59a5..833873e0d85 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -144,7 +144,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 stun: @@ -159,7 +159,7 @@ router_path_selection: - 10.7.7.7 ipsec_profile: CP-PROFILE - name: MPLS - id: 500 + id: 100 local_interfaces: - name: Ethernet2 dynamic_peers: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 5fa0a3d32b2..0737c272860 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -142,12 +142,12 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 ipsec_profile: CP-PROFILE - name: MPLS - id: 500 + id: 100 local_interfaces: - name: Ethernet2 load_balance_policies: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index 97211606a89..bcdafc3bc05 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -168,7 +168,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 ipsec_profile: CP-PROFILE diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index a95be6e8623..04945936ddd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -168,7 +168,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 ipsec_profile: CP-PROFILE diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 042661d922d..2b5a1550dfa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -144,7 +144,7 @@ router_bfd: router_path_selection: path_groups: - name: INET - id: 500 + id: 101 local_interfaces: - name: Ethernet1 stun: @@ -159,7 +159,7 @@ router_path_selection: - 10.7.7.7 ipsec_profile: CP-PROFILE - name: MPLS - id: 500 + id: 100 local_interfaces: - name: Ethernet2 stun: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml index 88d36624715..52e38afa919 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml @@ -43,7 +43,7 @@ keys: items: type: dict keys: - name: + name: type: str description: Interface name. ip_address: From 55a631db545a9cd72fe163a4bb14308debe3d4cb Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 22:41:57 +0100 Subject: [PATCH 14/31] Refactor: Add WAN carriers --- .../inventory/group_vars/AUTOVPN_TESTS.yml | 12 +++- .../group_vars/CV_PATHFINDER_TESTS.yml | 22 ++++--- .../plugin_utils/eos_designs_facts/wan.py | 3 +- .../eos_designs_shared_utils/wan.py | 49 +++++++++++++-- .../docs/tables/wan-interfaces-settings.md | 40 +++---------- .../eos_designs/docs/tables/wan-settings.md | 18 ++++++ .../overlay/router_path_selection.py | 2 +- .../python_modules/overlay/utils.py | 2 +- .../schemas/eos_designs.jsonschema.json | 60 +++++++++++-------- .../schemas/eos_designs.schema.yml | 33 +++++++--- .../defs_l3_edge_l3_interfaces.schema.yml | 10 +--- .../schema_fragments/wan_carriers.schema.yml | 30 ++++++++++ 12 files changed, 187 insertions(+), 94 deletions(-) create mode 100644 ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index 71a42f2ab16..59ad3d18494 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -60,21 +60,27 @@ wan_path_groups: - name: LTE id: 102 +wan_carriers: + - name: Comcast + path_group: INET + - name: ATT + path_group: INET + l3_edge: l3_interfaces: - node: autovpn-edge interface: Ethernet1 - wan_path_group: INET + wan_carrier: Comcast wan_circuit_id: 666 ip: dhcp - node: autovpn-rr1 interface: Ethernet1 - wan_path_group: INET + wan_carrier: ATT wan_circuit_id: 777 ip: dhcp # ip: 10.7.7.7/31 - node: autovpn-rr2 interface: Ethernet1 - wan_path_group: INET + wan_carrier: ATT wan_circuit_id: 888 ip: 10.8.8.8/31 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index ee6c7db7009..9aff138fb7d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -85,54 +85,60 @@ wan_path_groups: - name: LTE id: 102 +wan_carriers: + - name: Comcast + path_group: INET + - name: ATT + path_group: INET + - name: Bouygues Telecom + path_group: INET + - name: SFR + path_group: INET + - name: Orange + path_group: INET + - name: Colt + path_group: MPLS + l3_edge: l3_interfaces: - node: cv-pathfinder-edge interface: Ethernet1 - wan_path_group: INET wan_carrier: ATT wan_circuit_id: 666 ip: dhcp - node: cv-pathfinder-edge interface: Ethernet2 - wan_path_group: MPLS wan_carrier: Colt wan_circuit_id: 10555 ip: 172.15.5.5/31 cv_pathfinder_connected_to_pathfinder: False - node: cv-pathfinder-transit interface: Ethernet1 - wan_path_group: INET wan_carrier: Comcast wan_circuit_id: 667 ip: dhcp - node: cv-pathfinder-transit interface: Ethernet2 - wan_path_group: MPLS wan_carrier: Colt wan_circuit_id: 10666 ip: 172.16.6.6/31 - node: cv-pathfinder-pathfinder interface: Ethernet1 - wan_path_group: INET wan_carrier: Bouygues Telecom wan_circuit_id: 777 ip: 10.7.7.7/31 - node: cv-pathfinder-pathfinder interface: Ethernet2 - wan_path_group: MPLS wan_carrier: Colt wan_circuit_id: 10000 ip: 172.16.0.1/31 - node: cv-pathfinder-pathfinder1 interface: Ethernet1 - wan_path_group: INET wan_carrier: Orange wan_circuit_id: 888 ip: 10.8.8.8/31 - node: cv-pathfinder-pathfinder2 interface: Ethernet1 - wan_path_group: INET wan_carrier: SFR wan_circuit_id: 999 ip: 10.9.9.9/31 diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index 21ce3e49fd9..c089676ad65 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -30,7 +30,8 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None: res = [] for interface in self.shared_utils.wan_interfaces: - pg_name = get(interface, "wan_path_group", required=True) + carrier = get(interface, "wan_carrier", required=True) + pg_name = self.shared_utils.get_carrier_path_group(carrier) if (pg_dict := get_item(res, "name", pg_name)) is None: res.append( { diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index 9776ab7cfba..2cfc1d1fbae 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -66,31 +66,68 @@ def wan_interfaces(self: SharedUtils) -> list: wan_interfaces = [] for interface in self.filtered_l3_interfaces: # Potentially needs to resolve profile - if get(interface, "wan_path_group") is not None: + if get(interface, "wan_carrier") is not None: # TODO - may need to validate the path_group here wan_interfaces.append(interface) return wan_interfaces + @cached_property + def wan_local_carriers(self: SharedUtils) -> list: + """ + List of carriers present on this router based on the wan_interfaces + + TODO maybe a list of name is enough + """ + if self.wan_mode is None: + return [] + local_carriers = [] + global_carriers = get(self.hostvars, "wan_carriers", required=True) + for interface in self.wan_interfaces: + iface_carrier = interface.get("wan_carrier") + carrier = get_item( + global_carriers, + "name", + iface_carrier, + required=True, + custom_error_msg=f"WAN carrier {iface_carrier} is not in the available carriers defined in `wan_carriers`", + ) + local_carriers.append(carrier) + + return local_carriers + + def get_carrier_path_group(self: SharedUtils, carrier: str) -> str: + """ """ + global_carriers = get(self.hostvars, "wan_carriers", required=True) + + return get_item( + global_carriers, + "name", + carrier, + required=True, + custom_error_msg=f"WAN carrier {carrier} is not in the available carriers defined in `wan_carriers`", + )["path_group"] + @cached_property def wan_local_path_groups(self: SharedUtils) -> list: """ - List of path_groups present on this router based on the wan_interfaces + List of path_groups present on this router based on the local carriers TODO maybe a list of name is enough """ if self.wan_mode is None: return [] + local_path_groups = [] global_path_groups = get(self.hostvars, "wan_path_groups", required=True) - for interface in self.wan_interfaces: - iface_path_group = interface.get("wan_path_group") + + for carrier in self.wan_local_carriers: path_group = get_item( global_path_groups, "name", - iface_path_group, + carrier.get("path_group"), required=True, - custom_error_msg=f"WAN path_group {iface_path_group} is not in the available path_groups defined in `wan_path_groups`", + custom_error_msg=f"WAN path_group {carrier.get('path_group')} is not in the available path_groups defined in `wan_path_groups`", ) local_path_groups.append(path_group) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md index 4d944c246b1..b195fdf464f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md @@ -10,25 +10,21 @@ | [core_interfaces](## "core_interfaces") | Dictionary | | | | | | [  l3_interfaces_profiles](## "core_interfaces.l3_interfaces_profiles") | List, items: Dictionary | | | | | | [    - profile](## "core_interfaces.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | - | [      wan_path_group](## "core_interfaces.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | - | [      wan_carrier](## "core_interfaces.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_carrier](## "core_interfaces.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "core_interfaces.l3_interfaces") | List, items: Dictionary | | | | | - | [      wan_path_group](## "core_interfaces.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | - | [      wan_carrier](## "core_interfaces.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_carrier](## "core_interfaces.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [l3_edge](## "l3_edge") | Dictionary | | | | | | [  l3_interfaces_profiles](## "l3_edge.l3_interfaces_profiles") | List, items: Dictionary | | | | | | [    - profile](## "l3_edge.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | - | [      wan_path_group](## "l3_edge.l3_interfaces_profiles.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | - | [      wan_carrier](## "l3_edge.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_carrier](## "l3_edge.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "l3_edge.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "l3_edge.l3_interfaces") | List, items: Dictionary | | | | | - | [      wan_path_group](## "l3_edge.l3_interfaces.[].wan_path_group") | String | | | | PREVIEW: This key is currently not supported

The WAN path-group this interface is connected to. | - | [      wan_carrier](## "l3_edge.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is not rendered in the configuration but used for WAN designs. | + | [      wan_carrier](## "l3_edge.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "l3_edge.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | @@ -43,13 +39,8 @@ # PREVIEW: This key is currently not supported - # The WAN path-group this interface is connected to. - wan_path_group: - - # PREVIEW: This key is currently not supported - # The WAN Carrier this interface is connected to. - # This is not rendered in the configuration but used for WAN designs. + # This is used to infer the path-groups in which this interface should be configured. wan_carrier: # PREVIEW: This key is currently not supported @@ -67,13 +58,8 @@ # PREVIEW: This key is currently not supported - # The WAN path-group this interface is connected to. - wan_path_group: - - # PREVIEW: This key is currently not supported - # The WAN Carrier this interface is connected to. - # This is not rendered in the configuration but used for WAN designs. + # This is used to infer the path-groups in which this interface should be configured. wan_carrier: # PREVIEW: This key is currently not supported @@ -95,13 +81,8 @@ # PREVIEW: This key is currently not supported - # The WAN path-group this interface is connected to. - wan_path_group: - - # PREVIEW: This key is currently not supported - # The WAN Carrier this interface is connected to. - # This is not rendered in the configuration but used for WAN designs. + # This is used to infer the path-groups in which this interface should be configured. wan_carrier: # PREVIEW: This key is currently not supported @@ -119,13 +100,8 @@ # PREVIEW: This key is currently not supported - # The WAN path-group this interface is connected to. - wan_path_group: - - # PREVIEW: This key is currently not supported - # The WAN Carrier this interface is connected to. - # This is not rendered in the configuration but used for WAN designs. + # This is used to infer the path-groups in which this interface should be configured. wan_carrier: # PREVIEW: This key is currently not supported diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 7008b11dccb..d1c65507230 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -7,6 +7,10 @@ | Variable | Type | Required | Default | Value Restrictions | Description | | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [wan_carriers](## "wan_carriers") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported

List of carriers used for the WAN configuration and their mapping to path-groups. | + | [  - name](## "wan_carriers.[].name") | String | Required, Unique | | | Carrier name. | + | [    description](## "wan_carriers.[].description") | String | | | | Additional information about the carrier for documentation purposes. | + | [    path_group](## "wan_carriers.[].path_group") | String | | | | The path-group to which this carrier belongs. | | [wan_ipsec_profiles](## "wan_ipsec_profiles") | Dictionary | | | | PREVIEW: This key is currently not supported

Define IPsec profiles parameters for WAN configuration. | | [  control_plane](## "wan_ipsec_profiles.control_plane") | Dictionary | Required | | | PREVIEW: This key is currently not supported | | [    ike_policy_name](## "wan_ipsec_profiles.control_plane.ike_policy_name") | String | | `CP-IKE-POLICY` | | Name of the IKE policy. | @@ -41,6 +45,20 @@ ```yaml # PREVIEW: This key is currently not supported + # List of carriers used for the WAN configuration and their mapping to path-groups. + wan_carriers: + + # Carrier name. + - name: + + # Additional information about the carrier for documentation purposes. + description: + + # The path-group to which this carrier belongs. + path_group: + + # PREVIEW: This key is currently not supported + # Define IPsec profiles parameters for WAN configuration. wan_ipsec_profiles: diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index b87d8d0353b..e35bfd92752 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -122,7 +122,7 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: local_interfaces = [] for wan_interface in self.shared_utils.wan_interfaces: # Skipping interface not in the target path_group - if wan_interface.get("wan_path_group") != path_group_name: + if self.shared_utils.get_carrier_path_group(wan_interface.get("wan_carrier")) != path_group_name: continue local_interface = {"name": get(wan_interface, "interface", required=True)} diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 27e26a54b74..4ad0ce9616a 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -431,7 +431,7 @@ def _should_connect_to_wan_rr(self, path_groups: list) -> bool: `cv_pathfinder_connected_to_pathfinder` is not False. """ return any( - wan_interface["wan_path_group"] in path_groups + self.shared_utils.get_carrier_path_group(wan_interface["wan_carrier"]) in path_groups and get( wan_interface, "cv_pathfinder_connected_to_pathfinder", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index c6d3b019171..2817b7bd599 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3269,14 +3269,9 @@ "description": "QOS service profile.", "title": "QOS Profile" }, - "wan_path_group": { - "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", - "title": "Wan Path Group" - }, "wan_carrier": { "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is used to infer the path-groups in which this interface should be configured.", "title": "Wan Carrier" }, "wan_circuit_id": { @@ -5951,14 +5946,9 @@ "description": "QOS service profile.", "title": "QOS Profile" }, - "wan_path_group": { - "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", - "title": "Wan Path Group" - }, "wan_carrier": { "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is used to infer the path-groups in which this interface should be configured.", "title": "Wan Carrier" }, "wan_circuit_id": { @@ -10026,14 +10016,9 @@ "description": "QOS service profile.", "title": "QOS Profile" }, - "wan_path_group": { - "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", - "title": "Wan Path Group" - }, "wan_carrier": { "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is used to infer the path-groups in which this interface should be configured.", "title": "Wan Carrier" }, "wan_circuit_id": { @@ -12708,14 +12693,9 @@ "description": "QOS service profile.", "title": "QOS Profile" }, - "wan_path_group": { - "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN path-group this interface is connected to.", - "title": "Wan Path Group" - }, "wan_carrier": { "type": "string", - "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is not rendered in the configuration but used for WAN designs.", + "description": "PREVIEW: This key is currently not supported\n\nThe WAN Carrier this interface is connected to.\nThis is used to infer the path-groups in which this interface should be configured.", "title": "Wan Carrier" }, "wan_circuit_id": { @@ -30921,6 +30901,38 @@ "type": "string", "title": "Vtep Vvtep IP" }, + "wan_carriers": { + "description": "PREVIEW: This key is currently not supported\n\nList of carriers used for the WAN configuration and their mapping to path-groups.", + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Carrier name.", + "title": "Name" + }, + "description": { + "type": "string", + "description": "Additional information about the carrier for documentation purposes.", + "title": "Description" + }, + "path_group": { + "type": "string", + "description": "The path-group to which this carrier belongs.", + "title": "Path Group" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "required": [ + "name" + ] + }, + "title": "Wan Carriers" + }, "wan_ipsec_profiles": { "description": "PREVIEW: This key is currently not supported\n\nDefine IPsec profiles parameters for WAN configuration.", "type": "object", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index f612241dbe4..7c7d8fdba68 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3182,6 +3182,28 @@ keys: remove_in_version: 4.0.0 type: bool default: false + wan_carriers: + documentation_options: + table: wan-settings + description: 'PREVIEW: This key is currently not supported + + + List of carriers used for the WAN configuration and their mapping to path-groups.' + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + description: Carrier name. + description: + type: str + description: Additional information about the carrier for documentation + purposes. + path_group: + type: str + description: The path-group to which this carrier belongs. wan_ipsec_profiles: documentation_options: table: wan-settings @@ -4192,14 +4214,6 @@ $defs: qos_profile: type: str description: QOS service profile. - wan_path_group: - type: str - documentation_options: - table: wan-interfaces-settings - description: 'PREVIEW: This key is currently not supported - - - The WAN path-group this interface is connected to.' wan_carrier: type: str documentation_options: @@ -4209,7 +4223,8 @@ $defs: The WAN Carrier this interface is connected to. - This is not rendered in the configuration but used for WAN designs.' + This is used to infer the path-groups in which this interface should be + configured.' wan_circuit_id: type: str documentation_options: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index 295daae9234..1febcb5d7c4 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -52,14 +52,6 @@ $defs: qos_profile: type: str description: QOS service profile. - wan_path_group: - type: str - documentation_options: - table: wan-interfaces-settings - description: |- - PREVIEW: This key is currently not supported - - The WAN path-group this interface is connected to. wan_carrier: type: str documentation_options: @@ -68,7 +60,7 @@ $defs: PREVIEW: This key is currently not supported The WAN Carrier this interface is connected to. - This is not rendered in the configuration but used for WAN designs. + This is used to infer the path-groups in which this interface should be configured. wan_circuit_id: type: str documentation_options: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml new file mode 100644 index 00000000000..3b8c6a62038 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2023 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +# yaml-language-server: $schema=../../../../plugins/plugin_utils/schema/avd_meta_schema.json +# Line above is used by RedHat's YAML Schema vscode extension +# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters. +type: dict +keys: + wan_carriers: + documentation_options: + table: wan-settings + description: |- + PREVIEW: This key is currently not supported + + List of carriers used for the WAN configuration and their mapping to path-groups. + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + description: Carrier name. + description: + type: str + description: Additional information about the carrier for documentation purposes. + path_group: + type: str + description: The path-group to which this carrier belongs. + required: true From 3ef9ebda211a72e5ba7ade1ec71442ee0886113e Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 20 Dec 2023 23:14:27 +0100 Subject: [PATCH 15/31] Feat: Add support for multiple interfaces in same path-group in CV Pathfinder --- .../intended/configs/cv-pathfinder-edge.cfg | 5 +++- .../configs/cv-pathfinder-pathfinder.cfg | 9 ++++++ .../configs/cv-pathfinder-transit.cfg | 7 +++-- .../structured_configs/cv-pathfinder-edge.yml | 4 +++ .../cv-pathfinder-pathfinder.yml | 9 ++++++ .../cv-pathfinder-transit.yml | 6 +++- .../group_vars/CV_PATHFINDER_TESTS.yml | 7 +++++ .../plugin_utils/eos_designs_facts/wan.py | 2 +- .../eos_designs_shared_utils/wan.py | 11 ++++--- .../overlay/router_path_selection.py | 29 +++++++++++-------- 10 files changed, 68 insertions(+), 21 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index f2dd6df2dfe..b403d5fe369 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -23,13 +23,14 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-0 + stun server-profile cv-pathfinder-pathfinder-INET-0 cv-pathfinder-pathfinder-INET-1 ! peer dynamic ! peer static router-ip 192.168.44.1 name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 ! path-group MPLS id 100 ! @@ -167,5 +168,7 @@ stun client server-profile cv-pathfinder-pathfinder-INET-0 ip address 10.7.7.7/31 + server-profile cv-pathfinder-pathfinder-INET-1 + ip address 10.9.9.9/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 9499eb39342..67e141707e6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -24,6 +24,8 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 + ! + local interface Ethernet3 ! path-group MPLS id 100 ! @@ -92,6 +94,12 @@ interface Ethernet2 flow tracker hardware WAN-FLOW-TRACKER ip address 172.16.0.1/31 ! +interface Ethernet3 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 10.9.9.9/31 +! interface Loopback0 description Router_ID no shutdown @@ -157,5 +165,6 @@ stun server local-interface Ethernet1 local-interface Ethernet2 + local-interface Ethernet3 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 69f624e9703..58ed1527f7c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -23,18 +23,19 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-0 + stun server-profile cv-pathfinder-pathfinder-INET-0 cv-pathfinder-pathfinder-INET-1 ! peer dynamic ! peer static router-ip 192.168.44.1 name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 ! path-group MPLS id 100 ! local interface Ethernet2 - stun server-profile cv-pathfinder-pathfinder-MPLS-1 + stun server-profile cv-pathfinder-pathfinder-MPLS-0 ! peer dynamic ! @@ -172,6 +173,8 @@ stun client server-profile cv-pathfinder-pathfinder-INET-0 ip address 10.7.7.7/31 + server-profile cv-pathfinder-pathfinder-INET-1 + ip address 10.9.9.9/31 server-profile cv-pathfinder-pathfinder-MPLS-0 ip address 172.16.0.1/31 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 833873e0d85..81c839d0cfd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -150,6 +150,7 @@ router_path_selection: stun: server_profiles: - cv-pathfinder-pathfinder-INET-0 + - cv-pathfinder-pathfinder-INET-1 dynamic_peers: enabled: true static_peers: @@ -157,6 +158,7 @@ router_path_selection: name: cv-pathfinder-pathfinder ipv4_addresses: - 10.7.7.7 + - 10.9.9.9 ipsec_profile: CP-PROFILE - name: MPLS id: 100 @@ -174,6 +176,8 @@ stun: server_profiles: - name: cv-pathfinder-pathfinder-INET-0 ip_address: 10.7.7.7/31 + - name: cv-pathfinder-pathfinder-INET-1 + ip_address: 10.9.9.9/31 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 0737c272860..c654e26aa47 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -145,6 +145,7 @@ router_path_selection: id: 101 local_interfaces: - name: Ethernet1 + - name: Ethernet3 ipsec_profile: CP-PROFILE - name: MPLS id: 100 @@ -161,6 +162,7 @@ stun: local_interfaces: - Ethernet1 - Ethernet2 + - Ethernet3 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface @@ -176,6 +178,13 @@ ethernet_interfaces: type: routed flow_tracker: hardware: WAN-FLOW-TRACKER +- name: Ethernet3 + peer_type: l3_interface + ip_address: 10.9.9.9/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 2b5a1550dfa..2089c708dcc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -150,6 +150,7 @@ router_path_selection: stun: server_profiles: - cv-pathfinder-pathfinder-INET-0 + - cv-pathfinder-pathfinder-INET-1 dynamic_peers: enabled: true static_peers: @@ -157,6 +158,7 @@ router_path_selection: name: cv-pathfinder-pathfinder ipv4_addresses: - 10.7.7.7 + - 10.9.9.9 ipsec_profile: CP-PROFILE - name: MPLS id: 100 @@ -164,7 +166,7 @@ router_path_selection: - name: Ethernet2 stun: server_profiles: - - cv-pathfinder-pathfinder-MPLS-1 + - cv-pathfinder-pathfinder-MPLS-0 dynamic_peers: enabled: true static_peers: @@ -182,6 +184,8 @@ stun: server_profiles: - name: cv-pathfinder-pathfinder-INET-0 ip_address: 10.7.7.7/31 + - name: cv-pathfinder-pathfinder-INET-1 + ip_address: 10.9.9.9/31 - name: cv-pathfinder-pathfinder-MPLS-0 ip_address: 172.16.0.1/31 ethernet_interfaces: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 9aff138fb7d..f82010d2209 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -96,6 +96,8 @@ wan_carriers: path_group: INET - name: Orange path_group: INET + - name: Another-ISP + path_group: INET - name: Colt path_group: MPLS @@ -132,6 +134,11 @@ l3_edge: wan_carrier: Colt wan_circuit_id: 10000 ip: 172.16.0.1/31 + - node: cv-pathfinder-pathfinder + interface: Ethernet3 + wan_carrier: Another-ISP + wan_circuit_id: 999 + ip: 10.9.9.9/31 - node: cv-pathfinder-pathfinder1 interface: Ethernet1 wan_carrier: Orange diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index c089676ad65..27d2e66fc11 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -40,6 +40,6 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None: } ) else: - pg_dict.append({"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}) + pg_dict["interfaces"].append({"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}) return res diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index 2cfc1d1fbae..c580f114186 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -97,7 +97,9 @@ def wan_local_carriers(self: SharedUtils) -> list: return local_carriers def get_carrier_path_group(self: SharedUtils, carrier: str) -> str: - """ """ + """ + Returns the path_group associated to a carrier name as defined in `wan_carriers`. + """ global_carriers = get(self.hostvars, "wan_carriers", required=True) return get_item( @@ -120,14 +122,15 @@ def wan_local_path_groups(self: SharedUtils) -> list: local_path_groups = [] global_path_groups = get(self.hostvars, "wan_path_groups", required=True) + local_path_groups_names = set(carrier.get("path_group") for carrier in self.wan_local_carriers) - for carrier in self.wan_local_carriers: + for path_group_name in local_path_groups_names: path_group = get_item( global_path_groups, "name", - carrier.get("path_group"), + path_group_name, required=True, - custom_error_msg=f"WAN path_group {carrier.get('path_group')} is not in the available path_groups defined in `wan_path_groups`", + custom_error_msg=f"WAN path_group {path_group_name} defined for a WAN carrier is not in the available path_groups defined in `wan_path_groups`", ) local_path_groups.append(path_group) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index e35bfd92752..c4da0c4c7ff 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -75,7 +75,8 @@ def _get_load_balance_policies(self, path_groups: dict) -> dict | None: """ """ # TODO for now a default load balance policy with all path-groups. load_balance_policies = [] - load_balance_policies.append({"name": "LBPOLICY", "path_groups": [{"name": pg.get("name")} for pg in path_groups]}) + unique_pg = set(pg.get("name") for pg in path_groups) + load_balance_policies.append({"name": "LBPOLICY", "path_groups": [{"name": pg_name} for pg_name in unique_pg]}) return load_balance_policies def _get_policies(self) -> list | None: @@ -130,12 +131,13 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: if self.shared_utils.wan_role == "client": stun_server_profiles = [] for wrr, data in self._wan_route_servers.items(): - for index, path_group in enumerate(get(data, "wan_path_groups", required=True)): + for path_group in get(data, "wan_path_groups", required=True): if path_group.get("name") != path_group_name: continue if not self._should_connect_to_wan_rr([path_group["name"]]): continue - stun_server_profiles.append(self._stun_server_profile_name(wrr, path_group_name, index)) + for index in range(len(get(path_group, "interfaces", required=True))): + stun_server_profiles.append(self._stun_server_profile_name(wrr, path_group_name, index)) if stun_server_profiles: local_interface["stun"] = {"server_profiles": stun_server_profiles} @@ -145,7 +147,9 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: return local_interfaces def _get_dynamic_peers(self) -> dict | None: - """ """ + """ + TODO support ip_local and ipsec ? + """ if self.shared_utils.wan_role != "client": return None return {"enabled": True} @@ -164,17 +168,18 @@ def _get_static_peers(self, path_group_name: str) -> list | None: if not self._should_connect_to_wan_rr([path_group["name"]]): continue + ipv4_addresses = [] + for interface_dict in path_group.get("interfaces", []): - ipv4_addresses = [] if (ip_address := interface_dict.get("ip_address")) is not None: # TODO - removing mask using split but maybe a helper is clearer ipv4_addresses.append(ip_address.split("/")[0]) - static_peers.append( - { - "router_ip": get(data, "router_id", required=True), - "name": wan_route_server, - "ipv4_addresses": ipv4_addresses, - } - ) + static_peers.append( + { + "router_ip": get(data, "router_id", required=True), + "name": wan_route_server, + "ipv4_addresses": ipv4_addresses, + } + ) return static_peers From a43ed7769978dc4abc84f0a6e596db0254ba86af Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 00:15:43 +0100 Subject: [PATCH 16/31] CI: Run pre-commit --- .../avd/roles/eos_designs/docs/tables/wan-settings.md | 4 ++-- .../eos_designs/schemas/eos_designs.jsonschema.json | 9 +++++---- .../avd/roles/eos_designs/schemas/eos_designs.schema.yml | 1 + 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index d1c65507230..16c428ac032 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -10,7 +10,7 @@ | [wan_carriers](## "wan_carriers") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported

List of carriers used for the WAN configuration and their mapping to path-groups. | | [  - name](## "wan_carriers.[].name") | String | Required, Unique | | | Carrier name. | | [    description](## "wan_carriers.[].description") | String | | | | Additional information about the carrier for documentation purposes. | - | [    path_group](## "wan_carriers.[].path_group") | String | | | | The path-group to which this carrier belongs. | + | [    path_group](## "wan_carriers.[].path_group") | String | Required | | | The path-group to which this carrier belongs. | | [wan_ipsec_profiles](## "wan_ipsec_profiles") | Dictionary | | | | PREVIEW: This key is currently not supported

Define IPsec profiles parameters for WAN configuration. | | [  control_plane](## "wan_ipsec_profiles.control_plane") | Dictionary | Required | | | PREVIEW: This key is currently not supported | | [    ike_policy_name](## "wan_ipsec_profiles.control_plane.ike_policy_name") | String | | `CP-IKE-POLICY` | | Name of the IKE policy. | @@ -55,7 +55,7 @@ description: # The path-group to which this carrier belongs. - path_group: + path_group: # PREVIEW: This key is currently not supported diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 2817b7bd599..52a9f169d89 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -30923,13 +30923,14 @@ "title": "Path Group" } }, + "required": [ + "path_group", + "name" + ], "additionalProperties": false, "patternProperties": { "^_.+$": {} - }, - "required": [ - "name" - ] + } }, "title": "Wan Carriers" }, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 7c7d8fdba68..5fbcc4d21df 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3204,6 +3204,7 @@ keys: path_group: type: str description: The path-group to which this carrier belongs. + required: true wan_ipsec_profiles: documentation_options: table: wan-settings From 12ef123c6e6919e6bd4c5495102f56f7778df662 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 10:20:37 +0100 Subject: [PATCH 17/31] Feat: Add support for default route --- .../intended/configs/autovpn-edge.cfg | 1 + .../intended/configs/autovpn-rr1.cfg | 1 + .../intended/configs/autovpn-rr2.cfg | 2 + .../intended/configs/cv-pathfinder-edge.cfg | 1 + .../configs/cv-pathfinder-pathfinder.cfg | 2 + .../configs/cv-pathfinder-transit.cfg | 1 + .../configs/l3_edge_l3_interfaces.cfg | 2 + .../structured_configs/autovpn-edge.yml | 1 + .../structured_configs/autovpn-rr1.yml | 1 + .../structured_configs/autovpn-rr2.yml | 3 + .../structured_configs/cv-pathfinder-edge.yml | 1 + .../cv-pathfinder-pathfinder.yml | 3 + .../cv-pathfinder-transit.yml | 1 + .../l3_edge_l3_interfaces.yml | 3 + .../inventory/group_vars/AUTOVPN_TESTS.yml | 7 ++- .../group_vars/CV_PATHFINDER_TESTS.yml | 4 ++ .../host_vars/l3_edge_l3_interfaces.yml | 12 ++-- .../plugin_utils/eos_designs_facts/wan.py | 21 ++----- .../l3_edge_l3_interfaces.py | 2 +- .../eos_designs_shared_utils/wan.py | 63 ++++++++++--------- .../docs/tables/core-interfaces.md | 32 +++++----- .../roles/eos_designs/docs/tables/l3-edge.md | 32 +++++----- .../avdstructuredconfig.py | 2 + .../static_routes.py | 60 ++++++++++++++++++ .../core_interfaces_and_l3_edge/utils.py | 2 +- .../overlay/router_path_selection.py | 19 ++---- .../python_modules/overlay/utils.py | 2 +- .../schemas/eos_designs.jsonschema.json | 38 ++++++----- .../schemas/eos_designs.schema.yml | 14 +++-- .../schema_fragments/defs_l3_edge.schema.yml | 1 + .../defs_l3_edge_l3_interfaces.schema.yml | 14 +++-- 31 files changed, 225 insertions(+), 123 deletions(-) create mode 100644 ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 318e083ecc7..71df9f79266 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -69,6 +69,7 @@ interface Ethernet1 no shutdown no switchport ip address dhcp + dhcp client accept default-route ! interface Loopback0 description Router_ID diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index e60a1eae9c4..425ee9311d6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -56,6 +56,7 @@ interface Ethernet1 no shutdown no switchport ip address dhcp + dhcp client accept default-route ! interface Loopback0 description Router_ID diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index c843c71e3dc..9d2da234d85 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -71,6 +71,8 @@ interface Vxlan1 ip routing no ip routing vrf MGMT ! +ip route 0.0.0.0/0 10.8.8.9 +! router bfd multihop interval 300 min-rx 300 multiplier 3 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index b403d5fe369..300fcfb9ac4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -100,6 +100,7 @@ interface Ethernet1 no switchport flow tracker hardware WAN-FLOW-TRACKER ip address dhcp + dhcp client accept default-route ! interface Ethernet2 no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 67e141707e6..1c410b244dc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -114,6 +114,8 @@ interface Vxlan1 ip routing no ip routing vrf MGMT ! +ip route 0.0.0.0/0 10.7.7.6 +! router bfd multihop interval 300 min-rx 300 multiplier 3 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 58ed1527f7c..c8b969e1cc4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -105,6 +105,7 @@ interface Ethernet1 no switchport flow tracker hardware WAN-FLOW-TRACKER ip address dhcp + dhcp client accept default-route ! interface Ethernet2 no shutdown diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/l3_edge_l3_interfaces.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/l3_edge_l3_interfaces.cfg index 14cd6198e71..4988ce94ae0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/l3_edge_l3_interfaces.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/l3_edge_l3_interfaces.cfg @@ -54,6 +54,8 @@ no ip routing vrf MGMT ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 1.2.3.4/24 eq 32 ! +ip route 0.0.0.0/0 192.168.1.3 +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index 2f3d13e53ea..d6828027222 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -137,6 +137,7 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + dhcp_client_accept_default_route: true dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index c1ce6085b0b..3648c5dd39b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -135,6 +135,7 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + dhcp_client_accept_default_route: true dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index d9b6acaff16..7304d27f81d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -135,6 +135,9 @@ ethernet_interfaces: ip_address: 10.8.8.8/31 shutdown: false type: routed +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.8.8.9 dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 81c839d0cfd..a89a4f52e05 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -184,6 +184,7 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + dhcp_client_accept_default_route: true flow_tracker: hardware: WAN-FLOW-TRACKER - name: Ethernet2 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index c654e26aa47..f529577fe8b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -185,6 +185,9 @@ ethernet_interfaces: type: routed flow_tracker: hardware: WAN-FLOW-TRACKER +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.7.7.6 dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 2089c708dcc..50e3d842d5e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -194,6 +194,7 @@ ethernet_interfaces: ip_address: dhcp shutdown: false type: routed + dhcp_client_accept_default_route: true flow_tracker: hardware: WAN-FLOW-TRACKER - name: Ethernet2 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_l3_interfaces.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_l3_interfaces.yml index 84e26c60d4a..9bf5c1114eb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_l3_interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_l3_interfaces.yml @@ -92,3 +92,6 @@ ethernet_interfaces: ip_address: 192.168.42.42/24 shutdown: true type: routed +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index 59ad3d18494..f94ecab26af 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -11,7 +11,7 @@ bgp_peer_groups: - 192.168.30.0/24 wan_route_servers: - # Testing having the interface configured with DHPC + # Testing having the interface configured with DHCP - hostname: autovpn-rr1 path_groups: - name: INET @@ -73,14 +73,17 @@ l3_edge: wan_carrier: Comcast wan_circuit_id: 666 ip: dhcp + set_default_route: true - node: autovpn-rr1 interface: Ethernet1 wan_carrier: ATT wan_circuit_id: 777 ip: dhcp - # ip: 10.7.7.7/31 + set_default_route: true - node: autovpn-rr2 interface: Ethernet1 wan_carrier: ATT wan_circuit_id: 888 ip: 10.8.8.8/31 + set_default_route: true + peer_ip: 10.8.8.9/31 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index f82010d2209..89c854fb6d8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -107,6 +107,7 @@ l3_edge: interface: Ethernet1 wan_carrier: ATT wan_circuit_id: 666 + set_default_route: true ip: dhcp - node: cv-pathfinder-edge interface: Ethernet2 @@ -118,6 +119,7 @@ l3_edge: interface: Ethernet1 wan_carrier: Comcast wan_circuit_id: 667 + set_default_route: true ip: dhcp - node: cv-pathfinder-transit interface: Ethernet2 @@ -128,7 +130,9 @@ l3_edge: interface: Ethernet1 wan_carrier: Bouygues Telecom wan_circuit_id: 777 + set_default_route: true ip: 10.7.7.7/31 + peer_ip: 10.7.7.6/31 - node: cv-pathfinder-pathfinder interface: Ethernet2 wan_carrier: Colt diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml index 0d9d69d9b28..ca2e01e3691 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml @@ -21,26 +21,28 @@ l3_edge: l3_interfaces: # Settings set via profile - node: l3_edge_l3_interfaces - peer: peer1 - peer_interface: eth1 interface: Ethernet1 ip: 192.168.1.2/31 + set_default_route: true + peer: peer1 + peer_interface: eth1 + peer_ip: 192.168.1.3/31 profile: profile1 # DHCP default route - node: l3_edge_l3_interfaces peer: peer2 interface: Ethernet2/2 ip: dhcp - dhcp_client_accept_default_route: True + set_default_route: true # custom descriptipon - node: l3_edge_l3_interfaces peer: peer3 interface: Ethernet42 - enabled: False + enabled: false description: This is a custom description ip: dhcp # empty description - node: l3_edge_l3_interfaces interface: Ethernet43 - enabled: False + enabled: false ip: 192.168.42.42/24 diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index 27d2e66fc11..58b6e90be0e 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -6,8 +6,6 @@ from functools import cached_property from typing import TYPE_CHECKING -from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item - if TYPE_CHECKING: from .eos_designs_facts import EosDesignsFacts @@ -22,24 +20,13 @@ class WanMixin: @cached_property def wan_path_groups(self: EosDesignsFacts) -> list | None: """ + TODO: Also add the path_groups importing any of our connected path groups. + Need to find out if we need to resolve recursive imports. + Return the list of WAN path_groups directly connected to this router, with a list of dictionaries containing the (interface, ip_address) in the path_group. """ if not self.shared_utils.wan_mode: return None - res = [] - for interface in self.shared_utils.wan_interfaces: - carrier = get(interface, "wan_carrier", required=True) - pg_name = self.shared_utils.get_carrier_path_group(carrier) - if (pg_dict := get_item(res, "name", pg_name)) is None: - res.append( - { - "name": pg_name, - "interfaces": [{"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}], - } - ) - else: - pg_dict["interfaces"].append({"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)}) - - return res + return self.shared_utils.wan_local_path_groups diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py index 793640aa98b..3cc0f3357a9 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py @@ -50,4 +50,4 @@ def filtered_l3_interfaces(self: SharedUtils) -> list: l3_interfaces = [self._apply_profile(l3_interface) for l3_interface in l3_interfaces] # Filter to only include l3_interfaces with our hostname as node - return [l3_interface for l3_interface in l3_interfaces if self.hostname == get(l3_interface, "node", required=True)] + return [l3_interface for l3_interface in l3_interfaces if self.hostname == get(l3_interface, "node")] diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index c580f114186..f1397709cc7 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -65,9 +65,7 @@ def wan_interfaces(self: SharedUtils) -> list: wan_interfaces = [] for interface in self.filtered_l3_interfaces: - # Potentially needs to resolve profile if get(interface, "wan_carrier") is not None: - # TODO - may need to validate the path_group here wan_interfaces.append(interface) return wan_interfaces @@ -75,13 +73,15 @@ def wan_interfaces(self: SharedUtils) -> list: @cached_property def wan_local_carriers(self: SharedUtils) -> list: """ - List of carriers present on this router based on the wan_interfaces - - TODO maybe a list of name is enough + List of carriers present on this router based on the wan_interfaces with the associated WAN interfaces + interfaces: + - name: ... + ip: ... """ - if self.wan_mode is None: + if not self.wan_role: return [] - local_carriers = [] + + local_carriers_dict = {} global_carriers = get(self.hostvars, "wan_carriers", required=True) for interface in self.wan_interfaces: iface_carrier = interface.get("wan_carrier") @@ -92,17 +92,21 @@ def wan_local_carriers(self: SharedUtils) -> list: required=True, custom_error_msg=f"WAN carrier {iface_carrier} is not in the available carriers defined in `wan_carriers`", ) - local_carriers.append(carrier) - return local_carriers + local_carriers_dict.setdefault(carrier["name"], carrier | {"interfaces": []})["interfaces"].append( + {"name": get(interface, "interface", required=True), "ip_address": get(interface, "ip", required=True)} + ) + + return list(local_carriers_dict.values()) - def get_carrier_path_group(self: SharedUtils, carrier: str) -> str: + def get_carrier_path_group(self: SharedUtils, carrier: str) -> dict: """ - Returns the path_group associated to a carrier name as defined in `wan_carriers`. + Returns the path_group dict from `wan_path_groups` associated to a carrier name as defined in `wan_carriers`. """ global_carriers = get(self.hostvars, "wan_carriers", required=True) + global_path_groups = get(self.hostvars, "wan_path_groups", required=True) - return get_item( + path_group_name = get_item( global_carriers, "name", carrier, @@ -110,28 +114,29 @@ def get_carrier_path_group(self: SharedUtils, carrier: str) -> str: custom_error_msg=f"WAN carrier {carrier} is not in the available carriers defined in `wan_carriers`", )["path_group"] + return get_item( + global_path_groups, + "name", + path_group_name, + required=True, + custom_error_msg=f"WAN path_group {path_group_name} defined for a WAN carrier is not in the available path_groups defined in `wan_path_groups`", + ) + @cached_property def wan_local_path_groups(self: SharedUtils) -> list: """ - List of path_groups present on this router based on the local carriers - - TODO maybe a list of name is enough + List of path_groups present on this router based on the local carriers. + Also add for each path_groups the local interfaces in a data structure + interfaces: + - name: ... + ip: ... """ if self.wan_mode is None: return [] - local_path_groups = [] - global_path_groups = get(self.hostvars, "wan_path_groups", required=True) - local_path_groups_names = set(carrier.get("path_group") for carrier in self.wan_local_carriers) - - for path_group_name in local_path_groups_names: - path_group = get_item( - global_path_groups, - "name", - path_group_name, - required=True, - custom_error_msg=f"WAN path_group {path_group_name} defined for a WAN carrier is not in the available path_groups defined in `wan_path_groups`", - ) - local_path_groups.append(path_group) + local_path_groups_dict = {} + for carrier in self.wan_local_carriers: + path_group = self.get_carrier_path_group(carrier["name"]) + local_path_groups_dict.setdefault(path_group["name"], path_group | {"interfaces": []})["interfaces"].extend(carrier.get("interfaces", [])) - return local_path_groups + return list(local_path_groups_dict.values()) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md index 4515f8cb8a3..1f87892eb73 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md @@ -97,27 +97,27 @@ | [      interface](## "core_interfaces.l3_interfaces_profiles.[].interface") | String | | | Pattern: Ethernet[\d/]+ | Ethernet interface name like 'Ethernet2'. | | [      description](## "core_interfaces.l3_interfaces_profiles.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]' | | [      ip](## "core_interfaces.l3_interfaces_profiles.[].ip") | String | | | | Node IPv4 address/Mask or 'dhcp'. | - | [      dhcp_client_accept_default_route](## "core_interfaces.l3_interfaces_profiles.[].dhcp_client_accept_default_route") | Boolean | | `False` | | Supported if `ip` is `dhcp`.
Accepts default route from DHCP. | + | [      set_default_route](## "core_interfaces.l3_interfaces_profiles.[].set_default_route") | Boolean | | `False` | | Insert a default route to the `peer_ip` if `ip` is an ip address
or configure to accept a default route from DHCP if `ip` is `dhcp`.

AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. | | [      enabled](## "core_interfaces.l3_interfaces_profiles.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | | [      speed](## "core_interfaces.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP. Used for description and documentation | + | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | | [  l3_interfaces](## "core_interfaces.l3_interfaces") | List, items: Dictionary | | | | | - | [    - node](## "core_interfaces.l3_interfaces.[].node") | String | | | | Device on which the interface should be configured. | + | [    - node](## "core_interfaces.l3_interfaces.[].node") | String | Required | | | Device on which the interface should be configured. | | [      profile](## "core_interfaces.l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under l3_interfaces_profiles. | | [      interface](## "core_interfaces.l3_interfaces.[].interface") | String | | | Pattern: Ethernet[\d/]+ | Ethernet interface name like 'Ethernet2'. | | [      description](## "core_interfaces.l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]' | | [      ip](## "core_interfaces.l3_interfaces.[].ip") | String | | | | Node IPv4 address/Mask or 'dhcp'. | - | [      dhcp_client_accept_default_route](## "core_interfaces.l3_interfaces.[].dhcp_client_accept_default_route") | Boolean | | `False` | | Supported if `ip` is `dhcp`.
Accepts default route from DHCP. | + | [      set_default_route](## "core_interfaces.l3_interfaces.[].set_default_route") | Boolean | | `False` | | Insert a default route to the `peer_ip` if `ip` is an ip address
or configure to accept a default route from DHCP if `ip` is `dhcp`.

AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. | | [      enabled](## "core_interfaces.l3_interfaces.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | | [      speed](## "core_interfaces.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IP. Used for description and documentation | + | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -361,9 +361,11 @@ # Node IPv4 address/Mask or 'dhcp'. ip: - # Supported if `ip` is `dhcp`. - # Accepts default route from DHCP. - dhcp_client_accept_default_route: + # Insert a default route to the `peer_ip` if `ip` is an ip address + # or configure to accept a default route from DHCP if `ip` is `dhcp`. + + # AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. + set_default_route: # Enable or Shutdown the interface. enabled: @@ -377,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP. Used for description and documentation + # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -391,7 +393,7 @@ l3_interfaces: # Device on which the interface should be configured. - - node: + - node: # L3 interface profile name. Profile defined under l3_interfaces_profiles. profile: @@ -406,9 +408,11 @@ # Node IPv4 address/Mask or 'dhcp'. ip: - # Supported if `ip` is `dhcp`. - # Accepts default route from DHCP. - dhcp_client_accept_default_route: + # Insert a default route to the `peer_ip` if `ip` is an ip address + # or configure to accept a default route from DHCP if `ip` is `dhcp`. + + # AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. + set_default_route: # Enable or Shutdown the interface. enabled: @@ -422,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP. Used for description and documentation + # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md index 817c05b32e5..41863bceb12 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md @@ -97,27 +97,27 @@ | [      interface](## "l3_edge.l3_interfaces_profiles.[].interface") | String | | | Pattern: Ethernet[\d/]+ | Ethernet interface name like 'Ethernet2'. | | [      description](## "l3_edge.l3_interfaces_profiles.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]' | | [      ip](## "l3_edge.l3_interfaces_profiles.[].ip") | String | | | | Node IPv4 address/Mask or 'dhcp'. | - | [      dhcp_client_accept_default_route](## "l3_edge.l3_interfaces_profiles.[].dhcp_client_accept_default_route") | Boolean | | `False` | | Supported if `ip` is `dhcp`.
Accepts default route from DHCP. | + | [      set_default_route](## "l3_edge.l3_interfaces_profiles.[].set_default_route") | Boolean | | `False` | | Insert a default route to the `peer_ip` if `ip` is an ip address
or configure to accept a default route from DHCP if `ip` is `dhcp`.

AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. | | [      enabled](## "l3_edge.l3_interfaces_profiles.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | | [      speed](## "l3_edge.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP. Used for description and documentation | + | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | | [  l3_interfaces](## "l3_edge.l3_interfaces") | List, items: Dictionary | | | | | - | [    - node](## "l3_edge.l3_interfaces.[].node") | String | | | | Device on which the interface should be configured. | + | [    - node](## "l3_edge.l3_interfaces.[].node") | String | Required | | | Device on which the interface should be configured. | | [      profile](## "l3_edge.l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under l3_interfaces_profiles. | | [      interface](## "l3_edge.l3_interfaces.[].interface") | String | | | Pattern: Ethernet[\d/]+ | Ethernet interface name like 'Ethernet2'. | | [      description](## "l3_edge.l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]' | | [      ip](## "l3_edge.l3_interfaces.[].ip") | String | | | | Node IPv4 address/Mask or 'dhcp'. | - | [      dhcp_client_accept_default_route](## "l3_edge.l3_interfaces.[].dhcp_client_accept_default_route") | Boolean | | `False` | | Supported if `ip` is `dhcp`.
Accepts default route from DHCP. | + | [      set_default_route](## "l3_edge.l3_interfaces.[].set_default_route") | Boolean | | `False` | | Insert a default route to the `peer_ip` if `ip` is an ip address
or configure to accept a default route from DHCP if `ip` is `dhcp`.

AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. | | [      enabled](## "l3_edge.l3_interfaces.[].enabled") | Boolean | | `True` | | Enable or Shutdown the interface. | | [      speed](## "l3_edge.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IP. Used for description and documentation | + | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -361,9 +361,11 @@ # Node IPv4 address/Mask or 'dhcp'. ip: - # Supported if `ip` is `dhcp`. - # Accepts default route from DHCP. - dhcp_client_accept_default_route: + # Insert a default route to the `peer_ip` if `ip` is an ip address + # or configure to accept a default route from DHCP if `ip` is `dhcp`. + + # AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. + set_default_route: # Enable or Shutdown the interface. enabled: @@ -377,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP. Used for description and documentation + # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -391,7 +393,7 @@ l3_interfaces: # Device on which the interface should be configured. - - node: + - node: # L3 interface profile name. Profile defined under l3_interfaces_profiles. profile: @@ -406,9 +408,11 @@ # Node IPv4 address/Mask or 'dhcp'. ip: - # Supported if `ip` is `dhcp`. - # Accepts default route from DHCP. - dhcp_client_accept_default_route: + # Insert a default route to the `peer_ip` if `ip` is an ip address + # or configure to accept a default route from DHCP if `ip` is `dhcp`. + + # AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. + set_default_route: # Enable or Shutdown the interface. enabled: @@ -422,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP. Used for description and documentation + # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/avdstructuredconfig.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/avdstructuredconfig.py index 2f44bcb615c..3dd98107e84 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/avdstructuredconfig.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/avdstructuredconfig.py @@ -7,6 +7,7 @@ from .port_channel_interfaces import PortChannelInterfacesMixin from .router_bgp import RouterBgpMixin from .router_ospf import RouterOspfMixin +from .static_routes import StaticRoutesMixin DATA_MODELS = ["core_interfaces", "l3_edge"] @@ -17,6 +18,7 @@ class AvdStructuredConfigCoreInterfacesAndL3Edge( PortChannelInterfacesMixin, RouterBgpMixin, RouterOspfMixin, + StaticRoutesMixin, ): """ The AvdStructuredConfig Class is imported by "get_structured_config" to render parts of the structured config. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py new file mode 100644 index 00000000000..75eb93d7914 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py @@ -0,0 +1,60 @@ +# Copyright (c) 2023 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +from __future__ import annotations + +from functools import cached_property + +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get + +from .utils import UtilsMixin + + +class StaticRoutesMixin(UtilsMixin): + """ + Mixin Class used to generate structured config for one key. + Class should only be used as Mixin to a AvdStructuredConfig class + """ + + @cached_property + def static_routes(self) -> list[dict] | None: + """ + Returns structured config for static_routes + + Consist of + - default route injected for l3_edge.l3interfaces when `set_default_route` is True + note that only VRF default is supported today. + """ + + static_routes = [] + + for l3_interface in self._filtered_l3_interfaces: + ip_address = get(l3_interface, "ip", required=True) + + # 'dhcp' is handled at the interface level + if ip_address == "dhcp": + continue + + if not l3_interface.get("set_default_route", False): + # No route to inject + continue + + gateway = get( + l3_interface, + "peer_ip", + required=True, + org_key=f"Cannot set a default route for interface {l3_interface['interface']} because 'peer_ip' is missing", + ).split("/")[0] + + static_route = { + "destination_address_prefix": "0.0.0.0/0", + "gateway": gateway, + } + + if static_route not in static_routes: + static_routes.append(static_route) + + if static_routes: + return static_routes + + return None diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py index 75c80e62302..b28615723df 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/utils.py @@ -398,7 +398,7 @@ def _get_l3_interface_cfg(self, l3_interface: dict) -> dict | None: "struct_cfg": l3_interface.get("structured_config"), } - if ip_address == "dhcp" and l3_interface.get("dhcp_client_accept_default_route", False): + if ip_address == "dhcp" and l3_interface.get("set_default_route", False): interface["dhcp_client_accept_default_route"] = True if self.shared_utils.cv_pathfinder_role: diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index c4da0c4c7ff..a8516d13748 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -6,7 +6,7 @@ from functools import cached_property from ansible_collections.arista.avd.plugins.plugin_utils.strip_empties import strip_empties_from_dict -from ansible_collections.arista.avd.plugins.plugin_utils.utils import get +from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item from .utils import UtilsMixin @@ -121,21 +121,14 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: For AUTOVPN clients, configure the stun server profiles as appropriate """ local_interfaces = [] - for wan_interface in self.shared_utils.wan_interfaces: - # Skipping interface not in the target path_group - if self.shared_utils.get_carrier_path_group(wan_interface.get("wan_carrier")) != path_group_name: - continue + path_group = get_item(self.shared_utils.wan_local_path_groups, "name", path_group_name, default={}) + for interface in path_group.get("interfaces", []): + local_interface = {"name": get(interface, "name", required=True)} - local_interface = {"name": get(wan_interface, "interface", required=True)} - - if self.shared_utils.wan_role == "client": + if self.shared_utils.wan_role == "client" and self._should_connect_to_wan_rr([path_group_name]): stun_server_profiles = [] for wrr, data in self._wan_route_servers.items(): - for path_group in get(data, "wan_path_groups", required=True): - if path_group.get("name") != path_group_name: - continue - if not self._should_connect_to_wan_rr([path_group["name"]]): - continue + if (path_group := get_item(data["wan_path_groups"], "name", path_group_name)) is not None: for index in range(len(get(path_group, "interfaces", required=True))): stun_server_profiles.append(self._stun_server_profile_name(wrr, path_group_name, index)) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 4ad0ce9616a..5dc25a592d2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -431,7 +431,7 @@ def _should_connect_to_wan_rr(self, path_groups: list) -> bool: `cv_pathfinder_connected_to_pathfinder` is not False. """ return any( - self.shared_utils.get_carrier_path_group(wan_interface["wan_carrier"]) in path_groups + self.shared_utils.get_carrier_path_group(wan_interface["wan_carrier"])["name"] in path_groups and get( wan_interface, "cv_pathfinder_connected_to_pathfinder", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 52a9f169d89..29ba4c4619a 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3232,11 +3232,11 @@ "description": "Node IPv4 address/Mask or 'dhcp'.", "title": "IP" }, - "dhcp_client_accept_default_route": { + "set_default_route": { "type": "boolean", "default": false, - "description": "Supported if `ip` is `dhcp`.\nAccepts default route from DHCP.", - "title": "DHCP Client Accept Default Route" + "description": "Insert a default route to the `peer_ip` if `ip` is an ip address\nor configure to accept a default route from DHCP if `ip` is `dhcp`.\n\nAVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing.", + "title": "Set Default Route" }, "enabled": { "type": "boolean", @@ -3261,7 +3261,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP. Used for description and documentation", + "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -5909,11 +5909,11 @@ "description": "Node IPv4 address/Mask or 'dhcp'.", "title": "IP" }, - "dhcp_client_accept_default_route": { + "set_default_route": { "type": "boolean", "default": false, - "description": "Supported if `ip` is `dhcp`.\nAccepts default route from DHCP.", - "title": "DHCP Client Accept Default Route" + "description": "Insert a default route to the `peer_ip` if `ip` is an ip address\nor configure to accept a default route from DHCP if `ip` is `dhcp`.\n\nAVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing.", + "title": "Set Default Route" }, "enabled": { "type": "boolean", @@ -5938,7 +5938,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP. Used for description and documentation", + "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -8545,6 +8545,9 @@ "title": "Structured Config" } }, + "required": [ + "node" + ], "additionalProperties": false, "patternProperties": { "^_.+$": {} @@ -9979,11 +9982,11 @@ "description": "Node IPv4 address/Mask or 'dhcp'.", "title": "IP" }, - "dhcp_client_accept_default_route": { + "set_default_route": { "type": "boolean", "default": false, - "description": "Supported if `ip` is `dhcp`.\nAccepts default route from DHCP.", - "title": "DHCP Client Accept Default Route" + "description": "Insert a default route to the `peer_ip` if `ip` is an ip address\nor configure to accept a default route from DHCP if `ip` is `dhcp`.\n\nAVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing.", + "title": "Set Default Route" }, "enabled": { "type": "boolean", @@ -10008,7 +10011,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP. Used for description and documentation", + "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -12656,11 +12659,11 @@ "description": "Node IPv4 address/Mask or 'dhcp'.", "title": "IP" }, - "dhcp_client_accept_default_route": { + "set_default_route": { "type": "boolean", "default": false, - "description": "Supported if `ip` is `dhcp`.\nAccepts default route from DHCP.", - "title": "DHCP Client Accept Default Route" + "description": "Insert a default route to the `peer_ip` if `ip` is an ip address\nor configure to accept a default route from DHCP if `ip` is `dhcp`.\n\nAVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing.", + "title": "Set Default Route" }, "enabled": { "type": "boolean", @@ -12685,7 +12688,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP. Used for description and documentation", + "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -15292,6 +15295,9 @@ "title": "Structured Config" } }, + "required": [ + "node" + ], "additionalProperties": false, "patternProperties": { "^_.+$": {} diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 5fbcc4d21df..ad8b5e83f4b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -4169,6 +4169,7 @@ $defs: node: type: str description: Device on which the interface should be configured. + required: true profile: type: str description: L3 interface profile name. Profile defined under l3_interfaces_profiles. @@ -4189,12 +4190,16 @@ $defs: ip: type: str description: Node IPv4 address/Mask or 'dhcp'. - dhcp_client_accept_default_route: + set_default_route: type: bool default: false - description: 'Supported if `ip` is `dhcp`. + description: 'Insert a default route to the `peer_ip` if `ip` is an ip address + + or configure to accept a default route from DHCP if `ip` is `dhcp`. + - Accepts default route from DHCP.' + AVD will error out if set to true, `ip` is an ip address and `peer_ip` + is missing.' enabled: type: bool default: true @@ -4211,7 +4216,8 @@ $defs: description: The peer device interface. Used for description and documentation peer_ip: type: str - description: The peer device IP. Used for description and documentation + description: The peer device IP/Mask. Used as default route gateway is `set_default_route` + is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge.schema.yml index ceffe9d8ebe..8c77495a400 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge.schema.yml @@ -77,6 +77,7 @@ $defs: node: type: str description: Device on which the interface should be configured. + required: true profile: type: str description: L3 interface profile name. Profile defined under l3_interfaces_profiles. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index 1febcb5d7c4..c35999ed14f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -23,15 +23,17 @@ $defs: ip: type: str description: Node IPv4 address/Mask or 'dhcp'. - dhcp_client_accept_default_route: + set_default_route: type: bool - default: False + default: false description: |- - Supported if `ip` is `dhcp`. - Accepts default route from DHCP. + Insert a default route to the `peer_ip` if `ip` is an ip address + or configure to accept a default route from DHCP if `ip` is `dhcp`. + + AVD will error out if set to true, `ip` is an ip address and `peer_ip` is missing. enabled: type: bool - default: True + default: true description: Enable or Shutdown the interface. speed: type: str @@ -48,7 +50,7 @@ $defs: peer_ip: type: str description: |- - The peer device IP. Used for description and documentation + The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. From fcfb56a8a87f13acd181e5f9b01573096d22fdc8 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 14:19:34 +0100 Subject: [PATCH 18/31] Feat: Add stun static peers for the wan_route_servers --- .../intended/configs/autovpn-rr1.cfg | 4 ++ .../intended/configs/autovpn-rr2.cfg | 4 ++ .../configs/cv-pathfinder-pathfinder1.cfg | 8 +++ .../configs/cv-pathfinder-pathfinder2.cfg | 24 ++++++++ .../structured_configs/autovpn-rr1.yml | 5 ++ .../structured_configs/autovpn-rr2.yml | 5 ++ .../structured_configs/cv-pathfinder-edge.yml | 2 +- .../cv-pathfinder-pathfinder.yml | 2 +- .../cv-pathfinder-pathfinder1.yml | 9 +++ .../cv-pathfinder-pathfinder2.yml | 27 ++++++++ .../cv-pathfinder-transit.yml | 2 +- .../CV_PATHFINDER_MULTI_RR_TESTS.yml | 6 ++ .../group_vars/CV_PATHFINDER_TESTS.yml | 7 +++ .../eos_designs/docs/tables/wan-carriers.md | 31 ++++++++++ .../docs/tables/wan-path-groups.md | 48 +++++++++++++++ .../eos_designs/docs/tables/wan-settings.md | 61 ++----------------- .../avd/roles/eos_designs/docs/wan-preview.md | 16 ++++- .../overlay/router_path_selection.py | 17 ++++-- .../schemas/eos_designs.jsonschema.json | 5 ++ .../schemas/eos_designs.schema.yml | 7 +-- .../schema_fragments/wan_carriers.schema.yml | 2 - .../wan_path_groups.schema.yml | 2 - .../wan_route_servers.schema.yml | 3 + 23 files changed, 221 insertions(+), 76 deletions(-) create mode 100644 ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md create mode 100644 ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index 425ee9311d6..8c9e00d6f6a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -15,6 +15,10 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 + ! + peer static router-ip 192.168.31.2 + name autovpn-rr2 + ipv4 address 10.8.8.8 ! load-balance policy LBPOLICY path-group INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index 9d2da234d85..e2301ad2e30 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -15,6 +15,10 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 + ! + peer static router-ip 192.168.31.1 + name autovpn-rr1 + ipv4 address 10.7.7.7 ! load-balance policy LBPOLICY path-group INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 95809940237..ffb079aca6d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -24,6 +24,14 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 + ! + peer static router-ip 6.6.6.6 + name cv-pathfinder-pathfinder3 + ipv4 address 10.50.50.50 + ! + peer static router-ip 192.168.44.3 + name cv-pathfinder-pathfinder2 + ipv4 address 10.9.9.9 ! load-balance policy LBPOLICY path-group INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index 450c0c94e51..c90f173b54b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -24,9 +24,26 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 + ! + peer static router-ip 6.6.6.6 + name cv-pathfinder-pathfinder3 + ipv4 address 10.50.50.50 + ! + peer static router-ip 192.168.44.2 + name cv-pathfinder-pathfinder1 + ipv4 address 10.8.8.8 + ! + path-group MPLS id 100 + ! + local interface Ethernet2 + ! + peer static router-ip 6.6.6.6 + name cv-pathfinder-pathfinder3 + ipv4 address 172.17.17.17 ! load-balance policy LBPOLICY path-group INET + path-group MPLS ! router adaptive-virtual-topology topology role pathfinder @@ -81,6 +98,12 @@ interface Ethernet1 flow tracker hardware WAN-FLOW-TRACKER ip address 10.9.9.9/31 ! +interface Ethernet2 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.19.9.9/31 +! interface Loopback0 description Router_ID no shutdown @@ -160,5 +183,6 @@ management api http-commands stun server local-interface Ethernet1 + local-interface Ethernet2 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index 3648c5dd39b..697488a8261 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -112,6 +112,11 @@ router_path_selection: id: 101 local_interfaces: - name: Ethernet1 + static_peers: + - router_ip: 192.168.31.2 + name: autovpn-rr2 + ipv4_addresses: + - 10.8.8.8 ipsec_profile: AUTOVPN load_balance_policies: - name: LBPOLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index 7304d27f81d..3a76de8ae87 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -112,6 +112,11 @@ router_path_selection: id: 101 local_interfaces: - name: Ethernet1 + static_peers: + - router_ip: 192.168.31.1 + name: autovpn-rr1 + ipv4_addresses: + - 10.7.7.7 ipsec_profile: AUTOVPN load_balance_policies: - name: LBPOLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index a89a4f52e05..df638d82300 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -169,8 +169,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: INET - name: MPLS + - name: INET stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index f529577fe8b..5a1e63c51c1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -154,8 +154,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: INET - name: MPLS + - name: INET peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index bcdafc3bc05..ce3c0baaf05 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -171,6 +171,15 @@ router_path_selection: id: 101 local_interfaces: - name: Ethernet1 + static_peers: + - router_ip: 192.168.44.3 + name: cv-pathfinder-pathfinder2 + ipv4_addresses: + - 10.9.9.9 + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 10.50.50.50 ipsec_profile: CP-PROFILE load_balance_policies: - name: LBPOLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 04945936ddd..5ba91a730c6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -171,16 +171,36 @@ router_path_selection: id: 101 local_interfaces: - name: Ethernet1 + static_peers: + - router_ip: 192.168.44.2 + name: cv-pathfinder-pathfinder1 + ipv4_addresses: + - 10.8.8.8 + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 10.50.50.50 ipsec_profile: CP-PROFILE + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + static_peers: + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 172.17.17.17 load_balance_policies: - name: LBPOLICY path_groups: + - name: MPLS - name: INET peer_dynamic_source: stun stun: server: local_interfaces: - Ethernet1 + - Ethernet2 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface @@ -189,6 +209,13 @@ ethernet_interfaces: type: routed flow_tracker: hardware: WAN-FLOW-TRACKER +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.19.9.9/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER dps_interfaces: - name: Dps1 description: DPS Interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 50e3d842d5e..19a0c19307e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -177,8 +177,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: INET - name: MPLS + - name: INET stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_MULTI_RR_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_MULTI_RR_TESTS.yml index a75f5f40b95..3a53c57f332 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_MULTI_RR_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_MULTI_RR_TESTS.yml @@ -10,4 +10,10 @@ wan_route_servers: router_id: 6.6.6.6 path_groups: - name: MPLS + interfaces: + - name: Ethernet1 + ip_address: 172.17.17.17/31 - name: INET + interfaces: + - name: Ethernet2 + ip_address: 10.50.50.50/31 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 89c854fb6d8..7eab8084f86 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -100,6 +100,8 @@ wan_carriers: path_group: INET - name: Colt path_group: MPLS + - name: ATT-MPLS + path_group: MPLS l3_edge: l3_interfaces: @@ -153,3 +155,8 @@ l3_edge: wan_carrier: SFR wan_circuit_id: 999 ip: 10.9.9.9/31 + - node: cv-pathfinder-pathfinder2 + interface: Ethernet2 + wan_carrier: ATT-MPLS + wan_circuit_id: 10999 + ip: 172.19.9.9/31 diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md new file mode 100644 index 00000000000..0fa28516427 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md @@ -0,0 +1,31 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [wan_carriers](## "wan_carriers") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported

List of carriers used for the WAN configuration and their mapping to path-groups. | + | [  - name](## "wan_carriers.[].name") | String | Required, Unique | | | Carrier name. | + | [    description](## "wan_carriers.[].description") | String | | | | Additional information about the carrier for documentation purposes. | + | [    path_group](## "wan_carriers.[].path_group") | String | Required | | | The path-group to which this carrier belongs. | + +=== "YAML" + + ```yaml + # PREVIEW: This key is currently not supported + + # List of carriers used for the WAN configuration and their mapping to path-groups. + wan_carriers: + + # Carrier name. + - name: + + # Additional information about the carrier for documentation purposes. + description: + + # The path-group to which this carrier belongs. + path_group: + ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md new file mode 100644 index 00000000000..467f6cabcee --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md @@ -0,0 +1,48 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [wan_path_groups](## "wan_path_groups") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported
List of path-groups used for the WAN configuration. | + | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | + | [    id](## "wan_path_groups.[].id") | Integer | Required | | | Path-group id.

TODO: Required until an auto ID algorithm is implemented. | + | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | + | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the path_group (default is True). | + | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | + | [      - remote](## "wan_path_groups.[].import_path_groups.[].remote") | String | | | | Remote path-group to import. | + | [        local](## "wan_path_groups.[].import_path_groups.[].local") | String | | | | Optional, if not set, the path-group `name` is used as local. | + +=== "YAML" + + ```yaml + # PREVIEW: This key is currently not supported + # List of path-groups used for the WAN configuration. + wan_path_groups: + + # Path-group name. + - name: + + # Path-group id. + + # TODO: Required until an auto ID algorithm is implemented. + id: + + # Additional information about the path-group for documentation purposes. + description: + + # Flag to configure IPsec on the path_group (default is True). + ipsec: + + # List of [ath-groups to import in this path-group. + import_path_groups: + + # Remote path-group to import. + - remote: + + # Optional, if not set, the path-group `name` is used as local. + local: + ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 16c428ac032..1e6a95e1b83 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -7,10 +7,6 @@ | Variable | Type | Required | Default | Value Restrictions | Description | | -------- | ---- | -------- | ------- | ------------------ | ----------- | - | [wan_carriers](## "wan_carriers") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported

List of carriers used for the WAN configuration and their mapping to path-groups. | - | [  - name](## "wan_carriers.[].name") | String | Required, Unique | | | Carrier name. | - | [    description](## "wan_carriers.[].description") | String | | | | Additional information about the carrier for documentation purposes. | - | [    path_group](## "wan_carriers.[].path_group") | String | Required | | | The path-group to which this carrier belongs. | | [wan_ipsec_profiles](## "wan_ipsec_profiles") | Dictionary | | | | PREVIEW: This key is currently not supported

Define IPsec profiles parameters for WAN configuration. | | [  control_plane](## "wan_ipsec_profiles.control_plane") | Dictionary | Required | | | PREVIEW: This key is currently not supported | | [    ike_policy_name](## "wan_ipsec_profiles.control_plane.ike_policy_name") | String | | `CP-IKE-POLICY` | | Name of the IKE policy. | @@ -23,20 +19,12 @@ | [    profile_name](## "wan_ipsec_profiles.data_plane.profile_name") | String | | `DP-PROFILE` | | Name of the IPSec profile. | | [    shared_key](## "wan_ipsec_profiles.data_plane.shared_key") | String | Required | | | The type 7 encrypted IPSec shared key.
This variable is sensitive and should be configured using some vault mechanism. | | [wan_mode](## "wan_mode") | String | | `cv-pathfinder` | Valid Values:
- autovpn
- cv-pathfinder | PREVIEW: This key is currently not supported

Select if the WAN should be run using CV Pathfinder or Auto VPN only. | - | [wan_path_groups](## "wan_path_groups") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported
List of path-groups used for the WAN configuration. | - | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | - | [    id](## "wan_path_groups.[].id") | Integer | Required | | | Path-group id.

TODO: Required until an auto ID algorithm is implemented. | - | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | - | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the path_group (default is True). | - | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | - | [      - remote](## "wan_path_groups.[].import_path_groups.[].remote") | String | | | | Remote path-group to import. | - | [        local](## "wan_path_groups.[].import_path_groups.[].local") | String | | | | Optional, if not set, the path-group `name` is used as local. | | [wan_route_servers](## "wan_route_servers") | List, items: Dictionary | | | | PREVIEW: This key is currently not supported

List of the AutoVPN RRs when using `wan_mode`=`autovpn`, or the Pathfinders
when using `wan_mode`=`cv-pathfinder`, to which the device should connect to.

When the route server is part of the same inventory as the WAN routers,
only the name is required. | | [  - hostname](## "wan_route_servers.[].hostname") | String | Required, Unique | | | Route-Reflector hostname. | | [    router_id](## "wan_route_servers.[].router_id") | String | | | | Route-Reflector router id. | | [    path_groups](## "wan_route_servers.[].path_groups") | List, items: Dictionary | | | | Path-groups through which the Route Reflector/Pathfinder is reached. | - | [      - name](## "wan_route_servers.[].path_groups.[].name") | String | | | | Path-group name. | - | [        interfaces](## "wan_route_servers.[].path_groups.[].interfaces") | List, items: Dictionary | | | | | + | [      - name](## "wan_route_servers.[].path_groups.[].name") | String | Required, Unique | | | Path-group name. | + | [        interfaces](## "wan_route_servers.[].path_groups.[].interfaces") | List, items: Dictionary | Required | | Min Length: 1 | | | [          - name](## "wan_route_servers.[].path_groups.[].interfaces.[].name") | String | Required, Unique | | | Interface name. | | [            ip_address](## "wan_route_servers.[].path_groups.[].interfaces.[].ip_address") | String | | | | The public IP address of the Route Reflector for this path-group. | @@ -45,20 +33,6 @@ ```yaml # PREVIEW: This key is currently not supported - # List of carriers used for the WAN configuration and their mapping to path-groups. - wan_carriers: - - # Carrier name. - - name: - - # Additional information about the carrier for documentation purposes. - description: - - # The path-group to which this carrier belongs. - path_group: - - # PREVIEW: This key is currently not supported - # Define IPsec profiles parameters for WAN configuration. wan_ipsec_profiles: @@ -99,33 +73,6 @@ # Select if the WAN should be run using CV Pathfinder or Auto VPN only. wan_mode: - # PREVIEW: This key is currently not supported - # List of path-groups used for the WAN configuration. - wan_path_groups: - - # Path-group name. - - name: - - # Path-group id. - - # TODO: Required until an auto ID algorithm is implemented. - id: - - # Additional information about the path-group for documentation purposes. - description: - - # Flag to configure IPsec on the path_group (default is True). - ipsec: - - # List of [ath-groups to import in this path-group. - import_path_groups: - - # Remote path-group to import. - - remote: - - # Optional, if not set, the path-group `name` is used as local. - local: - # PREVIEW: This key is currently not supported # List of the AutoVPN RRs when using `wan_mode`=`autovpn`, or the Pathfinders @@ -145,8 +92,8 @@ path_groups: # Path-group name. - - name: - interfaces: + - name: + interfaces: # >=1 items; required # Interface name. - name: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index b89f7ab8200..92433c3d244 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -56,7 +56,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - As of now, only the fundations of the `eos_designs` functionality for WAN is being introduced without any support for LAN interfaces. -- Auto generation of Path-group IDs. +- Auto generation of Path-group IDs and other IDs. - The configuration of AVT policies is not supported yet and will be introduced later. - HA for sites will be covered in a future PR @@ -97,7 +97,19 @@ All these node types are defined with `default_underlay_routing_protocol: none` roles/eos_designs/docs/tables/wan-settings.md --8<-- -#### WAN hierarchy +##### WAN path-groups + +--8<-- +roles/eos_designs/docs/tables/wan-path-groups.md +--8<-- + +##### WAN carriers + +--8<-- +roles/eos_designs/docs/tables/wan-carriers.md +--8<-- + +##### WAN hierarchy !!! note This section is only relevant for CV Pathfinder and not for AutoVPN diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index a8516d13748..0206a31ca7e 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -55,7 +55,7 @@ def _get_path_groups(self) -> list: path_group_data = { "name": pg_name, "id": self._get_path_group_id(pg_name, path_group.get("id")), - "local_interfaces": self._get_local_interfaces(pg_name), + "local_interfaces": self._get_local_interfaces_for_path_group(pg_name), "dynamic_peers": self._get_dynamic_peers(), "static_peers": self._get_static_peers(pg_name), } @@ -114,7 +114,7 @@ def _get_path_group_id(self, path_group_name: str, config_id: int | None = None) return config_id return 500 - def _get_local_interfaces(self, path_group_name: str) -> list | None: + def _get_local_interfaces_for_path_group(self, path_group_name: str) -> list | None: """ Generate the router_path_selection.local_interfaces list @@ -127,10 +127,10 @@ def _get_local_interfaces(self, path_group_name: str) -> list | None: if self.shared_utils.wan_role == "client" and self._should_connect_to_wan_rr([path_group_name]): stun_server_profiles = [] - for wrr, data in self._wan_route_servers.items(): + for wan_route_server, data in self._wan_route_servers.items(): if (path_group := get_item(data["wan_path_groups"], "name", path_group_name)) is not None: for index in range(len(get(path_group, "interfaces", required=True))): - stun_server_profiles.append(self._stun_server_profile_name(wrr, path_group_name, index)) + stun_server_profiles.append(self._stun_server_profile_name(wan_route_server, path_group_name, index)) if stun_server_profiles: local_interface["stun"] = {"server_profiles": stun_server_profiles} @@ -151,10 +151,15 @@ def _get_static_peers(self, path_group_name: str) -> list | None: """ TODO """ - if self.shared_utils.wan_role != "client": + if not self.shared_utils.wan_role: return None + static_peers = [] for wan_route_server, data in self._wan_route_servers.items(): + if wan_route_server == self.shared_utils.hostname: + # Do not static-peer yourself + continue + for path_group in get(data, "wan_path_groups", required=True): if path_group["name"] != path_group_name: continue @@ -163,7 +168,7 @@ def _get_static_peers(self, path_group_name: str) -> list | None: ipv4_addresses = [] - for interface_dict in path_group.get("interfaces", []): + for interface_dict in get(path_group, "interfaces", required=True): if (ip_address := interface_dict.get("ip_address")) is not None: # TODO - removing mask using split but maybe a helper is clearer ipv4_addresses.append(ip_address.split("/")[0]) diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 29ba4c4619a..e806765b705 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -31129,6 +31129,7 @@ }, "interfaces": { "type": "array", + "minItems": 1, "items": { "type": "object", "properties": { @@ -31154,6 +31155,10 @@ "title": "Interfaces" } }, + "required": [ + "interfaces", + "name" + ], "additionalProperties": false, "patternProperties": { "^_.+$": {} diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index ad8b5e83f4b..022d0b5deff 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3183,8 +3183,6 @@ keys: type: bool default: false wan_carriers: - documentation_options: - table: wan-settings description: 'PREVIEW: This key is currently not supported @@ -3263,8 +3261,6 @@ keys: - autovpn - cv-pathfinder wan_path_groups: - documentation_options: - table: wan-settings description: 'PREVIEW: This key is currently not supported List of path-groups used for the WAN configuration.' @@ -3334,6 +3330,7 @@ keys: type: list description: Path-groups through which the Route Reflector/Pathfinder is reached. + primary_key: name items: type: dict keys: @@ -3343,6 +3340,8 @@ keys: interfaces: type: list primary_key: name + required: true + min_length: 1 items: type: dict keys: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml index 3b8c6a62038..b0e2e45e265 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml @@ -7,8 +7,6 @@ type: dict keys: wan_carriers: - documentation_options: - table: wan-settings description: |- PREVIEW: This key is currently not supported diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml index 311ee0857e5..f720b84d490 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml @@ -7,8 +7,6 @@ type: dict keys: wan_path_groups: - documentation_options: - table: wan-settings description: |- PREVIEW: This key is currently not supported List of path-groups used for the WAN configuration. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml index 52e38afa919..682463ef55b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_route_servers.schema.yml @@ -31,6 +31,7 @@ keys: path_groups: type: list description: Path-groups through which the Route Reflector/Pathfinder is reached. + primary_key: name items: type: dict keys: @@ -40,6 +41,8 @@ keys: interfaces: type: list primary_key: name + required: true + min_length: 1 items: type: dict keys: From 05033e599be2db84d9af141d85ac99167ee16441 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 14:25:16 +0100 Subject: [PATCH 19/31] Refactor: PR comment --- .../python_modules/overlay/router_path_selection.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 0206a31ca7e..06ce9634787 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -57,7 +57,7 @@ def _get_path_groups(self) -> list: "id": self._get_path_group_id(pg_name, path_group.get("id")), "local_interfaces": self._get_local_interfaces_for_path_group(pg_name), "dynamic_peers": self._get_dynamic_peers(), - "static_peers": self._get_static_peers(pg_name), + "static_peers": self._get_static_peers_for_path_group(pg_name), } if path_group.get("ipsec", True): @@ -147,7 +147,7 @@ def _get_dynamic_peers(self) -> dict | None: return None return {"enabled": True} - def _get_static_peers(self, path_group_name: str) -> list | None: + def _get_static_peers_for_path_group(self, path_group_name: str) -> list | None: """ TODO """ @@ -160,9 +160,7 @@ def _get_static_peers(self, path_group_name: str) -> list | None: # Do not static-peer yourself continue - for path_group in get(data, "wan_path_groups", required=True): - if path_group["name"] != path_group_name: - continue + if (path_group := get_item(data["wan_path_groups"], "name", path_group_name)) is not None: if not self._should_connect_to_wan_rr([path_group["name"]]): continue From b51b5a7f2eef35be915cdde2d137431f0db85f4b Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 14:44:15 +0100 Subject: [PATCH 20/31] Test: Fix negative unit tests --- .../invalid-wan-role-cv-pathfinder-role-1.yml | 8 ++++ .../invalid-wan-role-cv-pathfinder-role-2.yml | 8 ++++ ...alid-wan-role-overlay-routing-protocol.yml | 1 + .../inventory/hosts.yml | 4 +- .../python_modules/overlay/stun.py | 21 ++++----- .../python_modules/overlay/utils.py | 43 +++++++++---------- 6 files changed, 48 insertions(+), 37 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml index 1113c85c3ed..e36355fb9e4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml @@ -4,6 +4,14 @@ type: wan_edge bgp_as: 65000 +wan_carriers: + - name: MPLS + path_group: MPLS + +wan_path_groups: + - name: MPLS + id: 42 + wan_edge: defaults: loopback_ipv4_pool: 192.168.0.0/24 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml index 857729aec06..201fd318883 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml @@ -4,6 +4,14 @@ type: wan_rr bgp_as: 65000 +wan_carriers: + - name: MPLS + path_group: MPLS + +wan_path_groups: + - name: MPLS + id: 42 + wan_rr: defaults: loopback_ipv4_pool: 192.168.0.0/24 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml index 634b9f31e17..9258262254a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml @@ -1,6 +1,7 @@ --- wan_mode: autovpn type: wan_edge +fabric_name: fabric_wan_role_overlay_routing_protocol # Not ibgp overlay_routing_protocol: none diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml index 2ee4a99c858..41ea655d338 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml @@ -45,6 +45,9 @@ all: invalid-uplink-port-channel-id-l3leaf-2: invalid-uplink-port-channel-id-l2leaf-1: invalid-uplink-port-channel-id-l2leaf-2: + fabric_wan_role_overlay_routing_protocol: + hosts: + invalid-wan-role-overlay-routing-protocol: EOS_DESIGNS_FAILURES: # Add cases that fail during 'eos_designs_structured_config' phase hosts: failure-port-channel: @@ -77,7 +80,6 @@ all: failure-duplicate-evpn-vlan-bundle-name: ntp-settings-server-vrf-missing-mgmt-ip: ntp-settings-server-vrf-missing-inband-mgmt-interface: - invalid-wan-role-overlay-routing-protocol: invalid-wan-role-cv-pathfinder-role-1: invalid-wan-role-cv-pathfinder-role-2: source-interfaces-domain-lookup-duplicate-vrf: diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py index 5528c66d2b9..fa17e2a5428 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py @@ -27,10 +27,7 @@ def stun(self) -> dict | None: stun = {} if self.shared_utils.wan_role == "server": - local_interfaces = [] - for wan_interface in self.shared_utils.wan_interfaces: - local_interfaces.append(wan_interface.get("interface")) - + local_interfaces = [wan_interface.get("interface") for wan_interface in self.shared_utils.wan_interfaces] stun["server"] = {"local_interfaces": local_interfaces} if self.shared_utils.wan_role == "client": @@ -41,15 +38,13 @@ def stun(self) -> dict | None: if not self._should_connect_to_wan_rr([path_group["name"]]): continue - for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)): - # Today one wan_path_group can only have one IP. May need to relax this in the futur - server_profiles.append( - { - "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), - "ip_address": get(interface_dict, "ip_address", required=True), - } - ) - + server_profiles.extend( + { + "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), + "ip_address": get(interface_dict, "ip_address", required=True), + } + for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)) + ) if server_profiles: stun["client"] = {"server_profiles": server_profiles} diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 5dc25a592d2..836c728a495 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -352,66 +352,63 @@ def _wan_route_servers(self) -> dict: wan_route_servers_list = get(self._hostvars, "wan_route_servers", default=[]) - for wan_rr_dict in natural_sort(wan_route_servers_list, sort_key="hostname"): + for wan_rs_dict in natural_sort(wan_route_servers_list, sort_key="hostname"): # These remote gw can be outside of the inventory - wan_rr = wan_rr_dict["hostname"] + wan_rs = wan_rs_dict["hostname"] - if wan_rr == self.shared_utils.hostname: + if wan_rs == self.shared_utils.hostname: # Don't add yourself continue - if (peer_facts := self.shared_utils.get_peer_facts(wan_rr, required=False)) is not None: + if (peer_facts := self.shared_utils.get_peer_facts(wan_rs, required=False)) is not None: # Found a matching server in inventory bgp_as = peer_facts.get("bgp_as") # Only ibgp is supported for WAN so raise if peer from peer_facts BGP AS is different from ours. if bgp_as != self.shared_utils.bgp_as: raise AristaAvdError( - f"Only iBGP is supported for WAN, the BGP AS {bgp_as} on {wan_rr} is different from our own: {self.shared_utils.bgp_as}." + f"Only iBGP is supported for WAN, the BGP AS {bgp_as} on {wan_rs} is different from our own: {self.shared_utils.bgp_as}." ) # Prefer values coming from the input variables over peer facts - router_id = get(wan_rr_dict, "router_id", default=peer_facts.get("router_id")) - wan_path_groups = get(wan_rr_dict, "path_groups", default=peer_facts.get("wan_path_groups")) + router_id = get(wan_rs_dict, "router_id", default=peer_facts.get("router_id")) + wan_path_groups = get(wan_rs_dict, "path_groups", default=peer_facts.get("wan_path_groups")) if router_id is None: raise AristaAvdMissingVariableError( - f"'router_id' is missing for peering with {wan_rr}, either set it in under 'wan_route_servers' or something is wrong with the peer" + f"'router_id' is missing for peering with {wan_rs}, either set it in under 'wan_route_servers' or something is wrong with the peer" " facts." ) - # TODO - enable this once the wan_path_groups peer fact is implemented as this requires WAN interfaces not - # covered in this PR. if wan_path_groups is None: raise AristaAvdMissingVariableError( - f"'wan_path_groups' is missing for peering with {wan_rr}, either set it in under 'wan_route_servers'" - " or something is wrong with the peer" - " facts." + f"'wan_path_groups' is missing for peering with {wan_rs}, either set it in under 'wan_route_servers'" + " or something is wrong with the peer facts." ) else: # Retrieve the values from the dictionary, making them required if the peer_facts were not found - router_id = get(wan_rr_dict, "router_id", required=True) + router_id = get(wan_rs_dict, "router_id", required=True) wan_path_groups = get( - wan_rr_dict, + wan_rs_dict, "path_groups", required=True, org_key=( - f"'path_groups' is missing for peering with {wan_rr} which was not found in the inventory, either set it in under 'wan_route_servers'" + f"'path_groups' is missing for peering with {wan_rs} which was not found in the inventory, either set it in under 'wan_route_servers'" " or check your inventory." ), ) - wan_rr_result_dict = { + wan_rs_result_dict = { "router_id": router_id, "wan_path_groups": wan_path_groups, } - if any(interface["ip_address"] == "dhcp" for path_group in wan_rr_result_dict["wan_path_groups"] for interface in path_group.get("interfaces", [])): + if any(interface["ip_address"] == "dhcp" for path_group in wan_rs_result_dict["wan_path_groups"] for interface in path_group.get("interfaces", [])): raise AristaAvdError( - f"The IP address for a WAN interface on a Route Reflector cannot be 'dhcp', this is the case for '{wan_rr}'. Set an ip address to use under" - " the 'wan_route_servers.path_groups.interfaces' key." + f"The IP address for a WAN interface on a Route Server '{wan_rs}' is set 'dhcp'. Clients need to peer with a static IP which can be set" + " under the 'wan_route_servers.path_groups.interfaces' key." ) - wan_route_servers[wan_rr] = strip_empties_from_dict(wan_rr_result_dict) + wan_route_servers[wan_rs] = strip_empties_from_dict(wan_rs_result_dict) return wan_route_servers @@ -422,9 +419,9 @@ def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: name = f"{wan_route_server_name}-{path_group_name}" return f"{name}-{id}" if id is not None else name - def _should_connect_to_wan_rr(self, path_groups: list) -> bool: + def _should_connect_to_wan_rs(self, path_groups: list) -> bool: """ - This helper implements wherther or not a connection to the wan_rr should be made or not based on a list of path-groups. + This helper implements wherther or not a connection to the wan_rs should be made or not based on a list of path-groups. To do this the logic is the following: * Look at the wan_interfaces on the router and check if there is any path-group in common with the RR where From ae570292b8c2c36926bda681b4706ad9af03ba46 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 15:42:47 +0100 Subject: [PATCH 21/31] Refactor: DRYing some of the code --- .../structured_configs/cv-pathfinder-edge.yml | 2 +- .../cv-pathfinder-pathfinder.yml | 2 +- .../cv-pathfinder-pathfinder2.yml | 2 +- .../cv-pathfinder-transit.yml | 2 +- .../python_modules/overlay/router_bgp.py | 6 +-- .../overlay/router_path_selection.py | 20 ++-------- .../python_modules/overlay/stun.py | 19 +--------- .../python_modules/overlay/utils.py | 37 ++++++++++++++++++- 8 files changed, 48 insertions(+), 42 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index df638d82300..a89a4f52e05 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -169,8 +169,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: MPLS - name: INET + - name: MPLS stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 5a1e63c51c1..f529577fe8b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -154,8 +154,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: MPLS - name: INET + - name: MPLS peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 5ba91a730c6..f26e574f422 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -193,8 +193,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: MPLS - name: INET + - name: MPLS peer_dynamic_source: stun stun: server: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 19a0c19307e..50e3d842d5e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -177,8 +177,8 @@ router_path_selection: load_balance_policies: - name: LBPOLICY path_groups: - - name: MPLS - name: INET + - name: MPLS stun: client: server_profiles: diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py index ccf4e5f5d7b..45baba92331 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_bgp.py @@ -484,14 +484,12 @@ def _neighbors(self) -> list | None: f"Loopback0 IP {self.shared_utils.router_id} is not in the Route Reflector listen range prefixes" " 'bgp_peer_groups.wan_overlay_peers.listen_range_prefixes'." ) - for wan_route_server, data in self._wan_route_servers.items(): - if not self._should_connect_to_wan_rr([pg["name"] for pg in get(data, "wan_path_groups", required=True)]): - continue + for wan_route_server, data in self._filtered_wan_route_servers.items(): neighbor = self._create_neighbor(data["router_id"], wan_route_server, self.shared_utils.bgp_peer_groups["wan_overlay_peers"]["name"]) neighbors.append(neighbor) if self.shared_utils.wan_role == "server": # No neighbor configured on the `wan_overlay_peers` peer group as it is covered by listen ranges - for wan_route_server, data in self._wan_route_servers.items(): + for wan_route_server, data in self._filtered_wan_route_servers.items(): neighbor = self._create_neighbor(data["router_id"], wan_route_server, self.shared_utils.bgp_peer_groups["rr_overlay_peers"]["name"]) neighbors.append(neighbor) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 06ce9634787..ab9304dd485 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -125,15 +125,10 @@ def _get_local_interfaces_for_path_group(self, path_group_name: str) -> list | N for interface in path_group.get("interfaces", []): local_interface = {"name": get(interface, "name", required=True)} - if self.shared_utils.wan_role == "client" and self._should_connect_to_wan_rr([path_group_name]): - stun_server_profiles = [] - for wan_route_server, data in self._wan_route_servers.items(): - if (path_group := get_item(data["wan_path_groups"], "name", path_group_name)) is not None: - for index in range(len(get(path_group, "interfaces", required=True))): - stun_server_profiles.append(self._stun_server_profile_name(wan_route_server, path_group_name, index)) - + if self.shared_utils.wan_role == "client" and self._should_connect_to_wan_rs([path_group_name]): + stun_server_profiles = self._stun_server_profiles.get(path_group_name, []) if stun_server_profiles: - local_interface["stun"] = {"server_profiles": stun_server_profiles} + local_interface["stun"] = {"server_profiles": [profile["name"] for profile in stun_server_profiles]} local_interfaces.append(local_interface) @@ -155,15 +150,8 @@ def _get_static_peers_for_path_group(self, path_group_name: str) -> list | None: return None static_peers = [] - for wan_route_server, data in self._wan_route_servers.items(): - if wan_route_server == self.shared_utils.hostname: - # Do not static-peer yourself - continue - + for wan_route_server, data in self._filtered_wan_route_servers.items(): if (path_group := get_item(data["wan_path_groups"], "name", path_group_name)) is not None: - if not self._should_connect_to_wan_rr([path_group["name"]]): - continue - ipv4_addresses = [] for interface_dict in get(path_group, "interfaces", required=True): diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py index fa17e2a5428..7c3388983ca 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/stun.py @@ -3,10 +3,9 @@ # that can be found in the LICENSE file. from __future__ import annotations +import itertools from functools import cached_property -from ansible_collections.arista.avd.plugins.plugin_utils.utils import get - from .utils import UtilsMixin @@ -31,21 +30,7 @@ def stun(self) -> dict | None: stun["server"] = {"local_interfaces": local_interfaces} if self.shared_utils.wan_role == "client": - server_profiles = [] - - for wan_route_server, data in self._wan_route_servers.items(): - for path_group in data.get("wan_path_groups", []): - if not self._should_connect_to_wan_rr([path_group["name"]]): - continue - - server_profiles.extend( - { - "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), - "ip_address": get(interface_dict, "ip_address", required=True), - } - for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)) - ) - if server_profiles: + if server_profiles := list(itertools.chain.from_iterable(self._stun_server_profiles.values())): stun["client"] = {"server_profiles": server_profiles} return stun or None diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 836c728a495..d1d6d6015bc 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -262,7 +262,7 @@ def _append_peer(self, peers_dict: dict, peer_name: str, peer_facts: dict) -> No @cached_property def _is_wan_server_with_peers(self) -> bool: - return self.shared_utils.wan_role == "server" and len(self._wan_route_servers) > 0 + return self.shared_utils.wan_role == "server" and len(self._filtered_wan_route_servers) > 0 @cached_property def _wan_listen_ranges(self): @@ -436,3 +436,38 @@ def _should_connect_to_wan_rs(self, path_groups: list) -> bool: ) for wan_interface in self.shared_utils.wan_interfaces ) + + @cached_property + def _filtered_wan_route_servers(self) -> dict: + """ + Return a dictionary of wan_route_servers with only the path_groups the router should connect to + """ + filtered_wan_route_servers = {} + for wan_route_server, data in self._wan_route_servers.items(): + if wan_route_server == self.shared_utils.hostname: + # Do not include yourself + continue + for path_group in data.get("wan_path_groups", []): + if self._should_connect_to_wan_rs([path_group["name"]]): + filtered_wan_route_servers.setdefault(wan_route_server, {"router_id": data["router_id"], "wan_path_groups": []})["wan_path_groups"].append( + path_group + ) + + return filtered_wan_route_servers + + @cached_property + def _stun_server_profiles(self) -> list: + """ + Return a dictionary of _stun_server_profiles with ip_address per local path_group + """ + stun_server_profiles = {} + for wan_route_server, data in self._filtered_wan_route_servers.items(): + for path_group in data.get("wan_path_groups", []): + stun_server_profiles.setdefault(path_group["name"], []).extend( + { + "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), + "ip_address": get(interface_dict, "ip_address", required=True), + } + for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)) + ) + return stun_server_profiles From 6e9a71324a4733a84dba2e026d57d94af5c9bd90 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 21 Dec 2023 16:18:18 +0100 Subject: [PATCH 22/31] Test: Maybe fix idemptoency --- .../python_modules/overlay/router_path_selection.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index ab9304dd485..f0043d4af9b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -5,6 +5,7 @@ from functools import cached_property +from ansible_collections.arista.avd.plugins.filter.natural_sort import natural_sort from ansible_collections.arista.avd.plugins.plugin_utils.strip_empties import strip_empties_from_dict from ansible_collections.arista.avd.plugins.plugin_utils.utils import get, get_item @@ -69,7 +70,7 @@ def _get_path_groups(self) -> list: pass # implement LAN_HA here - return path_groups + return natural_sort(path_groups, "name") def _get_load_balance_policies(self, path_groups: dict) -> dict | None: """ """ From c7cd2897b2dbf5a2ea3004ed4a76a1b02e593624 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 10:12:40 +0100 Subject: [PATCH 23/31] Refactor: Rename connected_to_pathfinder --- .../group_vars/CV_PATHFINDER_TESTS.yml | 2 +- .../eos_designs/docs/tables/wan-carriers.md | 2 +- .../docs/tables/wan-interfaces-settings.md | 18 +++++++++--------- .../eos_designs/docs/tables/wan-path-groups.md | 2 +- .../python_modules/overlay/utils.py | 4 ++-- .../schemas/eos_designs.jsonschema.json | 16 ++++++++-------- .../eos_designs/schemas/eos_designs.schema.yml | 2 +- .../defs_l3_edge_l3_interfaces.schema.yml | 2 +- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 7eab8084f86..f1867189ab4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -116,7 +116,7 @@ l3_edge: wan_carrier: Colt wan_circuit_id: 10555 ip: 172.15.5.5/31 - cv_pathfinder_connected_to_pathfinder: False + connected_to_pathfinder: False - node: cv-pathfinder-transit interface: Ethernet1 wan_carrier: Comcast diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md index 0fa28516427..d70ab490fa2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-carriers.md @@ -1,5 +1,5 @@ diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md index b195fdf464f..5358738808e 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-interfaces-settings.md @@ -1,5 +1,5 @@ @@ -12,21 +12,21 @@ | [    - profile](## "core_interfaces.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | | [      wan_carrier](## "core_interfaces.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      connected_to_pathfinder](## "core_interfaces.l3_interfaces_profiles.[].connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "core_interfaces.l3_interfaces") | List, items: Dictionary | | | | | | [      wan_carrier](## "core_interfaces.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "core_interfaces.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      connected_to_pathfinder](## "core_interfaces.l3_interfaces.[].connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [l3_edge](## "l3_edge") | Dictionary | | | | | | [  l3_interfaces_profiles](## "l3_edge.l3_interfaces_profiles") | List, items: Dictionary | | | | | | [    - profile](## "l3_edge.l3_interfaces_profiles.[].profile") | String | Required, Unique | | | L3 interface profile name. Any variable supported under `l3_interfaces` can be inherited from a profile. | | [      wan_carrier](## "l3_edge.l3_interfaces_profiles.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "l3_edge.l3_interfaces_profiles.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      connected_to_pathfinder](## "l3_edge.l3_interfaces_profiles.[].connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | | [  l3_interfaces](## "l3_edge.l3_interfaces") | List, items: Dictionary | | | | | | [      wan_carrier](## "l3_edge.l3_interfaces.[].wan_carrier") | String | | | | PREVIEW: This key is currently not supported

The WAN Carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured. | | [      wan_circuit_id](## "l3_edge.l3_interfaces.[].wan_circuit_id") | String | | | | PREVIEW: This key is currently not supported

The WAN Circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. | - | [      cv_pathfinder_connected_to_pathfinder](## "l3_edge.l3_interfaces.[].cv_pathfinder_connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | + | [      connected_to_pathfinder](## "l3_edge.l3_interfaces.[].connected_to_pathfinder") | Boolean | | | | PREVIEW: This key is currently not supported

For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.
Default True. | === "YAML" @@ -53,7 +53,7 @@ # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: l3_interfaces: # PREVIEW: This key is currently not supported @@ -72,7 +72,7 @@ # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: l3_edge: l3_interfaces_profiles: @@ -95,7 +95,7 @@ # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: l3_interfaces: # PREVIEW: This key is currently not supported @@ -114,5 +114,5 @@ # For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. # Default True. - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md index 467f6cabcee..58031689e1d 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md @@ -1,5 +1,5 @@ diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 44fb0bc2cf3..f98441807fb 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -425,13 +425,13 @@ def _should_connect_to_wan_rs(self, path_groups: list) -> bool: To do this the logic is the following: * Look at the wan_interfaces on the router and check if there is any path-group in common with the RR where - `cv_pathfinder_connected_to_pathfinder` is not False. + `connected_to_pathfinder` is not False. """ return any( self.shared_utils.get_carrier_path_group(wan_interface["wan_carrier"])["name"] in path_groups and get( wan_interface, - "cv_pathfinder_connected_to_pathfinder", + "connected_to_pathfinder", default=True, ) for wan_interface in self.shared_utils.wan_interfaces diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 65bb467ef31..f902d8a73a7 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3279,10 +3279,10 @@ "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", "title": "Wan Circuit ID" }, - "cv_pathfinder_connected_to_pathfinder": { + "connected_to_pathfinder": { "type": "boolean", "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", - "title": "Cv Pathfinder Connected To Pathfinder" + "title": "Connected To Pathfinder" }, "raw_eos_cli": { "type": "string", @@ -5956,10 +5956,10 @@ "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", "title": "Wan Circuit ID" }, - "cv_pathfinder_connected_to_pathfinder": { + "connected_to_pathfinder": { "type": "boolean", "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", - "title": "Cv Pathfinder Connected To Pathfinder" + "title": "Connected To Pathfinder" }, "raw_eos_cli": { "type": "string", @@ -10055,10 +10055,10 @@ "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", "title": "Wan Circuit ID" }, - "cv_pathfinder_connected_to_pathfinder": { + "connected_to_pathfinder": { "type": "boolean", "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", - "title": "Cv Pathfinder Connected To Pathfinder" + "title": "Connected To Pathfinder" }, "raw_eos_cli": { "type": "string", @@ -12732,10 +12732,10 @@ "description": "PREVIEW: This key is currently not supported\n\nThe WAN Circuit ID for this interface.\nThis is not rendered in the configuration but used for WAN designs.", "title": "Wan Circuit ID" }, - "cv_pathfinder_connected_to_pathfinder": { + "connected_to_pathfinder": { "type": "boolean", "description": "PREVIEW: This key is currently not supported\n\nFor a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders.\nDefault True.", - "title": "Cv Pathfinder Connected To Pathfinder" + "title": "Connected To Pathfinder" }, "raw_eos_cli": { "type": "string", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 2d83828817e..f7ea9dc98b7 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -4285,7 +4285,7 @@ $defs: The WAN Circuit ID for this interface. This is not rendered in the configuration but used for WAN designs.' - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: type: bool documentation_options: table: wan-interfaces-settings diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index 43f2608d4c1..605edc8f7e9 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -74,7 +74,7 @@ $defs: The WAN Circuit ID for this interface. This is not rendered in the configuration but used for WAN designs. - cv_pathfinder_connected_to_pathfinder: + connected_to_pathfinder: type: bool documentation_options: table: wan-interfaces-settings From 066a17d02b62230e3922d784d2ab801bf0900584 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 10:14:02 +0100 Subject: [PATCH 24/31] Doc: Add dem newlines --- .../arista/avd/roles/eos_designs/docs/wan-preview.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index 534880981dc..a316327fd1f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -11,6 +11,7 @@ title: Ansible Collection Role eos_design - WAN preview # WAN preview !!! warning + The integration of WAN designs to `eos_designs` role is in preview mode. Everything is subject to change, is not supported and may not be complete. @@ -112,6 +113,7 @@ roles/eos_designs/docs/tables/wan-carriers.md ##### WAN hierarchy !!! note + This section is only relevant for CV Pathfinder and not for AutoVPN --8<-- @@ -121,6 +123,7 @@ roles/eos_designs/docs/tables/wan-cv-pathfinder-regions.md #### WAN interfaces !!! note + The current code implements only `l3_edge.l3_interfaces` and not `core_interfaces.l3_interfaces` --8<-- From 8fae511c85f5ab1c7814b68e568b59f11275f5ec Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 10:17:59 +0100 Subject: [PATCH 25/31] Refactor: Use interface name instead of id for stun server-profiles --- .../intended/configs/autovpn-edge.cfg | 6 +++--- .../intended/configs/cv-pathfinder-edge.cfg | 6 +++--- .../intended/configs/cv-pathfinder-transit.cfg | 10 +++++----- .../intended/structured_configs/autovpn-edge.yml | 8 ++++---- .../structured_configs/cv-pathfinder-edge.yml | 8 ++++---- .../structured_configs/cv-pathfinder-transit.yml | 12 ++++++------ .../eos_designs/python_modules/overlay/utils.py | 8 ++++---- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 71df9f79266..803decdfc62 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -14,7 +14,7 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 - stun server-profile autovpn-rr1-INET-0 autovpn-rr2-INET-0 + stun server-profile autovpn-rr1-INET-Ethernet1 autovpn-rr2-INET-Ethernet1 ! peer dynamic ! @@ -125,9 +125,9 @@ management api http-commands ! stun client - server-profile autovpn-rr1-INET-0 + server-profile autovpn-rr1-INET-Ethernet1 ip address 10.7.7.7/31 - server-profile autovpn-rr2-INET-0 + server-profile autovpn-rr2-INET-Ethernet1 ip address 10.8.8.8/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 300fcfb9ac4..fd7c7893db5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -23,7 +23,7 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-0 cv-pathfinder-pathfinder-INET-1 + stun server-profile cv-pathfinder-pathfinder-INET-Ethernet1 cv-pathfinder-pathfinder-INET-Ethernet3 ! peer dynamic ! @@ -167,9 +167,9 @@ management api http-commands ! stun client - server-profile cv-pathfinder-pathfinder-INET-0 + server-profile cv-pathfinder-pathfinder-INET-Ethernet1 ip address 10.7.7.7/31 - server-profile cv-pathfinder-pathfinder-INET-1 + server-profile cv-pathfinder-pathfinder-INET-Ethernet3 ip address 10.9.9.9/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index c8b969e1cc4..65b75d39821 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -23,7 +23,7 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-0 cv-pathfinder-pathfinder-INET-1 + stun server-profile cv-pathfinder-pathfinder-INET-Ethernet1 cv-pathfinder-pathfinder-INET-Ethernet3 ! peer dynamic ! @@ -35,7 +35,7 @@ router path-selection path-group MPLS id 100 ! local interface Ethernet2 - stun server-profile cv-pathfinder-pathfinder-MPLS-0 + stun server-profile cv-pathfinder-pathfinder-MPLS-Ethernet2 ! peer dynamic ! @@ -172,11 +172,11 @@ management api http-commands ! stun client - server-profile cv-pathfinder-pathfinder-INET-0 + server-profile cv-pathfinder-pathfinder-INET-Ethernet1 ip address 10.7.7.7/31 - server-profile cv-pathfinder-pathfinder-INET-1 + server-profile cv-pathfinder-pathfinder-INET-Ethernet3 ip address 10.9.9.9/31 - server-profile cv-pathfinder-pathfinder-MPLS-0 + server-profile cv-pathfinder-pathfinder-MPLS-Ethernet2 ip address 172.16.0.1/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index d6828027222..06c06f48e4f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -99,8 +99,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - autovpn-rr1-INET-0 - - autovpn-rr2-INET-0 + - autovpn-rr1-INET-Ethernet1 + - autovpn-rr2-INET-Ethernet1 dynamic_peers: enabled: true static_peers: @@ -127,9 +127,9 @@ router_path_selection: stun: client: server_profiles: - - name: autovpn-rr1-INET-0 + - name: autovpn-rr1-INET-Ethernet1 ip_address: 10.7.7.7/31 - - name: autovpn-rr2-INET-0 + - name: autovpn-rr2-INET-Ethernet1 ip_address: 10.8.8.8/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index a89a4f52e05..bdc94ad6c85 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -149,8 +149,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - cv-pathfinder-pathfinder-INET-0 - - cv-pathfinder-pathfinder-INET-1 + - cv-pathfinder-pathfinder-INET-Ethernet1 + - cv-pathfinder-pathfinder-INET-Ethernet3 dynamic_peers: enabled: true static_peers: @@ -174,9 +174,9 @@ router_path_selection: stun: client: server_profiles: - - name: cv-pathfinder-pathfinder-INET-0 + - name: cv-pathfinder-pathfinder-INET-Ethernet1 ip_address: 10.7.7.7/31 - - name: cv-pathfinder-pathfinder-INET-1 + - name: cv-pathfinder-pathfinder-INET-Ethernet3 ip_address: 10.9.9.9/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 50e3d842d5e..b23f1bc29cc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -149,8 +149,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - cv-pathfinder-pathfinder-INET-0 - - cv-pathfinder-pathfinder-INET-1 + - cv-pathfinder-pathfinder-INET-Ethernet1 + - cv-pathfinder-pathfinder-INET-Ethernet3 dynamic_peers: enabled: true static_peers: @@ -166,7 +166,7 @@ router_path_selection: - name: Ethernet2 stun: server_profiles: - - cv-pathfinder-pathfinder-MPLS-0 + - cv-pathfinder-pathfinder-MPLS-Ethernet2 dynamic_peers: enabled: true static_peers: @@ -182,11 +182,11 @@ router_path_selection: stun: client: server_profiles: - - name: cv-pathfinder-pathfinder-INET-0 + - name: cv-pathfinder-pathfinder-INET-Ethernet1 ip_address: 10.7.7.7/31 - - name: cv-pathfinder-pathfinder-INET-1 + - name: cv-pathfinder-pathfinder-INET-Ethernet3 ip_address: 10.9.9.9/31 - - name: cv-pathfinder-pathfinder-MPLS-0 + - name: cv-pathfinder-pathfinder-MPLS-Ethernet2 ip_address: 172.16.0.1/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index f98441807fb..6f80cf1896c 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -412,12 +412,12 @@ def _wan_route_servers(self) -> dict: return wan_route_servers - def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: str, id: int | None = None) -> str: + def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: str, interface_name: str | None = None) -> str: """ Return a string to use as the name of the stun server_profile """ name = f"{wan_route_server_name}-{path_group_name}" - return f"{name}-{id}" if id is not None else name + return f"{name}-{interface_name}" if interface_name is not None else name def _should_connect_to_wan_rs(self, path_groups: list) -> bool: """ @@ -465,9 +465,9 @@ def _stun_server_profiles(self) -> list: for path_group in data.get("wan_path_groups", []): stun_server_profiles.setdefault(path_group["name"], []).extend( { - "name": self._stun_server_profile_name(wan_route_server, path_group["name"], index), + "name": self._stun_server_profile_name(wan_route_server, path_group["name"], get(interface_dict, "name", required=True)), "ip_address": get(interface_dict, "ip_address", required=True), } - for index, interface_dict in enumerate(get(path_group, "interfaces", required=True)) + for interface_dict in get(path_group, "interfaces", required=True) ) return stun_server_profiles From 26828c275ad29835e77f71e6da0a277f5ada635a Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 10:22:51 +0100 Subject: [PATCH 26/31] Refactor: Change orders for stun server-profiles names --- .../intended/configs/autovpn-edge.cfg | 6 +++--- .../intended/configs/cv-pathfinder-edge.cfg | 6 +++--- .../intended/configs/cv-pathfinder-transit.cfg | 10 +++++----- .../intended/structured_configs/autovpn-edge.yml | 8 ++++---- .../structured_configs/cv-pathfinder-edge.yml | 8 ++++---- .../structured_configs/cv-pathfinder-transit.yml | 12 ++++++------ .../eos_designs/python_modules/overlay/utils.py | 2 +- 7 files changed, 26 insertions(+), 26 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 803decdfc62..54eb982d838 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -14,7 +14,7 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 - stun server-profile autovpn-rr1-INET-Ethernet1 autovpn-rr2-INET-Ethernet1 + stun server-profile INET-autovpn-rr1-Ethernet1 INET-autovpn-rr2-Ethernet1 ! peer dynamic ! @@ -125,9 +125,9 @@ management api http-commands ! stun client - server-profile autovpn-rr1-INET-Ethernet1 + server-profile INET-autovpn-rr1-Ethernet1 ip address 10.7.7.7/31 - server-profile autovpn-rr2-INET-Ethernet1 + server-profile INET-autovpn-rr2-Ethernet1 ip address 10.8.8.8/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index fd7c7893db5..cafa1387aa1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -23,7 +23,7 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-Ethernet1 cv-pathfinder-pathfinder-INET-Ethernet3 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 ! peer dynamic ! @@ -167,9 +167,9 @@ management api http-commands ! stun client - server-profile cv-pathfinder-pathfinder-INET-Ethernet1 + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 ip address 10.7.7.7/31 - server-profile cv-pathfinder-pathfinder-INET-Ethernet3 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 ip address 10.9.9.9/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 65b75d39821..dceddc97272 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -23,7 +23,7 @@ router path-selection ipsec profile CP-PROFILE ! local interface Ethernet1 - stun server-profile cv-pathfinder-pathfinder-INET-Ethernet1 cv-pathfinder-pathfinder-INET-Ethernet3 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 ! peer dynamic ! @@ -35,7 +35,7 @@ router path-selection path-group MPLS id 100 ! local interface Ethernet2 - stun server-profile cv-pathfinder-pathfinder-MPLS-Ethernet2 + stun server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 ! peer dynamic ! @@ -172,11 +172,11 @@ management api http-commands ! stun client - server-profile cv-pathfinder-pathfinder-INET-Ethernet1 + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 ip address 10.7.7.7/31 - server-profile cv-pathfinder-pathfinder-INET-Ethernet3 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 ip address 10.9.9.9/31 - server-profile cv-pathfinder-pathfinder-MPLS-Ethernet2 + server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 ip address 172.16.0.1/31 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index 06c06f48e4f..e7babc0d0a3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -99,8 +99,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - autovpn-rr1-INET-Ethernet1 - - autovpn-rr2-INET-Ethernet1 + - INET-autovpn-rr1-Ethernet1 + - INET-autovpn-rr2-Ethernet1 dynamic_peers: enabled: true static_peers: @@ -127,9 +127,9 @@ router_path_selection: stun: client: server_profiles: - - name: autovpn-rr1-INET-Ethernet1 + - name: INET-autovpn-rr1-Ethernet1 ip_address: 10.7.7.7/31 - - name: autovpn-rr2-INET-Ethernet1 + - name: INET-autovpn-rr2-Ethernet1 ip_address: 10.8.8.8/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index bdc94ad6c85..c3ed95309ff 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -149,8 +149,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - cv-pathfinder-pathfinder-INET-Ethernet1 - - cv-pathfinder-pathfinder-INET-Ethernet3 + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 dynamic_peers: enabled: true static_peers: @@ -174,9 +174,9 @@ router_path_selection: stun: client: server_profiles: - - name: cv-pathfinder-pathfinder-INET-Ethernet1 + - name: INET-cv-pathfinder-pathfinder-Ethernet1 ip_address: 10.7.7.7/31 - - name: cv-pathfinder-pathfinder-INET-Ethernet3 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index b23f1bc29cc..63802625039 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -149,8 +149,8 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - cv-pathfinder-pathfinder-INET-Ethernet1 - - cv-pathfinder-pathfinder-INET-Ethernet3 + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 dynamic_peers: enabled: true static_peers: @@ -166,7 +166,7 @@ router_path_selection: - name: Ethernet2 stun: server_profiles: - - cv-pathfinder-pathfinder-MPLS-Ethernet2 + - MPLS-cv-pathfinder-pathfinder-Ethernet2 dynamic_peers: enabled: true static_peers: @@ -182,11 +182,11 @@ router_path_selection: stun: client: server_profiles: - - name: cv-pathfinder-pathfinder-INET-Ethernet1 + - name: INET-cv-pathfinder-pathfinder-Ethernet1 ip_address: 10.7.7.7/31 - - name: cv-pathfinder-pathfinder-INET-Ethernet3 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9/31 - - name: cv-pathfinder-pathfinder-MPLS-Ethernet2 + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 ip_address: 172.16.0.1/31 ethernet_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 6f80cf1896c..4ebe4c40425 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -416,7 +416,7 @@ def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: """ Return a string to use as the name of the stun server_profile """ - name = f"{wan_route_server_name}-{path_group_name}" + name = f"{path_group_name}-{wan_route_server_name}" return f"{name}-{interface_name}" if interface_name is not None else name def _should_connect_to_wan_rs(self, path_groups: list) -> bool: From e804df32a389fc96bf049a2acb266a0e3f25b68d Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 10:32:51 +0100 Subject: [PATCH 27/31] Refactor: Simon says be idempotent --- .../plugins/plugin_utils/eos_designs_facts/wan.py | 2 +- .../l3_edge_l3_interfaces.py | 2 +- .../core_interfaces_and_l3_edge/static_routes.py | 2 +- .../overlay/router_path_selection.py | 14 ++++++++------ .../schema_fragments/wan_carriers.schema.yml | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index 58b6e90be0e..9243170870e 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Arista Networks, Inc. +# Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. from __future__ import annotations diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py index 3cc0f3357a9..a51b14804d2 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/l3_edge_l3_interfaces.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Arista Networks, Inc. +# Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. from __future__ import annotations diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py index 75eb93d7914..9fdcda2ca7e 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Arista Networks, Inc. +# Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. from __future__ import annotations diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 614d52c2aa8..2e673d812f8 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -70,15 +70,17 @@ def _get_path_groups(self) -> list: pass # implement LAN_HA here - return natural_sort(path_groups, "name") + return path_groups def _get_load_balance_policies(self, path_groups: dict) -> dict | None: """ """ - # TODO for now a default load balance policy with all path-groups. - load_balance_policies = [] - unique_pg = set(pg.get("name") for pg in path_groups) - load_balance_policies.append({"name": "LBPOLICY", "path_groups": [{"name": pg_name} for pg_name in unique_pg]}) - return load_balance_policies + unique_path_groups = natural_sort({path_group.get("name") for path_group in path_groups}, "name") + return [ + { + "name": "LBPOLICY", + "path_groups": [{"name": pg_name} for pg_name in unique_path_groups], + } + ] def _get_policies(self) -> list | None: """ diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml index b0e2e45e265..7b823832bb5 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_carriers.schema.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Arista Networks, Inc. +# Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. # yaml-language-server: $schema=../../../../plugins/plugin_utils/schema/avd_meta_schema.json From 50a9560b541e088a93fa808f9e2a198d1309b095 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 3 Jan 2024 14:37:44 +0100 Subject: [PATCH 28/31] Refactor: Simplify stun server profile names --- .../avd/roles/eos_designs/python_modules/overlay/utils.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index 4ebe4c40425..dde73e194cf 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -412,12 +412,11 @@ def _wan_route_servers(self) -> dict: return wan_route_servers - def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: str, interface_name: str | None = None) -> str: + def _stun_server_profile_name(self, wan_route_server_name: str, path_group_name: str, interface_name: str) -> str: """ Return a string to use as the name of the stun server_profile """ - name = f"{path_group_name}-{wan_route_server_name}" - return f"{name}-{interface_name}" if interface_name is not None else name + return f"{path_group_name}-{wan_route_server_name}-{interface_name}" def _should_connect_to_wan_rs(self, path_groups: list) -> bool: """ From 703afd1054dca9d5d00eb04a41b1059f4f810265 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 4 Jan 2024 15:46:13 +0100 Subject: [PATCH 29/31] Refactor: Address PR comments --- .../intended/configs/autovpn-edge.cfg | 4 ++-- .../intended/configs/cv-pathfinder-edge.cfg | 4 ++-- .../intended/configs/cv-pathfinder-transit.cfg | 6 +++--- .../intended/structured_configs/autovpn-edge.yml | 4 ++-- .../structured_configs/cv-pathfinder-edge.yml | 4 ++-- .../structured_configs/cv-pathfinder-transit.yml | 6 +++--- .../roles/eos_designs/docs/tables/core-interfaces.md | 8 ++++---- .../avd/roles/eos_designs/docs/tables/l3-edge.md | 8 ++++---- .../roles/eos_designs/docs/tables/wan-path-groups.md | 6 +++--- .../roles/eos_designs/python_modules/overlay/utils.py | 2 +- .../eos_designs/schemas/eos_designs.jsonschema.json | 11 ++++++----- .../roles/eos_designs/schemas/eos_designs.schema.yml | 7 ++++--- .../defs_l3_edge_l3_interfaces.schema.yml | 2 +- .../schema_fragments/wan_path_groups.schema.yml | 3 ++- 14 files changed, 39 insertions(+), 36 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 54eb982d838..f7d71815f9a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -126,8 +126,8 @@ management api http-commands stun client server-profile INET-autovpn-rr1-Ethernet1 - ip address 10.7.7.7/31 + ip address 10.7.7.7 server-profile INET-autovpn-rr2-Ethernet1 - ip address 10.8.8.8/31 + ip address 10.8.8.8 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index cafa1387aa1..3cc0db26012 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -168,8 +168,8 @@ management api http-commands stun client server-profile INET-cv-pathfinder-pathfinder-Ethernet1 - ip address 10.7.7.7/31 + ip address 10.7.7.7 server-profile INET-cv-pathfinder-pathfinder-Ethernet3 - ip address 10.9.9.9/31 + ip address 10.9.9.9 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index dceddc97272..7d1e5dba3a1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -173,10 +173,10 @@ management api http-commands stun client server-profile INET-cv-pathfinder-pathfinder-Ethernet1 - ip address 10.7.7.7/31 + ip address 10.7.7.7 server-profile INET-cv-pathfinder-pathfinder-Ethernet3 - ip address 10.9.9.9/31 + ip address 10.9.9.9 server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 - ip address 172.16.0.1/31 + ip address 172.16.0.1 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index e7babc0d0a3..379a0f688a7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -128,9 +128,9 @@ stun: client: server_profiles: - name: INET-autovpn-rr1-Ethernet1 - ip_address: 10.7.7.7/31 + ip_address: 10.7.7.7 - name: INET-autovpn-rr2-Ethernet1 - ip_address: 10.8.8.8/31 + ip_address: 10.8.8.8 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index c3ed95309ff..3b3decc3bb5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -175,9 +175,9 @@ stun: client: server_profiles: - name: INET-cv-pathfinder-pathfinder-Ethernet1 - ip_address: 10.7.7.7/31 + ip_address: 10.7.7.7 - name: INET-cv-pathfinder-pathfinder-Ethernet3 - ip_address: 10.9.9.9/31 + ip_address: 10.9.9.9 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 63802625039..2dfaa7a835d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -183,11 +183,11 @@ stun: client: server_profiles: - name: INET-cv-pathfinder-pathfinder-Ethernet1 - ip_address: 10.7.7.7/31 + ip_address: 10.7.7.7 - name: INET-cv-pathfinder-pathfinder-Ethernet3 - ip_address: 10.9.9.9/31 + ip_address: 10.9.9.9 - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 - ip_address: 172.16.0.1/31 + ip_address: 172.16.0.1 ethernet_interfaces: - name: Ethernet1 peer_type: l3_interface diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md index 3acc6c086a2..0f37749fa21 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md @@ -102,7 +102,7 @@ | [      speed](## "core_interfaces.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -117,7 +117,7 @@ | [      speed](## "core_interfaces.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -379,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -426,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md index fbe52eabd3e..dfb4a1a97d4 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md @@ -102,7 +102,7 @@ | [      speed](## "l3_edge.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -117,7 +117,7 @@ | [      speed](## "l3_edge.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -379,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -426,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md index 58031689e1d..f274cbfcde4 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md @@ -11,7 +11,7 @@ | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | | [    id](## "wan_path_groups.[].id") | Integer | Required | | | Path-group id.

TODO: Required until an auto ID algorithm is implemented. | | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | - | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | | | Flag to configure IPsec on the path_group (default is True). | + | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | `True` | | Flag to configure IPsec on the path-group. | | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | | [      - remote](## "wan_path_groups.[].import_path_groups.[].remote") | String | | | | Remote path-group to import. | | [        local](## "wan_path_groups.[].import_path_groups.[].local") | String | | | | Optional, if not set, the path-group `name` is used as local. | @@ -34,8 +34,8 @@ # Additional information about the path-group for documentation purposes. description: - # Flag to configure IPsec on the path_group (default is True). - ipsec: + # Flag to configure IPsec on the path-group. + ipsec: # List of [ath-groups to import in this path-group. import_path_groups: diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py index dde73e194cf..bbc19ac0a59 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/utils.py @@ -465,7 +465,7 @@ def _stun_server_profiles(self) -> list: stun_server_profiles.setdefault(path_group["name"], []).extend( { "name": self._stun_server_profile_name(wan_route_server, path_group["name"], get(interface_dict, "name", required=True)), - "ip_address": get(interface_dict, "ip_address", required=True), + "ip_address": get(interface_dict, "ip_address", required=True).split("/")[0], } for interface_dict in get(path_group, "interfaces", required=True) ) diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index f902d8a73a7..cd6e4e9b8ae 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3261,7 +3261,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -5938,7 +5938,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -10037,7 +10037,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -12714,7 +12714,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -31117,7 +31117,8 @@ }, "ipsec": { "type": "boolean", - "description": "Flag to configure IPsec on the path_group (default is True).", + "description": "Flag to configure IPsec on the path-group.", + "default": true, "title": "Ipsec" }, "import_path_groups": { diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index f7ea9dc98b7..9509a2849dc 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3329,7 +3329,8 @@ keys: purposes. ipsec: type: bool - description: Flag to configure IPsec on the path_group (default is True). + description: Flag to configure IPsec on the path-group. + default: true import_path_groups: type: list description: List of [ath-groups to import in this path-group. @@ -4257,8 +4258,8 @@ $defs: description: The peer device interface. Used for description and documentation peer_ip: type: str - description: The peer device IP/Mask. Used as default route gateway is `set_default_route` - is true and `ip` is an IP address. + description: The peer device IPv4 address/Mask. Used as default route gateway + if `set_default_route` is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index 605edc8f7e9..1f554d30ba1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -50,7 +50,7 @@ $defs: peer_ip: type: str description: |- - The peer device IP/Mask. Used as default route gateway is `set_default_route` is true and `ip` is an IP address. + The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml index 70cdad893f2..b417868cb89 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml @@ -32,7 +32,8 @@ keys: description: Additional information about the path-group for documentation purposes. ipsec: type: bool - description: Flag to configure IPsec on the path_group (default is True). + description: Flag to configure IPsec on the path-group. + default: true import_path_groups: type: list description: List of [ath-groups to import in this path-group. From 1908e950d7f813ace3950ac1d66b1b99ceb742ab Mon Sep 17 00:00:00 2001 From: gmuloc Date: Fri, 5 Jan 2024 09:52:11 +0100 Subject: [PATCH 30/31] Refactor: Address PR comments --- .../inventory/group_vars/AUTOVPN_TESTS.yml | 2 +- .../inventory/group_vars/CV_PATHFINDER_TESTS.yml | 6 +++--- .../inventory/host_vars/l3_edge_l3_interfaces.yml | 2 +- .../avd/roles/eos_designs/docs/tables/core-interfaces.md | 8 ++++---- .../arista/avd/roles/eos_designs/docs/tables/l3-edge.md | 8 ++++---- .../core_interfaces_and_l3_edge/static_routes.py | 2 +- .../roles/eos_designs/schemas/eos_designs.jsonschema.json | 8 ++++---- .../avd/roles/eos_designs/schemas/eos_designs.schema.yml | 4 ++-- .../defs_l3_edge_l3_interfaces.schema.yml | 2 +- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index f94ecab26af..16d6f90582f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -86,4 +86,4 @@ l3_edge: wan_circuit_id: 888 ip: 10.8.8.8/31 set_default_route: true - peer_ip: 10.8.8.9/31 + peer_ip: 10.8.8.9 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index f1867189ab4..0aeca6b4d97 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -90,7 +90,7 @@ wan_carriers: path_group: INET - name: ATT path_group: INET - - name: Bouygues Telecom + - name: Bouygues_Telecom path_group: INET - name: SFR path_group: INET @@ -130,11 +130,11 @@ l3_edge: ip: 172.16.6.6/31 - node: cv-pathfinder-pathfinder interface: Ethernet1 - wan_carrier: Bouygues Telecom + wan_carrier: Bouygues_Telecom wan_circuit_id: 777 set_default_route: true ip: 10.7.7.7/31 - peer_ip: 10.7.7.6/31 + peer_ip: 10.7.7.6 - node: cv-pathfinder-pathfinder interface: Ethernet2 wan_carrier: Colt diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml index ca2e01e3691..1e70cd5d658 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/l3_edge_l3_interfaces.yml @@ -26,7 +26,7 @@ l3_edge: set_default_route: true peer: peer1 peer_interface: eth1 - peer_ip: 192.168.1.3/31 + peer_ip: 192.168.1.3 profile: profile1 # DHCP default route - node: l3_edge_l3_interfaces diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md index 0f37749fa21..ac3b34b8e97 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/core-interfaces.md @@ -102,7 +102,7 @@ | [      speed](## "core_interfaces.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "core_interfaces.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -117,7 +117,7 @@ | [      speed](## "core_interfaces.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "core_interfaces.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "core_interfaces.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "core_interfaces.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "core_interfaces.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "core_interfaces.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "core_interfaces.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -379,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -426,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md index dfb4a1a97d4..bc036e24ade 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/l3-edge.md @@ -102,7 +102,7 @@ | [      speed](## "l3_edge.l3_interfaces_profiles.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "l3_edge.l3_interfaces_profiles.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces_profiles.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces_profiles.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces_profiles.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -117,7 +117,7 @@ | [      speed](## "l3_edge.l3_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. | | [      peer](## "l3_edge.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation | | [      peer_interface](## "l3_edge.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation | - | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | + | [      peer_ip](## "l3_edge.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | | [      qos_profile](## "l3_edge.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | | [      raw_eos_cli](## "l3_edge.l3_interfaces.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. | | [      structured_config](## "l3_edge.l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. | @@ -379,7 +379,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. @@ -426,7 +426,7 @@ # The peer device interface. Used for description and documentation peer_interface: - # The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + # The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. peer_ip: # QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py index 9fdcda2ca7e..6d9b2dc1c4b 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/core_interfaces_and_l3_edge/static_routes.py @@ -44,7 +44,7 @@ def static_routes(self) -> list[dict] | None: "peer_ip", required=True, org_key=f"Cannot set a default route for interface {l3_interface['interface']} because 'peer_ip' is missing", - ).split("/")[0] + ) static_route = { "destination_address_prefix": "0.0.0.0/0", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index cd6e4e9b8ae..42ebab9d4f2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -3261,7 +3261,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -5938,7 +5938,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -10037,7 +10037,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { @@ -12714,7 +12714,7 @@ }, "peer_ip": { "type": "string", - "description": "The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", + "description": "The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address.", "title": "Peer IP" }, "qos_profile": { diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 9509a2849dc..e9e25b687ce 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -4258,8 +4258,8 @@ $defs: description: The peer device interface. Used for description and documentation peer_ip: type: str - description: The peer device IPv4 address/Mask. Used as default route gateway - if `set_default_route` is true and `ip` is an IP address. + description: The peer device IPv4 address (no mask). Used as default route + gateway if `set_default_route` is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml index 1f554d30ba1..d1127873367 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_l3_edge_l3_interfaces.schema.yml @@ -50,7 +50,7 @@ $defs: peer_ip: type: str description: |- - The peer device IPv4 address/Mask. Used as default route gateway if `set_default_route` is true and `ip` is an IP address. + The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. qos_profile: type: str description: QOS service profile. From 39d08032cefa898825104658460ca90b100a230b Mon Sep 17 00:00:00 2001 From: gmuloc Date: Fri, 5 Jan 2024 10:42:11 +0100 Subject: [PATCH 31/31] Doc: Better description for wan_path_groups.ipsec --- .../avd/roles/eos_designs/docs/tables/wan-path-groups.md | 6 ++++-- .../roles/eos_designs/schemas/eos_designs.jsonschema.json | 2 +- .../avd/roles/eos_designs/schemas/eos_designs.schema.yml | 5 ++++- .../schemas/schema_fragments/wan_path_groups.schema.yml | 5 ++++- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md index f274cbfcde4..64d40ccddab 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-path-groups.md @@ -11,7 +11,7 @@ | [  - name](## "wan_path_groups.[].name") | String | Required, Unique | | | Path-group name. | | [    id](## "wan_path_groups.[].id") | Integer | Required | | | Path-group id.

TODO: Required until an auto ID algorithm is implemented. | | [    description](## "wan_path_groups.[].description") | String | | | | Additional information about the path-group for documentation purposes. | - | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | `True` | | Flag to configure IPsec on the path-group. | + | [    ipsec](## "wan_path_groups.[].ipsec") | Boolean | | `True` | | Flag to configure IPsec at the path-group level.

When set to `true`, IPsec is enabled for both the static and dynamic peers. | | [    import_path_groups](## "wan_path_groups.[].import_path_groups") | List, items: Dictionary | | | | List of [ath-groups to import in this path-group. | | [      - remote](## "wan_path_groups.[].import_path_groups.[].remote") | String | | | | Remote path-group to import. | | [        local](## "wan_path_groups.[].import_path_groups.[].local") | String | | | | Optional, if not set, the path-group `name` is used as local. | @@ -34,7 +34,9 @@ # Additional information about the path-group for documentation purposes. description: - # Flag to configure IPsec on the path-group. + # Flag to configure IPsec at the path-group level. + + # When set to `true`, IPsec is enabled for both the static and dynamic peers. ipsec: # List of [ath-groups to import in this path-group. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 42ebab9d4f2..1e6a8d8786d 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -31117,7 +31117,7 @@ }, "ipsec": { "type": "boolean", - "description": "Flag to configure IPsec on the path-group.", + "description": "Flag to configure IPsec at the path-group level.\n\nWhen set to `true`, IPsec is enabled for both the static and dynamic peers.", "default": true, "title": "Ipsec" }, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index e9e25b687ce..f24afcc9aae 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3329,7 +3329,10 @@ keys: purposes. ipsec: type: bool - description: Flag to configure IPsec on the path-group. + description: 'Flag to configure IPsec at the path-group level. + + + When set to `true`, IPsec is enabled for both the static and dynamic peers.' default: true import_path_groups: type: list diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml index b417868cb89..012fb99c4cb 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/wan_path_groups.schema.yml @@ -32,7 +32,10 @@ keys: description: Additional information about the path-group for documentation purposes. ipsec: type: bool - description: Flag to configure IPsec on the path-group. + description: |- + Flag to configure IPsec at the path-group level. + + When set to `true`, IPsec is enabled for both the static and dynamic peers. default: true import_path_groups: type: list