From e75766ba74a55da96a0865820a0cb5dd1b1807d3 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 25 Jan 2024 13:19:15 +0100 Subject: [PATCH 01/11] Feat(eos_designs): Add HA support for CV Pathfinder --- ...v-pathfinder-edge-no-common-path-group.cfg | 81 +++ .../intended/configs/cv-pathfinder-edge.cfg | 24 + .../intended/configs/cv-pathfinder-edge2.cfg | 367 ++++++++++++ .../intended/configs/cv-pathfinder-edge3.cfg | 363 ++++++++++++ .../intended/configs/cv-pathfinder-edge4.cfg | 164 ++++++ .../intended/configs/cv-pathfinder-edge5.cfg | 149 +++++ .../configs/cv-pathfinder-pathfinder.cfg | 11 + .../configs/cv-pathfinder-pathfinder1.cfg | 11 + .../configs/cv-pathfinder-pathfinder2.cfg | 11 + .../configs/cv-pathfinder-transit.cfg | 8 + .../configs/site-ha-enabled-leaf1.cfg | 192 ++++++ .../configs/site-ha-enabled-leaf2.cfg | 192 ++++++ ...v-pathfinder-edge-no-common-path-group.yml | 102 ++++ .../structured_configs/cv-pathfinder-edge.yml | 30 + .../cv-pathfinder-edge2.yml | 545 ++++++++++++++++++ .../cv-pathfinder-edge3.yml | 540 +++++++++++++++++ .../cv-pathfinder-edge4.yml | 231 ++++++++ .../cv-pathfinder-edge5.yml | 283 +++++++++ .../cv-pathfinder-pathfinder.yml | 41 ++ .../cv-pathfinder-pathfinder1.yml | 41 ++ .../cv-pathfinder-pathfinder2.yml | 41 ++ .../cv-pathfinder-transit.yml | 11 + .../site-ha-enabled-leaf1.yml | 270 +++++++++ .../site-ha-enabled-leaf2.yml | 270 +++++++++ .../group_vars/CV_PATHFINDER_TESTS.yml | 55 +- .../inventory/hosts.yml | 13 +- .../plugin_utils/eos_designs_facts/wan.py | 16 + .../eos_designs_shared_utils/overlay.py | 12 +- .../eos_designs_shared_utils/wan.py | 63 ++ .../docs/tables/fabric-settings.md | 5 +- .../eos_designs/docs/tables/node-type-keys.md | 4 +- .../tables/node-type-wan-configuration.md | 68 +++ .../avd/roles/eos_designs/docs/wan-preview.md | 24 +- .../python_modules/network_services/utils.py | 9 +- .../python_modules/overlay/ip_security.py | 8 +- .../overlay/router_path_selection.py | 63 +- .../python_modules/underlay/prefix_lists.py | 5 + .../python_modules/underlay/route_maps.py | 27 +- .../python_modules/underlay/router_bgp.py | 4 +- .../schemas/eos_designs.jsonschema.json | 4 +- .../schemas/eos_designs.schema.yml | 33 +- .../defs_node_type.schema.yml | 21 + .../defs_node_type_l3_interfaces.schema.yml | 2 +- .../underlay_routing_protocol.schema.yml | 2 + .../network-services-multicast-settings.md | 399 +++++++++++++ 45 files changed, 4757 insertions(+), 58 deletions(-) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml create mode 100644 python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index 8c057a6bc8f..764ed4ef440 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -125,6 +125,21 @@ vrf instance PROD ! ip security ! +<<<<<<< HEAD +<<<<<<< HEAD +======= +<<<<<<< HEAD +<<<<<<< HEAD +======= + ike policy DP-IKE-POLICY + local-id 192.168.142.2 + ! +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= +>>>>>>> 31932a7a6 (Refactor: IPsec profiles for HA using Data plane) +>>>>>>> ae9d0c096 (Refactor: IPsec profiles for HA using Data plane) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ike policy CP-IKE-POLICY local-id 192.168.142.2 ! @@ -172,7 +187,22 @@ interface Ethernet52 no shutdown mtu 9214 no switchport +<<<<<<< HEAD +<<<<<<< HEAD + flow tracker hardware WAN-FLOW-TRACKER +======= +<<<<<<< HEAD +<<<<<<< HEAD + flow tracker hardware WAN-FLOW-TRACKER +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= flow tracker hardware WAN-FLOW-TRACKER +>>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +======= + flow tracker hardware WAN-FLOW-TRACKER +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip address 172.17.0.3/31 ! interface Ethernet52.42 @@ -256,6 +286,10 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:511 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 + description Deny prefixes with our SoO set + match extcommunity ECL-EVPN-SOO +! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -272,6 +306,11 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN and mark them with SoO + match interface Ethernet52 + set extcommunity soo 192.168.42.2:511 additive +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.42.2:511 additive @@ -344,9 +383,30 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 +<<<<<<< HEAD +<<<<<<< HEAD neighbor 172.17.0.2 remote-as 65000 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT +======= +<<<<<<< HEAD +<<<<<<< HEAD + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT +>>>>>>> 06d11a15d (Feat: Align underlay routing protocols) +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +======= + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) redistribute connected ! vrf PROD @@ -354,9 +414,30 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 +<<<<<<< HEAD +<<<<<<< HEAD + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD +======= +<<<<<<< HEAD +<<<<<<< HEAD + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD +>>>>>>> 06d11a15d (Feat: Align underlay routing protocols) +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +======= neighbor 172.17.0.2 remote-as 65000 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) redistribute connected ! router traffic-engineering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 024f80a0aea..3fb0fe1c6ef 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -220,7 +220,22 @@ interface Ethernet52 no shutdown mtu 9214 no switchport +<<<<<<< HEAD +<<<<<<< HEAD flow tracker hardware WAN-FLOW-TRACKER +======= +<<<<<<< HEAD +<<<<<<< HEAD + flow tracker hardware WAN-FLOW-TRACKER +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= + flow tracker hardware WAN-FLOW-TRACKER +>>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +======= + flow tracker hardware WAN-FLOW-TRACKER +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip address 172.17.0.1/31 ! interface Ethernet52.42 @@ -311,6 +326,10 @@ ip prefix-list PL-STATIC-VRF-DEFAULT ip route 172.16.0.0/16 172.16.5.4 ip route 66.66.66.0/24 172.17.0.0 ! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 + description Deny prefixes with our SoO set + match extcommunity ECL-EVPN-SOO +! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -327,6 +346,11 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN and mark them with SoO + match interface Ethernet52 + set extcommunity soo 192.168.42.1:511 additive +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.42.1:511 additive diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg new file mode 100644 index 00000000000..6c2eb67743e --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg @@ -0,0 +1,367 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-edge2 +! +router path-selection + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + path-group LAN_HA id 65535 + ipsec profile DP-PROFILE + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.42.3 + name LAN_HA + ipv4 address 172.17.0.5 + ! + load-balance policy LBPOLICY + path-group INET + path-group LAN_HA +<<<<<<< HEAD +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 +======= + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group INET priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group INET priority 2 +>>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance MGMT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.42.2 + ! + ike policy CP-IKE-POLICY + local-id 192.168.42.2 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + tcp mss ceiling ipv4 1000 +! +interface Ethernet1 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +<<<<<<< HEAD +======= +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.5/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.5/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.5/31 +! +interface Ethernet53 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.7/31 +! +interface Ethernet53.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.7/31 +! +interface Ethernet53.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.7/31 +! +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.2/32 +! +interface Vxlan1 + description cv-pathfinder-edge2_VTEP + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vrf default vni 1 +! +ip routing +no ip routing vrf MGMT +<<<<<<< HEAD +======= +ip routing vrf PROD +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.42.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.0/16 eq 31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 + description Deny prefixes with our SoO set + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 + description Deny prefixes from WAN + match as-path ASPATH-WAN +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 +<<<<<<< HEAD + match interface Ethernet52 +======= + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN and mark them with SoO + match interface Ethernet52 + match interface Ethernet53 + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +<<<<<<< HEAD +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +>>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) +======= +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.42.2:423 additive +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.2 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 +<<<<<<< HEAD + neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.44.1 description cv-pathfinder-pathfinder +======= + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate +<<<<<<< HEAD +======= + ! + vrf default + rd 192.168.42.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.42.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.42.2 + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.42.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.42.2 + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1.42_vrf_PROD + redistribute connected +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg new file mode 100644 index 00000000000..fc8ef08982c --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg @@ -0,0 +1,363 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-edge3 +! +router path-selection + ! + path-group LAN_HA id 65535 + ipsec profile DP-PROFILE + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.42.2 + name LAN_HA + ipv4 address 172.17.0.3 + ! + path-group MPLS id 100 + ! + local interface Ethernet2 + stun server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 172.16.0.1 + ! +<<<<<<< HEAD + load-balance policy LBPOLICY +======= + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group LAN_HA + path-group MPLS priority 42 + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 +>>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) + path-group LAN_HA + path-group MPLS +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance MGMT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.42.3 + ! + ike policy CP-IKE-POLICY + local-id 192.168.42.3 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + tcp mss ceiling ipv4 1000 +! +interface Ethernet2 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.15.6.6/31 +! +<<<<<<< HEAD +======= +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.9/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.9/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.9/31 +! +interface Ethernet53 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.11/31 +! +interface Ethernet53.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.11/31 +! +interface Ethernet53.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.11/31 +! +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.3/32 +! +interface Vxlan1 + description cv-pathfinder-edge3_VTEP + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vrf default vni 1 +! +ip routing +no ip routing vrf MGMT +<<<<<<< HEAD +======= +ip routing vrf PROD +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.42.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.0/16 eq 31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 + description Deny prefixes with our SoO set + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 + description Deny prefixes from WAN + match as-path ASPATH-WAN +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 +<<<<<<< HEAD + match interface Ethernet52 +======= + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN and mark them with SoO + match interface Ethernet52 + match interface Ethernet53 + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +<<<<<<< HEAD +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +>>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) +======= +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.42.2:423 additive +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.3 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 +<<<<<<< HEAD + neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.44.1 description cv-pathfinder-pathfinder +======= + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate +<<<<<<< HEAD +======= + ! + vrf default + rd 192.168.42.3:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.42.3:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.42.3 + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.42.3:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.42.3 + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2.42_vrf_PROD + redistribute connected +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip address 172.16.0.1 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg new file mode 100644 index 00000000000..7ffd8a7e7da --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg @@ -0,0 +1,164 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname cv-pathfinder-edge4 +! +router path-selection + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.44.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + load-balance policy LBPOLICY + path-group INET +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site424 id 424 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance MGMT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.42.4 + ! + ike policy CP-IKE-POLICY + local-id 192.168.42.4 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + flow tracker hardware WAN-FLOW-TRACKER + tcp mss ceiling ipv4 1000 +! +interface Ethernet1 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.4/32 +! +interface Vxlan1 + description cv-pathfinder-edge4_VTEP + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vrf default vni 1 +! +ip routing +no ip routing vrf MGMT +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.4 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.44.1 description cv-pathfinder-pathfinder + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg new file mode 100644 index 00000000000..514bae17683 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg @@ -0,0 +1,149 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname cv-pathfinder-edge5 +! +router path-selection + ! + path-group MPLS id 100 + ! + local interface Ethernet2 + ! + peer dynamic + ! + load-balance policy LBPOLICY + path-group MPLS +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site424 id 424 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance MGMT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.42.5 + ! + ike policy CP-IKE-POLICY + local-id 192.168.42.5 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + flow tracker hardware WAN-FLOW-TRACKER + tcp mss ceiling ipv4 1000 +! +interface Ethernet2 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.14.2.4/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.5/32 +! +interface Vxlan1 + description cv-pathfinder-edge5_VTEP + vxlan source-interface Loopback0 + vxlan udp-port 4789 + vxlan vrf default vni 1 +! +ip routing +no ip routing vrf MGMT +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.5 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.44.1 description cv-pathfinder-pathfinder + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 3db6c6ddd92..e570e7a4064 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -114,6 +114,9 @@ router path-selection ! local interface Ethernet3 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -124,37 +127,45 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index ad7d201a57b..87cd1f7baa1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -120,6 +120,9 @@ router path-selection name cv-pathfinder-pathfinder2 ipv4 address 10.9.9.9 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -128,36 +131,44 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index 6852bc90ef4..d15b4856665 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -120,6 +120,9 @@ router path-selection name cv-pathfinder-pathfinder1 ipv4 address 10.8.8.8 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -134,37 +137,45 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 15212bfdfe5..43ffc9f3697 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -306,6 +306,10 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.43.0/24 eq 32 ! +route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 + description Deny prefixes with our SoO set + match extcommunity ECL-EVPN-SOO +! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -322,6 +326,10 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN and mark them with SoO + set extcommunity soo 192.168.43.1:422 additive +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.43.1:422 additive diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg new file mode 100644 index 00000000000..0f4ff67fb0b --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf1 +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.4/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.4/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.4/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.8/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.8/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.8/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.1/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.1/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf1_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.45.1 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.1:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.1:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.1:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.1:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.1 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52.100_vrf_IT + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.1:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.1 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52.42_vrf_PROD + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg new file mode 100644 index 00000000000..bdb2d8f347a --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf2 +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.6/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.6/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.6/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.10/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.10/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.10/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.2/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.2/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf2_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.45.2 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.2:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.2:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.2 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53.100_vrf_IT + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.2 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53.42_vrf_PROD + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 0b7d19a7b90..70059ce5913 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -118,6 +118,64 @@ router_bgp: receive: true send: any: true +<<<<<<< HEAD +<<<<<<< HEAD +======= +<<<<<<< HEAD +<<<<<<< HEAD +======= + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + router_id: 192.168.42.2 + rd: 192.168.42.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.2 + rd: 192.168.42.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= +>>>>>>> 06d11a15d (Feat: Align underlay routing protocols) +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) service_routing_protocols_model: multi-agent ip_routing: true transceiver_qsfp_default_mode_4x10: false @@ -146,8 +204,26 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.3/31 +<<<<<<< HEAD +<<<<<<< HEAD + flow_tracker: + hardware: WAN-FLOW-TRACKER +======= +<<<<<<< HEAD +<<<<<<< HEAD flow_tracker: hardware: WAN-FLOW-TRACKER +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= + flow_tracker: + hardware: WAN-FLOW-TRACKER +>>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +======= + flow_tracker: + hardware: WAN-FLOW-TRACKER +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: Ethernet52.100 peer: site-ha-disabled-leaf peer_interface: Ethernet2.100 @@ -205,6 +281,11 @@ route_maps: - extcommunity soo 192.168.42.2:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -227,6 +308,13 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN and mark them with SoO + match: + - interface Ethernet52 + set: + - extcommunity soo 192.168.42.2:511 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 @@ -268,6 +356,20 @@ ip_extcommunity_lists: extcommunities: soo 192.168.42.2:511 ip_security: ike_policies: +<<<<<<< HEAD +<<<<<<< HEAD +======= +<<<<<<< HEAD +<<<<<<< HEAD +======= + - name: DP-IKE-POLICY + local_id: 192.168.142.2 +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= +>>>>>>> 31932a7a6 (Refactor: IPsec profiles for HA using Data plane) +>>>>>>> ae9d0c096 (Refactor: IPsec profiles for HA using Data plane) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: CP-IKE-POLICY local_id: 192.168.142.2 sa_policies: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index f987f0faae8..49d06eb37d2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -156,8 +156,26 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.1/31 +<<<<<<< HEAD +<<<<<<< HEAD flow_tracker: hardware: WAN-FLOW-TRACKER +======= +<<<<<<< HEAD +<<<<<<< HEAD + flow_tracker: + hardware: WAN-FLOW-TRACKER +======= +>>>>>>> 5b5a79993 (Refactor: Address some PR comments) +======= + flow_tracker: + hardware: WAN-FLOW-TRACKER +>>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +======= + flow_tracker: + hardware: WAN-FLOW-TRACKER +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: Ethernet52.100 peer: site-ha-disabled-leaf peer_interface: Ethernet1.100 @@ -233,6 +251,11 @@ route_maps: - extcommunity soo 192.168.42.1:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -255,6 +278,13 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN and mark them with SoO + match: + - interface Ethernet52 + set: + - extcommunity soo 192.168.42.1:511 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml new file mode 100644 index 00000000000..13fa1b49fcf --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml @@ -0,0 +1,545 @@ +hostname: cv-pathfinder-edge2 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Loopback0 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf + description: site-ha-enabled-leaf_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf_Ethernet1.100_vrf_IT + rd: 192.168.42.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf_Ethernet1.42_vrf_PROD + rd: 192.168.42.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +<<<<<<< HEAD + neighbors: + - ip_address: 192.168.44.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder +======= +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +<<<<<<< HEAD +======= +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.5/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet53 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.7/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet53.100 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.7/31 +- name: Ethernet53.42 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.7/31 +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.2/32 +<<<<<<< HEAD +<<<<<<< HEAD +<<<<<<< HEAD +======= +======= +ip_extcommunity_lists: +- name: ECL-WAN-HA-SOO + entries: + - type: permit + extcommunities: soo 65000:423 +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +======= +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/16 eq 31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: deny + description: Deny prefixes from WAN + match: + - as-path ASPATH-WAN + - sequence: 30 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN and mark them with SoO + match: + - interface Ethernet52 +<<<<<<< HEAD +======= + - interface Ethernet53 + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: +<<<<<<< HEAD + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +>>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) +======= + - extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 +<<<<<<< HEAD +======= + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.2 + - name: CP-IKE-POLICY + local_id: 192.168.42.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site423 + id: 423 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.42.3 + name: LAN_HA + ipv4_addresses: + - 172.17.0.5 + ipsec_profile: DP-PROFILE + load_balance_policies: +<<<<<<< HEAD + - name: LBPOLICY + path_groups: + - name: INET + - name: LAN_HA +======= + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: INET + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET +router_traffic_engineering: + enabled: true +>>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 +dps_interfaces: +- name: Dps1 + description: DPS Interface +<<<<<<< HEAD + tcp_mss_ceiling: + ipv4: 1000 +======= + mtu: 9214 + ip_address: 192.168.142.2/32 +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge2_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback0 + vrfs: + - name: default + vni: 1 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 423-01 + cv_pathfinder: + role: edge + vtep_ip: 192.168.42.2 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site423 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: 423-01 + pathgroup: INET + pathfinders: + - vtep_ip: 192.168.44.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml new file mode 100644 index 00000000000..dc85f3d79c1 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml @@ -0,0 +1,540 @@ +hostname: cv-pathfinder-edge3 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.3 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Loopback0 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf + description: site-ha-enabled-leaf_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf_Ethernet2.100_vrf_IT + rd: 192.168.42.3:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf_Ethernet2.42_vrf_PROD + rd: 192.168.42.3:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.42.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +<<<<<<< HEAD + neighbors: + - ip_address: 192.168.44.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder +======= +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +<<<<<<< HEAD +======= +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.9/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.9/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.9/31 +- name: Ethernet53 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.11/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet53.100 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.11/31 +- name: Ethernet53.42 + peer: site-ha-enabled-leaf2 + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.11/31 +>>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.15.6.6/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.3/32 +<<<<<<< HEAD +<<<<<<< HEAD +<<<<<<< HEAD +======= +======= +ip_extcommunity_lists: +- name: ECL-WAN-HA-SOO + entries: + - type: permit + extcommunities: soo 65000:423 +>>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) +======= +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/16 eq 31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: deny + description: Deny prefixes from WAN + match: + - as-path ASPATH-WAN + - sequence: 30 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN and mark them with SoO + match: + - interface Ethernet52 +<<<<<<< HEAD +======= + - interface Ethernet53 + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: +<<<<<<< HEAD + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +>>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) +======= + - extcommunity ECL-EVPN-SOO +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 +<<<<<<< HEAD +======= + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.3 + - name: CP-IKE-POLICY + local_id: 192.168.42.3 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site423 + id: 423 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + stun: + server_profiles: + - MPLS-cv-pathfinder-pathfinder-Ethernet2 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.42.2 + name: LAN_HA + ipv4_addresses: + - 172.17.0.3 + ipsec_profile: DP-PROFILE + load_balance_policies: + - name: LBPOLICY + path_groups: +<<<<<<< HEAD + - name: LAN_HA + - name: MPLS +<<<<<<< HEAD +======= +======= +>>>>>>> 31f086422 (Refactor: Ordering) + - name: LAN_HA + - name: MPLS + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: MPLS + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: MPLS + priority: 42 +router_traffic_engineering: + enabled: true +>>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) +stun: + client: + server_profiles: + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip_address: 172.16.0.1 +dps_interfaces: +- name: Dps1 + description: DPS Interface +<<<<<<< HEAD + tcp_mss_ceiling: + ipv4: 1000 +======= + mtu: 9214 + ip_address: 192.168.142.3/32 +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge3_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback0 + vrfs: + - name: default + vni: 1 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10423' + cv_pathfinder: + role: edge + vtep_ip: 192.168.42.3 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site423 + interfaces: + - name: Ethernet2 + carrier: Colt + circuit_id: '10423' + pathgroup: MPLS + pathfinders: + - vtep_ip: 192.168.44.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml new file mode 100644 index 00000000000..424e13be947 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml @@ -0,0 +1,231 @@ +hostname: cv-pathfinder-edge4 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.4 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Loopback0 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true + neighbors: + - ip_address: 192.168.44.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.4/32 +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.4 + - name: CP-IKE-POLICY + local_id: 192.168.42.4 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site424 + id: 424 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.44.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + load_balance_policies: + - name: LBPOLICY + path_groups: + - name: INET +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 +dps_interfaces: +- name: Dps1 + description: DPS Interface + tcp_mss_ceiling: + ipv4: 1000 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge4_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback0 + vrfs: + - name: default + vni: 1 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site424 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 424-01 + cv_pathfinder: + role: edge + vtep_ip: 192.168.42.4 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site424 + interfaces: + - name: Ethernet1 + carrier: ATT + pathgroup: INET + pathfinders: + - vtep_ip: 192.168.44.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml new file mode 100644 index 00000000000..a96ca3e6191 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml @@ -0,0 +1,283 @@ +hostname: cv-pathfinder-edge5 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.5 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Loopback0 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true + neighbors: + - ip_address: 192.168.44.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.14.2.4/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.5/32 +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.5 + - name: CP-IKE-POLICY + local_id: 192.168.42.5 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site424 + id: 424 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + dynamic_peers: + enabled: true + load_balance_policies: + - name: LBPOLICY + path_groups: + - name: MPLS +<<<<<<< HEAD +======= + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: MPLS + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: MPLS + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: MPLS + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: MPLS + priority: 42 +router_traffic_engineering: + enabled: true +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.44.1/32 +>>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) +dps_interfaces: +- name: Dps1 + description: DPS Interface + tcp_mss_ceiling: + ipv4: 1000 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge5_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback0 + vrfs: + - name: default + vni: 1 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site424 + interface_tags: + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10424' + cv_pathfinder: + role: edge + vtep_ip: 192.168.42.5 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site424 + interfaces: + - name: Ethernet2 + carrier: Colt + pathgroup: MPLS + pathfinders: + - vtep_ip: 192.168.44.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 7acc88cf1cb..7017d2aab02 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -300,20 +300,26 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -321,26 +327,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -506,6 +517,16 @@ metadata: id: 423 location: address: Somewhere-warm +<<<<<<< HEAD +<<<<<<< HEAD +======= + - name: Site424 + id: 424 + location: + address: Somewhere-cold +>>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: @@ -521,6 +542,8 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -528,6 +551,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -535,6 +560,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -549,6 +576,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -556,6 +585,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -565,6 +596,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -575,6 +608,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -582,6 +617,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -594,6 +631,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -601,6 +640,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index d1ddd0a1567..75b3d4ce857 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -320,19 +320,25 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -340,26 +346,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -497,6 +508,16 @@ metadata: id: 423 location: address: Somewhere-warm +<<<<<<< HEAD +<<<<<<< HEAD +======= + - name: Site424 + id: 424 + location: + address: Somewhere-cold +>>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: @@ -512,11 +533,15 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -524,6 +549,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -538,6 +565,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -545,6 +574,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -554,6 +585,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -564,6 +597,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -571,6 +606,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -583,6 +620,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -590,6 +629,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 32ec4a94f1f..978a5867e19 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -334,20 +334,26 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -355,26 +361,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -526,6 +537,16 @@ metadata: id: 423 location: address: Somewhere-warm +<<<<<<< HEAD +<<<<<<< HEAD +======= + - name: Site424 + id: 424 + location: + address: Somewhere-cold +>>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) +======= +>>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: @@ -541,6 +562,8 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -548,6 +571,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -555,6 +580,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -569,6 +596,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -576,6 +605,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -585,6 +616,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -595,6 +628,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -602,6 +637,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -614,6 +651,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -621,6 +660,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 9a3a9a45535..62b665f597d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -199,6 +199,11 @@ route_maps: - extcommunity soo 192.168.43.1:422 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -221,6 +226,12 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN and mark them with SoO + match: [] + set: + - extcommunity soo 192.168.43.1:422 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml new file mode 100644 index 00000000000..0b02c222724 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf1 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.45.1 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2 + description: cv-pathfinder-edge2_Ethernet52 + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge3 + description: cv-pathfinder-edge3_Ethernet52 + vrfs: + - name: IT + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet52.100_vrf_IT + rd: 192.168.45.1:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + rd: 192.168.45.1:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.1:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.1:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.4/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet2 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.8/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.8/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.8/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.1/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.1/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf1_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml new file mode 100644 index 00000000000..f59c2bd8427 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf2 +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.45.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2 + description: cv-pathfinder-edge2_Ethernet53 + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge3 + description: cv-pathfinder-edge3_Ethernet53 + vrfs: + - name: IT + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet53.100_vrf_IT + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet53.100_vrf_IT + rd: 192.168.45.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet53.42_vrf_PROD + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet53.42_vrf_PROD + rd: 192.168.45.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.2:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.2:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.6/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet2 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.10/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.10/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.10/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.2/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.2/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf2_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 2ce0d52cf49..9337f2fca14 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -68,25 +68,9 @@ wan_edge: uplink_interfaces: [ Ethernet52 ] cv_pathfinder_region: AVD_Land_East cv_pathfinder_site: Site511 - id: 1 - l3_interfaces: - - name: Ethernet1 - wan_carrier: ATT - wan_circuit_id: 666 - dhcp_accept_default_route: true - ip_address: dhcp - - name: Ethernet2 - wan_carrier: Colt - wan_circuit_id: 10555 - ip_address: 172.15.5.5/31 - - name: Ethernet3 - wan_carrier: Comcast-5G - wan_circuit_id: AF830 - ip_address: 172.20.20.20/31 - connected_to_pathfinder: False - # Disabling HA - TODO once implemented, for now it is disabled by default - # wan_ha: - # enabled: False + # Disabling HA + wan_ha: + enabled: False nodes: - name: cv-pathfinder-edge id: 1 @@ -118,6 +102,31 @@ wan_edge: wan_circuit_id: S511 dhcp_accept_default_route: true ip_address: dhcp + - group: Site423 + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site423 + uplink_type: p2p-vrfs + uplink_switches: [ site-ha-enabled-leaf ] + uplink_interfaces: [ Ethernet52 ] + # Manual HA disable to try it out.. + # wan_ha: + # ipsec: false + nodes: + - name: cv-pathfinder-edge2 + id: 2 + l3_interfaces: + - name: Ethernet1 + wan_carrier: ATT + wan_circuit_id: 423-01 + dhcp_accept_default_route: true + ip_address: dhcp + - name: cv-pathfinder-edge3 + id: 3 + l3_interfaces: + - name: Ethernet2 + wan_carrier: Colt + wan_circuit_id: 10423 + ip_address: 172.15.6.6/31 # Fake DC1 l3leaf: @@ -130,10 +139,10 @@ l3leaf: always_include_vrfs_in_tenants: [TenantA] nodes: # Used for HA in HA PR - #- name: site-ha-enabled-leaf1 - # id: 1 - #- name: site-ha-enabled-leaf2 - # id: 2 + - name: site-ha-enabled-leaf1 + id: 1 + - name: site-ha-enabled-leaf2 + id: 2 - name: site-ha-disabled-leaf id: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index eff19b32db9..aabf371c89e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -293,13 +293,12 @@ all: hosts: cv-pathfinder-transit: children: - # TODO HA PR - #SITE_HA_ENABLED: - # hosts: - # cv-pathfinder-edge2: - # cv-pathfinder-edge3: - # site-ha-enabled-leaf1: - # site-ha-enabled-leaf2: + SITE_HA_ENABLED: + hosts: + cv-pathfinder-edge2: + cv-pathfinder-edge3: + site-ha-enabled-leaf1: + site-ha-enabled-leaf2: SITE_HA_DISABLED: hosts: cv-pathfinder-edge: diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index 684fa81d8e4..b38ace80d2e 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -30,3 +30,19 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None: return None return self.shared_utils.wan_local_path_groups + + @cached_property + def wan_ha_interfaces(self: EosDesignsFacts) -> str | None: + return self.shared_utils.wan_ha_interfaces if self.shared_utils.wan_ha else None + + @cached_property + def wan_ha_peer(self: EosDesignsFacts) -> str | None: + return self.shared_utils.wan_ha_peer if self.shared_utils.wan_ha else None + + @cached_property + def wan_ha_router_id(self: EosDesignsFacts) -> str | None: + return self.shared_utils.wan_ha_router_id if self.shared_utils.wan_ha else None + + @cached_property + def wan_ha_ip_addresses(self: EosDesignsFacts) -> list | None: + return self.shared_utils.wan_ha_ip_addresses if self.shared_utils.wan_ha else None diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py index 509de8788e0..22fce188209 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py @@ -142,13 +142,19 @@ def evpn_soo(self: SharedUtils) -> str: - For WAN routers this is : - Otherwise this is :1 - TODO: Implement HA logic for WAN TODO: Reconsider if suffix should just be :1 for all WAN routers. """ if self.is_wan_router: - if self.is_cv_pathfinder_edge_or_transit: + # for Pathfinder, no HA, no Site ID + if not self.is_cv_pathfinder_edge_or_transit: + return f"{self.router_id}:0" + if not self.wan_ha: return f"{self.router_id}:{self.wan_site['id']}" - return f"{self.router_id}:0" + if self.is_first_ha_peer: + return f"{self.router_id}:{self.wan_site['id']}" + else: + peer_fact = self.get_peer_facts(self.wan_ha_peer, required=True) + return f"{peer_fact['router_id']}:{self.wan_site['id']}" if self.overlay_vtep: return f"{self.vtep_ip}:1" diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index c3bf299a24f..e2700bf8658 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -375,3 +375,66 @@ def is_cv_pathfinder_edge_or_transit(self: SharedUtils) -> bool: Return True is the current wan_mode is cv-pathfinder and the device is either an edge or a transit device """ return self.wan_mode == "cv-pathfinder" and self.cv_pathfinder_role in ["edge", "transit region"] + + @cached_property + def wan_ha(self: SharedUtils) -> bool: + """ + Only trigger HA if 2 devices are in the same group and wan_ha.enabled is true + """ + if self.cv_pathfinder_role in [None, "pathfinder"]: + return False + return get(self.switch_data_combined, "wan_ha.enabled", default=True) and len(self.switch_data_node_group_nodes) == 2 + + @cached_property + def wan_ha_path_group_name(self) -> str: + """ + Return HA path group name for the WAN design. + + TODO make this configurable + """ + return "LAN_HA" + + @cached_property + def wan_ha_interfaces(self: SharedUtils) -> list: + """ + Return the list of WAN HA interfaces + For now only picking up uplink interfaces in VRF default on the router. + """ + # TODO probably does not need the whole uplink + return [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + + @cached_property + def wan_ha_peer_interfaces(self: SharedUtils) -> str: + return self.get_wan_peer_fact("wan_ha_interfaces") + + @cached_property + def wan_ha_interfaces(self) -> list: + """ + Return list of interfaces for HA + + TODO: Used in overlay only for now see if needs to be changed + """ + return [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + + @cached_property + def is_first_ha_peer(self) -> bool: + """ + Returns True if the device is the first device in the node_group, + false otherwise. + + This should be called only from functions which have checked that HA is enabled. + """ + return self.switch_data_node_group_nodes[0]["name"] == self.hostname + + @cached_property + def wan_ha_peer(self: SharedUtils) -> str | None: + """ + Return the name of the WAN HA peer. + """ + if not self.wan_ha: + return None + if self.is_first_ha_peer: + return self.switch_data_node_group_nodes[1]["name"] + elif self.switch_data_node_group_nodes[1]["name"] == self.hostname: + return self.switch_data_node_group_nodes[0]["name"] + raise AristaAvdError("Unable to find WAN HA peer within same node group") diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md index bab26d8affb..b69108d5774 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md @@ -36,7 +36,7 @@ | [      - <str>](## "underlay_multicast_rps.[].groups.[]") | String | | | | Multicast Group IPv4 prefix/mask. | | [    access_list_name](## "underlay_multicast_rps.[].access_list_name") | String | | | | Name of standard Access-List.
| | [underlay_rfc5549](## "underlay_rfc5549") | Boolean | | `False` | | Point to Point Underlay with RFC 5549(eBGP), i.e. IPv6 Unnumbered.
Requires "underlay_routing_protocol: ebgp".
| - | [underlay_routing_protocol](## "underlay_routing_protocol") | String | | | Value is converted to lower case.
Valid Values:
- ebgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | - The following underlay routing protocols are supported:
- EBGP (default for l3ls-evpn)
- OSPF.
- OSPF-LDP*.
- ISIS.
- ISIS-SR*.
- ISIS-LDP*.
- ISIS-SR-LDP*.
- No underlay routing protocol (none)
- The variables should be applied to all devices in the fabric.
*Only supported with core_interfaces data model.
| + | [underlay_routing_protocol](## "underlay_routing_protocol") | String | | | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | - The following underlay routing protocols are supported:
- EBGP (default for l3ls-evpn)
- IBGP
- OSPF.
- OSPF-LDP*.
- ISIS.
- ISIS-SR*.
- ISIS-LDP*.
- ISIS-SR-LDP*.
- No underlay routing protocol (none)
- The variables should be applied to all devices in the fabric.
*Only supported with core_interfaces data model.
| | [uplink_ptp](## "uplink_ptp") | Dictionary | | | | Enable PTP on all infrastructure links. | | [  enable](## "uplink_ptp.enable") | Boolean | | `False` | | | @@ -163,6 +163,7 @@ # - The following underlay routing protocols are supported: # - EBGP (default for l3ls-evpn) + # - IBGP # - OSPF. # - OSPF-LDP*. # - ISIS. @@ -172,7 +173,7 @@ # - No underlay routing protocol (none) # - The variables should be applied to all devices in the fabric. # *Only supported with core_interfaces data model. - underlay_routing_protocol: + underlay_routing_protocol: # Enable PTP on all infrastructure links. uplink_ptp: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md index 5d3525dca09..6442462ce1f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md @@ -13,7 +13,7 @@ | [    connected_endpoints](## "node_type_keys.[].connected_endpoints") | Boolean | | `False` | | Are endpoints connected to this node type. | | [    default_evpn_role](## "node_type_keys.[].default_evpn_role") | String | | `none` | Valid Values:
- none
- client
- server | Default evpn_role. Can be overridden in topology vars. | | [    default_ptp_priority1](## "node_type_keys.[].default_ptp_priority1") | Integer | | `127` | Min: 0
Max: 255 | Default PTP priority 1 | - | [    default_underlay_routing_protocol](## "node_type_keys.[].default_underlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | Set the default underlay routing_protocol.
Can be overridden by setting "underlay_routing_protocol" host/group_vars.
| + | [    default_underlay_routing_protocol](## "node_type_keys.[].default_underlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | Set the default underlay routing_protocol.
Can be overridden by setting "underlay_routing_protocol" host/group_vars.
| | [    default_overlay_routing_protocol](## "node_type_keys.[].default_overlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- her
- cvx
- none | Set the default overlay routing_protocol.
Can be overridden by setting "overlay_routing_protocol" host/group_vars.
| | [    default_mpls_overlay_role](## "node_type_keys.[].default_mpls_overlay_role") | String | | | Valid Values:
- client
- server
- none | Set the default mpls overlay role.
Acting role in overlay control plane.
| | [    default_overlay_address_families](## "node_type_keys.[].default_overlay_address_families") | List, items: String | | | | Set the default overlay address families.
| @@ -79,7 +79,7 @@ # Set the default underlay routing_protocol. # Can be overridden by setting "underlay_routing_protocol" host/group_vars. - default_underlay_routing_protocol: + default_underlay_routing_protocol: # Set the default overlay routing_protocol. # Can be overridden by setting "overlay_routing_protocol" host/group_vars. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md index ab49180a4e6..7be22a86bef 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md @@ -13,6 +13,9 @@ | [    cv_pathfinder_role](## ".defaults.cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [    cv_pathfinder_region](## ".defaults.cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [    cv_pathfinder_site](## ".defaults.cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [    wan_ha](## ".defaults.wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [      enabled](## ".defaults.wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [      ipsec](## ".defaults.wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [    dps_mss_ipv4](## ".defaults.dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  node_groups](## ".node_groups") | List, items: Dictionary | | | | Define variables related to all nodes part of this group. | | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| @@ -22,11 +25,17 @@ | [          cv_pathfinder_role](## ".node_groups.[].nodes.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [          cv_pathfinder_region](## ".node_groups.[].nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [          cv_pathfinder_site](## ".node_groups.[].nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [          wan_ha](## ".node_groups.[].nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [            enabled](## ".node_groups.[].nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [            ipsec](## ".node_groups.[].nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [          dps_mss_ipv4](## ".node_groups.[].nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [      wan_role](## ".node_groups.[].wan_role") | String | | | Valid Values:
- client
- server | PREVIEW: This key is currently not supported
Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [      cv_pathfinder_role](## ".node_groups.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [      cv_pathfinder_region](## ".node_groups.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".node_groups.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [      wan_ha](## ".node_groups.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [        enabled](## ".node_groups.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [        ipsec](## ".node_groups.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".node_groups.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | @@ -34,6 +43,9 @@ | [      cv_pathfinder_role](## ".nodes.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [      cv_pathfinder_region](## ".nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [      wan_ha](## ".nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [        enabled](## ".nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [        ipsec](## ".nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | === "YAML" @@ -76,6 +88,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -124,6 +150,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -159,6 +199,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -200,6 +254,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index c3700dc5e9c..ac79d3470cd 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -75,7 +75,28 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co ###### HA -To Be Implemented. +for eBGP LAN routing protocol the following is done to enable HA: + +- the HA interface(s) is(are) the uplink interface(s). +- the HA interface(s) subnet(s) are redistributed in BGP via the `RM-CONN-2-BGP` route-map +- BGP underlay peer group is configured with `allowas-in 1` to be able to learn the HA peer uplink interface subnet coming with the same ASN via eBGP over the LAN. +- the Underlay peer group is configured with two route-maps + - one outbound route-map `RM-WAN-HA-SOO-OUT` to tag all the WAN received routes with the SOO `:` except the uplink interface subnet. + - one inbound route-map `RM-WAN-HA-SOO-IN` denying any route with the SOO. + +##### OSPF LAN HA + +- Configure `underlay_routing_protocol` to OSPF for both the WAN router and the uplink router. + +!!! warning + + In the current implementation, OSPF on LAN is not supported as there is no redistribution of route from OSPF to BGP and vice-versa implemented. + +###### HA + +The HA tunnel will come up properly today but route redistribution will be missing so it is not usable. + +- the HA interface(s) is(are) the uplink interface(s) which are automatically included in OSPF. ## Known limitations @@ -102,6 +123,7 @@ To Be Implemented. - Path-group ID is currently required under `wan_path_groups` until an algorithm is implemented to auto generate IDs. - The name of the AVT policies and AVT profiles are configurable in the input variables. The Load Balance policies are named `LB-` and are not configurable. - For LAN, the current supported funcitonality is to use `uplink_type: p2p-vrfs` on the WAN routers and to have the relevant VRFs present on the uplink switches via `network_services`. Other LAN scenarios will come with time. +- HA for AutoVPN is not supported ## Future work diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py index 8bc67b3e8f5..05717883364 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py @@ -213,20 +213,21 @@ def _wan_policy_key(self) -> str: def _generate_wan_load_balance_policy(self, name: str, input_dict: dict, context_path: str) -> dict: """ - Generate and return a router path-selection load-balance policy. + Generate and return a router path-selection load-balance policy. If HA is enabled, inject the HA path-group with priority 1. Attrs: ------ name (str): The name of the load balance policy input_dict (dict): The dictionary containing the list of path-groups and their preference. context_path (str): Key used for context for error messages. - - TODO: - * add LAN_HA with prio 1 when HA is implemented """ wan_local_path_group_names = [path_group["name"] for path_group in self.shared_utils.wan_local_path_groups] wan_load_balance_policy = {"name": name, "path_groups": [], **get(input_dict, "constraints", default={})} + if self.shared_utils.wan_ha is True or self.shared_utils.cv_pathfinder_role == "pathfinder": + # Adding HA path-group with priority 1 - it does not count as an entry with priority 1 + wan_load_balance_policy["path_groups"].append({"name": self.shared_utils.wan_ha_path_group_name}) + # An entry is composed of a list of path-groups in `names` and a `priority` policy_entries = get(input_dict, "path_groups", []) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py index 407741ba00c..31e97e03668 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py @@ -46,13 +46,19 @@ def _append_data_plane(self, ip_security: dict, data_plane_config: dict) -> None """ In place update of ip_security """ + if self.shared_utils.wan_ha: + ike_policy_name = get(data_plane_config, "ike_policy_name", default="DP-IKE-POLICY") + else: + ike_policy_name = None sa_policy_name = get(data_plane_config, "sa_policy_name", default="DP-SA-POLICY") profile_name = get(data_plane_config, "profile_name", default="DP-PROFILE") key = get(data_plane_config, "shared_key", required=True) # IKE policy for data-plane is not required for dynamic tunnels except for HA cases + if self.shared_utils.wan_ha: + ip_security["ike_policies"].append(self._ike_policy(ike_policy_name)) ip_security["sa_policies"].append(self._sa_policy(sa_policy_name)) - ip_security["profiles"].append(self._profile(profile_name, None, sa_policy_name, key)) + ip_security["profiles"].append(self._profile(profile_name, ike_policy_name, sa_policy_name, key)) # For data plane, adding key_controller by default ip_security["key_controller"] = self._key_controller(profile_name) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index d7458a85bbc..aa6d7491630 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -82,18 +82,73 @@ def _get_path_groups(self) -> list: path_groups.append(path_group_data) - if self.shared_utils.cv_pathfinder_role: - pass - # implement LAN_HA here + if (self.shared_utils.cv_pathfinder_role and self.shared_utils.wan_ha) or self.shared_utils.cv_pathfinder_role == "pathfinder": + path_groups.append(self._generate_ha_path_group()) return path_groups + def _generate_ha_path_group(self) -> dict: + """ + Called only when self.shared_utils.wan_ha is True or on Pathfinders + """ + ha_path_group = { + "name": self.shared_utils.wan_ha_path_group_name, + "id": self._get_path_group_id(self.shared_utils.wan_ha_path_group_name), + "flow_assignment": "lan", + } + if self.shared_utils.cv_pathfinder_role == "pathfinder": + return ha_path_group + + # not a pathfinder device + ha_path_group.update( + { + # This should be the LAN interface over which a DPS tunnel is built + "local_interfaces": [{"name": interface["interface"]} for interface in self.shared_utils.wan_ha_interfaces], + "static_peers": [ + { + "router_ip": self.shared_utils.wan_ha_peer_router_id, + "name": self.shared_utils.wan_ha_path_group_name, + "ipv4_addresses": self.shared_utils.wan_ha_peer_ip_addresses, + } + ], + } + ) + if get(self.shared_utils.switch_data_combined, "wan_ha.ipsec", default=True): + ha_path_group["ipsec_profile"] = self._dp_ipsec_profile_name + + return ha_path_group + + def _wan_ha_peer_ip_addresses(self) -> list: + """ + Read the IP addresses from HA peer uplinks + """ + peer_facts = self.shared_utils.get_peer_facts(self.shared_utils.wan_ha_peer, required=True) + # For now only picking up uplink interfaces in VRF default on the router. + vrf_default_peer_uplinks = [uplink for uplink in get(peer_facts, "uplinks", required=True) if get(uplink, "vrf") is None] + return [ + get( + uplink, + "ip_address", + required=True, + org_key=( + f"The uplink interface {uplink['interface']} used as WAN LAN HA on the remote peer " + f"{self.shared_utils.wan_ha_peer} interface does not have an IP address", + ), + ) + for uplink in vrf_default_peer_uplinks + ] + + def _wan_ha_peer_vtep_ip(self) -> str: + """ """ + peer_facts = self.shared_utils.get_peer_facts(self.shared_utils.wan_ha_peer, required=True) + return get(peer_facts, "vtep_ip", required=True) + def _get_path_group_id(self, path_group_name: str, config_id: int | None = None) -> int: """ TODO - implement algorithm to auto assign IDs - cf internal documenation TODO - also implement algorithm for cross connects on public path_groups """ - if path_group_name == "LAN_HA": + if path_group_name == self.shared_utils.wan_ha_path_group_name: return 65535 if config_id is not None: return config_id diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py index 125f467230a..ef0957074aa 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py @@ -46,6 +46,11 @@ def prefix_lists(self) -> list | None: ] prefix_lists.append({"name": "PL-LOOPBACKS-PIM-RP", "sequence_numbers": sequence_numbers}) + # TODO - may be needed in other situations + if self.shared_utils.wan_ha and self.shared_utils.underlay_routing_protocol == "ebgp": + sequence_numbers = [{"sequence": 10, "action": f"permit {self.shared_utils.uplink_ipv4_pool} eq 31"}] + prefix_lists.append({"name": "PL-WAN-HA-PREFIXES", "sequence_numbers": sequence_numbers}) + return prefix_lists @cached_property diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py index 453bedaa31e..77a375938c2 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py @@ -61,7 +61,14 @@ def route_maps(self) -> list | None: } ) - # TODO in WAN HA PR, use 50 for PL-WAN-HA-INTERFACES + if self.shared_utils.wan_ha: + sequence_numbers.append( + { + "sequence": 50, + "type": "permit", + "match": ["ip address prefix-list PL-WAN-HA-PREFIXES"], + } + ) route_maps.append({"name": "RM-CONN-2-BGP", "sequence_numbers": sequence_numbers}) @@ -91,8 +98,13 @@ def route_maps(self) -> list | None: { "name": "RM-BGP-UNDERLAY-PEERS-IN", "sequence_numbers": [ - # TODO sequence 10 is left to match prefixes from HA PEER - # on which SOO will be have been set by peer + # TODO seq 10 maybe only needed when HA is true + { + "sequence": 10, + "type": "deny", + "description": "Deny prefixes with our SoO set", + "match": ["extcommunity ECL-EVPN-SOO"], + }, { "sequence": 20, "type": "deny", @@ -125,7 +137,14 @@ def route_maps(self) -> list | None: "description": "Advertise routes received from WAN iBGP towards LAN", "match": ["route-type internal"], }, - # TODO match local HA prefix and mark them with SOO + # TODO seq 30 maybe only needed when HA is true + { + "sequence": 30, + "type": "permit", + "description": "Advertise WAN HA prefixes towards LAN and mark them with SoO", + "match": [f"interface {uplink['interface']}" for uplink in self._uplinks], + "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], + }, ], } ) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py index dc85ccfee1c..17767147cef 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py @@ -43,10 +43,12 @@ def router_bgp(self) -> dict | None: "struct_cfg": self.shared_utils.bgp_peer_groups["ipv4_underlay_peers"]["structured_config"], } - # For HA will need to add allowas_in 1 if self.shared_utils.overlay_routing_protocol == "ibgp" and self.shared_utils.wan_mode == "cv-pathfinder" and self.shared_utils.wan_role is not None: peer_group["route_map_in"] = "RM-BGP-UNDERLAY-PEERS-IN" peer_group["route_map_out"] = "RM-BGP-UNDERLAY-PEERS-OUT" + if self.shared_utils.wan_ha: + # For HA need to add allowas_in 1 + peer_group["allowas_in"] = {"enabled": True, "times": 1} router_bgp["peer_groups"] = [strip_empties_from_dict(peer_group)] diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 1375d737b79..2609066a248 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -14004,6 +14004,7 @@ "description": "Set the default underlay routing_protocol.\nCan be overridden by setting \"underlay_routing_protocol\" host/group_vars.\n", "enum": [ "ebgp", + "ibgp", "ospf", "ospf-ldp", "isis", @@ -24567,9 +24568,10 @@ }, "underlay_routing_protocol": { "type": "string", - "description": "- The following underlay routing protocols are supported:\n - EBGP (default for l3ls-evpn)\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- The variables should be applied to all devices in the fabric.\n*Only supported with core_interfaces data model.\n", + "description": "- The following underlay routing protocols are supported:\n - EBGP (default for l3ls-evpn)\n - IBGP\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- The variables should be applied to all devices in the fabric.\n*Only supported with core_interfaces data model.\n", "enum": [ "ebgp", + "ibgp", "ospf", "ospf-ldp", "isis", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index ec482701fd6..93580cea451 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3465,12 +3465,13 @@ keys: type: str convert_to_lower_case: true description: "- The following underlay routing protocols are supported:\n - EBGP - (default for l3ls-evpn)\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n - \ - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- - The variables should be applied to all devices in the fabric.\n*Only supported - with core_interfaces data model.\n" + (default for l3ls-evpn)\n - IBGP\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - + ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol + (none)\n- The variables should be applied to all devices in the fabric.\n*Only + supported with core_interfaces data model.\n" valid_values: - ebgp + - ibgp - ospf - ospf-ldp - isis @@ -7559,6 +7560,30 @@ $defs: The CV Pathfinder site name.' + wan_ha: + documentation_options: + table: node-type-wan-configuration + type: dict + description: 'PREVIEW: This key is currently not supported + + + The key is supported only if `wan_mode` == `cv-pathfinder`. + + AutoVPN support is still to be determined. + + + Maximum 2 devices supported by group for HA.' + keys: + enabled: + type: bool + default: true + description: Enable / Disable auto CV-Pathfinder HA, when two nodes + are defined in node group. + ipsec: + type: bool + default: true + description: Enable / Disable IPsec over HA path-group when HA is + enabled. dps_mss_ipv4: documentation_options: table: node-type-wan-configuration diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index 377a0ec5a89..c672f021382 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -1161,6 +1161,27 @@ $defs: PREVIEW: This key is currently not supported The CV Pathfinder site name. + wan_ha: + documentation_options: + table: node-type-wan-configuration + type: dict + description: |- + PREVIEW: This key is currently not supported + + The key is supported only if `wan_mode` == `cv-pathfinder`. + AutoVPN support is still to be determined. + + Maximum 2 devices supported by group for HA. + + keys: + enabled: + type: bool + default: true + description: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + ipsec: + type: bool + default: true + description: Enable / Disable IPsec over HA path-group when HA is enabled. dps_mss_ipv4: documentation_options: table: node-type-wan-configuration diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml index 033a2df431b..64a9487efcd 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml @@ -85,7 +85,7 @@ $defs: This is not rendered in the configuration but used for WAN designs. connected_to_pathfinder: type: bool - default: True + default: true description: |- For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. raw_eos_cli: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml index 38ba5c88c3f..43ec86a265a 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml @@ -14,6 +14,7 @@ keys: description: | - The following underlay routing protocols are supported: - EBGP (default for l3ls-evpn) + - IBGP - OSPF. - OSPF-LDP*. - ISIS. @@ -25,6 +26,7 @@ keys: *Only supported with core_interfaces data model. valid_values: - "ebgp" + - "ibgp" - "ospf" - "ospf-ldp" - "isis" diff --git a/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md b/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md new file mode 100644 index 00000000000..cc8ee7378f1 --- /dev/null +++ b/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md @@ -0,0 +1,399 @@ + +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [<network_services_keys.name>](## "") | List, items: Dictionary | | | | | + | [  - name](## ".[].name") | String | Required, Unique | | | Specify a tenant name.
Tenant provide a construct to group L3 VRFs and L2 VLANs.
Networks services can be filtered by tenant name.
| + | [    evpn_l2_multicast](## ".[].evpn_l2_multicast") | Dictionary | | | | Enable EVPN L2 Multicast for all SVIs and l2vlans within Tenant.
- Multicast group binding is created only for Multicast traffic. BULL traffic will use ingress-replication.
- Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula:
< evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool > + < vlan_id - 1 > + < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset >.
- The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range.
- Enables `redistribute igmp` on the router bgp MAC VRF.
- When evpn_l2_multicast.enabled is true for a VLAN or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled - overriding those individual settings.
| + | [      enabled](## ".[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [      underlay_l2_multicast_group_ipv4_pool](## ".[].evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool") | String | | | | IPv4_address/Mask | + | [      underlay_l2_multicast_group_ipv4_pool_offset](## ".[].evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset") | Integer | | | | | + | [    evpn_l3_multicast](## ".[].evpn_l3_multicast") | Dictionary | | | | Enable L3 Multicast for all SVIs and l3vlans within Tenant.
- In the evpn-l3ls design type, this enables L3 EVPN Multicast (aka OISM)'.
- Multicast group binding for VRF is created only for Multicast traffic. BULL traffic will use ingress-replication.
- Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula:
< l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool > + < vrf_vni - 1 > + < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset >.
- The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range.
- If enabled on an SVI using the anycast default gateway feature, a diagnostic loopback (see below) MUST be configured to source IGMP traffic.
- Enables `evpn multicast` on the router bgp VRF.
- When enabled on an SVI:
- If switch is part of an MLAG pair, enables "pim ipv4 sparse-mode" on the SVI.
- If switch is standalone or A-A MH, enables "ip igmp" on the SVI.
- If "ip address virtual" is configured, enables "pim ipv4 local-interface" and uses the diagnostic Loopback defined in the VRF
| + | [      enabled](## ".[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [      evpn_underlay_l3_multicast_group_ipv4_pool](## ".[].evpn_l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool") | String | Required | | | IPv4_address/Mask | + | [      evpn_underlay_l3_multicast_group_ipv4_pool_offset](## ".[].evpn_l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset") | Integer | | | | | + | [      evpn_peg](## ".[].evpn_l3_multicast.evpn_peg") | List, items: Dictionary | | | | For each group of nodes, allow configuration of EVPN PEG options.
The first group of settings where the device's hostname is present in the 'nodes' list will be used.
| + | [        - nodes](## ".[].evpn_l3_multicast.evpn_peg.[].nodes") | List, items: String | | | | A description will be applied to all nodes with RP addresses configured if not set. | + | [            - <str>](## ".[].evpn_l3_multicast.evpn_peg.[].nodes.[]") | String | | | | | + | [          transit](## ".[].evpn_l3_multicast.evpn_peg.[].transit") | Boolean | | | | Enable EVPN PEG transit mode. | + | [    pim_rp_addresses](## ".[].pim_rp_addresses") | List, items: Dictionary | | | | For each group of nodes, allow configuration of RP Addresses & associated groups.
| + | [      - rps](## ".[].pim_rp_addresses.[].rps") | List, items: String | | | Min Length: 1 | List of Rendevouz Points. | + | [          - <str>](## ".[].pim_rp_addresses.[].rps.[]") | String | | | | RP address. | + | [        nodes](## ".[].pim_rp_addresses.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Configuration Will be applied to all nodes if not set.
| + | [          - <str>](## ".[].pim_rp_addresses.[].nodes.[]") | String | | | | | + | [        groups](## ".[].pim_rp_addresses.[].groups") | List, items: String | | | | | + | [          - <str>](## ".[].pim_rp_addresses.[].groups.[]") | String | | | | Group_prefix/mask. | + | [    igmp_snooping_querier](## ".[].igmp_snooping_querier") | Dictionary | | | | Enable IGMP snooping querier for each SVI/l2vlan within tenant, by default using IP address of Loopback 0.
When enabled, IGMP snooping querier will only be configured on L3 devices, i.e., uplink_type: p2p.
| + | [      enabled](## ".[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if "evpn_l2_multicast" is enabled. | + | [      source_address](## ".[].igmp_snooping_querier.source_address") | String | | | Format: ipv4 | Default IP address of Loopback0 | + | [      version](## ".[].igmp_snooping_querier.version") | Integer | | `2` | Valid Values:
- 1
- 2
- 3 | | + | [    vrfs](## ".[].vrfs") | List, items: Dictionary | | | | VRFs will only be configured on a node if any of the underlying objects like `svis` or `l3_interfaces` apply to the node.

It is recommended to only define a VRF in one Tenant. If the same VRF name is used across multiple tenants and those tenants
are accepted by `filter.tenants` on the node, any object set under the duplicate VRFs must either be unique or be an exact match.

VRF "default" is partially supported under network-services. Currently the supported options for "default" vrf are route-target,
route-distinguisher settings, structured_config, raw_eos_cli in bgp and SVIs are the only supported interface type.
Vlan-aware-bundles are supported as well inside default vrf. OSPF is not supported currently.
| + | [      - name](## ".[].vrfs.[].name") | String | Required, Unique | | | | + | [        evpn_l3_multicast](## ".[].vrfs.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled`.
Allow override of `.[].evpn_l3_multicast` node_settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [          enabled](## ".[].vrfs.[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [          evpn_peg](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg") | List, items: Dictionary | | | | For each group of nodes, allow configuration of EVPN PEG features. | + | [            - nodes](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Will apply to all nodes with RP addresses configured if not set.
| + | [                - <str>](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].nodes.[]") | String | | | | | + | [              transit](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].transit") | Boolean | | `False` | | Enable EVPN PEG transit mode. | + | [        pim_rp_addresses](## ".[].vrfs.[].pim_rp_addresses") | List, items: Dictionary | | | | For each group of nodes, allow configuration of RP Addresses & associated groups.
| + | [          - rps](## ".[].vrfs.[].pim_rp_addresses.[].rps") | List, items: String | | | | A minimum of one RP must be specified. | + | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].rps.[]") | String | | | | RP address. | + | [            nodes](## ".[].vrfs.[].pim_rp_addresses.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Configuration Will be applied to all nodes if not set.
| + | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].nodes.[]") | String | | | | | + | [            groups](## ".[].vrfs.[].pim_rp_addresses.[].groups") | List, items: String | | | | | + | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].groups.[]") | String | | | | Group_prefix/mask. | + | [        evpn_l2_multi_domain](## ".[].vrfs.[].evpn_l2_multi_domain") | Boolean | | | | Explicitly extend all VLANs/VLAN-Aware Bundles inside the VRF to remote EVPN domains.
Overrides `.[].evpn_l2_multi_domain`.
| + | [        svis](## ".[].vrfs.[].svis") | List, items: Dictionary | | | | List of SVIs.
This will create both the L3 SVI and L2 VLAN based on filters applied to the node.
| + | [          - id](## ".[].vrfs.[].svis.[].id") | Integer | Required, Unique | | Min: 1
Max: 4096 | SVI interface id and VLAN id. | + | [            nodes](## ".[].vrfs.[].svis.[].nodes") | List, items: Dictionary | | | | Define node specific configuration, such as unique IP addresses.
Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level.
| + | [              - node](## ".[].vrfs.[].svis.[].nodes.[].node") | String | Required, Unique | | | l3_leaf inventory hostname | + | [                evpn_l2_multicast](## ".[].vrfs.[].svis.[].nodes.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [                evpn_l3_multicast](## ".[].vrfs.[].svis.[].nodes.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| + | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [                igmp_snooping_enabled](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | + | [                igmp_snooping_querier](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier") | Dictionary | | | | | + | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | + | [                  source_address](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| + | [                  version](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | + | [            evpn_l2_multicast](## ".[].vrfs.[].svis.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [              enabled](## ".[].vrfs.[].svis.[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [            evpn_l3_multicast](## ".[].vrfs.[].svis.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| + | [              enabled](## ".[].vrfs.[].svis.[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [            igmp_snooping_enabled](## ".[].vrfs.[].svis.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | + | [            igmp_snooping_querier](## ".[].vrfs.[].svis.[].igmp_snooping_querier") | Dictionary | | | | | + | [              enabled](## ".[].vrfs.[].svis.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | + | [              source_address](## ".[].vrfs.[].svis.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| + | [              version](## ".[].vrfs.[].svis.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | + | [    l2vlans](## ".[].l2vlans") | List, items: Dictionary | | | | Define L2 network services organized by vlan id. | + | [      - id](## ".[].l2vlans.[].id") | Integer | Required, Unique | | Min: 1
Max: 4094 | VLAN ID | + | [        evpn_l2_multicast](## ".[].l2vlans.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, igmp snooping and igmp snooping querier will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [          enabled](## ".[].l2vlans.[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [        igmp_snooping_enabled](## ".[].l2vlans.[].igmp_snooping_enabled") | Boolean | | `True` | | Activate or deactivate IGMP snooping. | + | [        igmp_snooping_querier](## ".[].l2vlans.[].igmp_snooping_querier") | Dictionary | | | | Enable igmp snooping querier, by default using IP address of Loopback 0.
When enabled, igmp snooping querier will only be configured on l3 devices, i.e., uplink_type: p2p.
| + | [          enabled](## ".[].l2vlans.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | + | [          source_address](## ".[].l2vlans.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| + | [          version](## ".[].l2vlans.[].igmp_snooping_querier.version") | Integer | | `2` | Valid Values:
- 1
- 2
- 3 | | + | [svi_profiles](## "svi_profiles") | List, items: Dictionary | | | | Profiles to share common settings for SVIs under `.[].vrfs.svis`.
Keys are the same used under SVIs. Keys defined under SVIs take precedence.
Note: structured configuration is not merged recursively and will be taken directly from the most specific level in the following order:
1. svi.nodes[inventory_hostname].structured_config
2. svi_profile.nodes[inventory_hostname].structured_config
3. svi_parent_profile.nodes[inventory_hostname].structured_config
4. svi.structured_config
5. svi_profile.structured_config
6. svi_parent_profile.structured_config
| + | [  - profile](## "svi_profiles.[].profile") | String | Required, Unique | | | Profile name | + | [    nodes](## "svi_profiles.[].nodes") | List, items: Dictionary | | | | Define node specific configuration, such as unique IP addresses.
Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level.
| + | [      - node](## "svi_profiles.[].nodes.[].node") | String | Required, Unique | | | l3_leaf inventory hostname | + | [        evpn_l2_multicast](## "svi_profiles.[].nodes.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [          enabled](## "svi_profiles.[].nodes.[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [        evpn_l3_multicast](## "svi_profiles.[].nodes.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| + | [          enabled](## "svi_profiles.[].nodes.[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [        igmp_snooping_enabled](## "svi_profiles.[].nodes.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | + | [        igmp_snooping_querier](## "svi_profiles.[].nodes.[].igmp_snooping_querier") | Dictionary | | | | | + | [          enabled](## "svi_profiles.[].nodes.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | + | [          source_address](## "svi_profiles.[].nodes.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| + | [          version](## "svi_profiles.[].nodes.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | + | [    evpn_l2_multicast](## "svi_profiles.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| + | [      enabled](## "svi_profiles.[].evpn_l2_multicast.enabled") | Boolean | | | | | + | [    evpn_l3_multicast](## "svi_profiles.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| + | [      enabled](## "svi_profiles.[].evpn_l3_multicast.enabled") | Boolean | | | | | + | [    igmp_snooping_enabled](## "svi_profiles.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | + | [    igmp_snooping_querier](## "svi_profiles.[].igmp_snooping_querier") | Dictionary | | | | | + | [      enabled](## "svi_profiles.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | + | [      source_address](## "svi_profiles.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| + | [      version](## "svi_profiles.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | + +=== "YAML" + + ```yaml + : + + # Specify a tenant name. + # Tenant provide a construct to group L3 VRFs and L2 VLANs. + # Networks services can be filtered by tenant name. + - name: + + # Enable EVPN L2 Multicast for all SVIs and l2vlans within Tenant. + # - Multicast group binding is created only for Multicast traffic. BULL traffic will use ingress-replication. + # - Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula: + # < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool > + < vlan_id - 1 > + < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset >. + # - The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range. + # - Enables `redistribute igmp` on the router bgp MAC VRF. + # - When evpn_l2_multicast.enabled is true for a VLAN or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled - overriding those individual settings. + evpn_l2_multicast: + enabled: + + # IPv4_address/Mask + underlay_l2_multicast_group_ipv4_pool: + underlay_l2_multicast_group_ipv4_pool_offset: + + # Enable L3 Multicast for all SVIs and l3vlans within Tenant. + # - In the evpn-l3ls design type, this enables L3 EVPN Multicast (aka OISM)'. + # - Multicast group binding for VRF is created only for Multicast traffic. BULL traffic will use ingress-replication. + # - Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula: + # < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool > + < vrf_vni - 1 > + < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset >. + # - The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range. + # - If enabled on an SVI using the anycast default gateway feature, a diagnostic loopback (see below) MUST be configured to source IGMP traffic. + # - Enables `evpn multicast` on the router bgp VRF. + # - When enabled on an SVI: + # - If switch is part of an MLAG pair, enables "pim ipv4 sparse-mode" on the SVI. + # - If switch is standalone or A-A MH, enables "ip igmp" on the SVI. + # - If "ip address virtual" is configured, enables "pim ipv4 local-interface" and uses the diagnostic Loopback defined in the VRF + evpn_l3_multicast: + enabled: + + # IPv4_address/Mask + evpn_underlay_l3_multicast_group_ipv4_pool: + evpn_underlay_l3_multicast_group_ipv4_pool_offset: + + # For each group of nodes, allow configuration of EVPN PEG options. + # The first group of settings where the device's hostname is present in the 'nodes' list will be used. + evpn_peg: + + # A description will be applied to all nodes with RP addresses configured if not set. + - nodes: + - + + # Enable EVPN PEG transit mode. + transit: + + # For each group of nodes, allow configuration of RP Addresses & associated groups. + pim_rp_addresses: + + # List of Rendevouz Points. + - rps: # >=1 items + + # RP address. + - + + # Restrict configuration to specific nodes. + # Configuration Will be applied to all nodes if not set. + nodes: + - + groups: + + # Group_prefix/mask. + - + + # Enable IGMP snooping querier for each SVI/l2vlan within tenant, by default using IP address of Loopback 0. + # When enabled, IGMP snooping querier will only be configured on L3 devices, i.e., uplink_type: p2p. + igmp_snooping_querier: + + # Will be enabled automatically if "evpn_l2_multicast" is enabled. + enabled: + + # Default IP address of Loopback0 + source_address: + version: + + # VRFs will only be configured on a node if any of the underlying objects like `svis` or `l3_interfaces` apply to the node. + + # It is recommended to only define a VRF in one Tenant. If the same VRF name is used across multiple tenants and those tenants + # are accepted by `filter.tenants` on the node, any object set under the duplicate VRFs must either be unique or be an exact match. + + # VRF "default" is partially supported under network-services. Currently the supported options for "default" vrf are route-target, + # route-distinguisher settings, structured_config, raw_eos_cli in bgp and SVIs are the only supported interface type. + # Vlan-aware-bundles are supported as well inside default vrf. OSPF is not supported currently. + vrfs: + - name: + + # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled`. + # Allow override of `.[].evpn_l3_multicast` node_settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l3_multicast: + enabled: + + # For each group of nodes, allow configuration of EVPN PEG features. + evpn_peg: + + # Restrict configuration to specific nodes. + # Will apply to all nodes with RP addresses configured if not set. + - nodes: + - + + # Enable EVPN PEG transit mode. + transit: + + # For each group of nodes, allow configuration of RP Addresses & associated groups. + pim_rp_addresses: + + # A minimum of one RP must be specified. + - rps: + + # RP address. + - + + # Restrict configuration to specific nodes. + # Configuration Will be applied to all nodes if not set. + nodes: + - + groups: + + # Group_prefix/mask. + - + + # Explicitly extend all VLANs/VLAN-Aware Bundles inside the VRF to remote EVPN domains. + # Overrides `.[].evpn_l2_multi_domain`. + evpn_l2_multi_domain: + + # List of SVIs. + # This will create both the L3 SVI and L2 VLAN based on filters applied to the node. + svis: + + # SVI interface id and VLAN id. + - id: + + # Define node specific configuration, such as unique IP addresses. + # Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level. + nodes: + + # l3_leaf inventory hostname + - node: + + # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. + # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l2_multicast: + enabled: + + # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l3_multicast: + enabled: + + # Enable IGMP Snooping (Enabled by default on EOS). + igmp_snooping_enabled: + igmp_snooping_querier: + + # Will be enabled automatically if evpn_l2_multicast is enabled. + enabled: + + # IPv4_address + # If not set, IP address of "Loopback0" will be used. + source_address: + + # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). + version: + + # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. + # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l2_multicast: + enabled: + + # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l3_multicast: + enabled: + + # Enable IGMP Snooping (Enabled by default on EOS). + igmp_snooping_enabled: + igmp_snooping_querier: + + # Will be enabled automatically if evpn_l2_multicast is enabled. + enabled: + + # IPv4_address + # If not set, IP address of "Loopback0" will be used. + source_address: + + # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). + version: + + # Define L2 network services organized by vlan id. + l2vlans: + + # VLAN ID + - id: + + # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. + # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, igmp snooping and igmp snooping querier will always be enabled, overriding those individual settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l2_multicast: + enabled: + + # Activate or deactivate IGMP snooping. + igmp_snooping_enabled: + + # Enable igmp snooping querier, by default using IP address of Loopback 0. + # When enabled, igmp snooping querier will only be configured on l3 devices, i.e., uplink_type: p2p. + igmp_snooping_querier: + + # Will be enabled automatically if evpn_l2_multicast is enabled. + enabled: + + # IPv4_address + # If not set, IP address of "Loopback0" will be used. + source_address: + version: + + # Profiles to share common settings for SVIs under `.[].vrfs.svis`. + # Keys are the same used under SVIs. Keys defined under SVIs take precedence. + # Note: structured configuration is not merged recursively and will be taken directly from the most specific level in the following order: + # 1. svi.nodes[inventory_hostname].structured_config + # 2. svi_profile.nodes[inventory_hostname].structured_config + # 3. svi_parent_profile.nodes[inventory_hostname].structured_config + # 4. svi.structured_config + # 5. svi_profile.structured_config + # 6. svi_parent_profile.structured_config + svi_profiles: + + # Profile name + - profile: + + # Define node specific configuration, such as unique IP addresses. + # Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level. + nodes: + + # l3_leaf inventory hostname + - node: + + # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. + # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l2_multicast: + enabled: + + # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l3_multicast: + enabled: + + # Enable IGMP Snooping (Enabled by default on EOS). + igmp_snooping_enabled: + igmp_snooping_querier: + + # Will be enabled automatically if evpn_l2_multicast is enabled. + enabled: + + # IPv4_address + # If not set, IP address of "Loopback0" will be used. + source_address: + + # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). + version: + + # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. + # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l2_multicast: + enabled: + + # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. + # Requires `evpn_multicast` to also be set to `true`. + evpn_l3_multicast: + enabled: + + # Enable IGMP Snooping (Enabled by default on EOS). + igmp_snooping_enabled: + igmp_snooping_querier: + + # Will be enabled automatically if evpn_l2_multicast is enabled. + enabled: + + # IPv4_address + # If not set, IP address of "Loopback0" will be used. + source_address: + + # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). + version: + ``` From 552acecb1c063479ad85cc11adf985fccec88b25 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 25 Jan 2024 13:20:56 +0100 Subject: [PATCH 02/11] Test: Run molecule --- .../converge.yml | 42 ++++ .../invalid-wan-role-cv-pathfinder-role-1.yml | 2 + .../invalid-wan-role-cv-pathfinder-role-2.yml | 2 + .../inventory/hosts.yml | 8 +- ...v-pathfinder-edge-no-common-path-group.cfg | 72 ------ .../intended/configs/cv-pathfinder-edge.cfg | 15 -- .../intended/configs/cv-pathfinder-edge2.cfg | 203 +++++++++++---- .../intended/configs/cv-pathfinder-edge3.cfg | 202 +++++++++++---- .../intended/configs/cv-pathfinder-edge4.cfg | 164 ------------ .../intended/configs/cv-pathfinder-edge5.cfg | 149 ----------- .../intended/configs/site-ha-enabled-leaf.cfg | 166 +++++++++++++ ...v-pathfinder-edge-no-common-path-group.yml | 90 ------- .../structured_configs/cv-pathfinder-edge.yml | 18 -- .../cv-pathfinder-edge2.yml | 228 ++++++++++++----- .../cv-pathfinder-edge3.yml | 231 ++++++++++++----- .../cv-pathfinder-edge4.yml | 231 ----------------- .../cv-pathfinder-edge5.yml | 205 ++++++++++++++- .../cv-pathfinder-pathfinder.yml | 10 - .../cv-pathfinder-pathfinder1.yml | 10 - .../cv-pathfinder-pathfinder2.yml | 10 - .../site-ha-enabled-leaf.yml | 234 ++++++++++++++++++ .../group_vars/CV_PATHFINDER_TESTS.yml | 10 +- .../plugin_utils/eos_designs_facts/wan.py | 16 -- .../eos_designs_shared_utils/wan.py | 23 +- .../overlay/router_path_selection.py | 12 +- .../defs_node_type.schema.yml | 2 +- 26 files changed, 1300 insertions(+), 1055 deletions(-) delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml index 5ab89323c64..fa338760fa0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml @@ -182,6 +182,48 @@ - ansible_failed_result is defined - ansible_failed_result.msg == expected_error_message +- name: Converge Negative tests for 'eos_designs_facts' + hosts: fabric_wan_role_cv_pathinder_role_1 + connection: local + tasks: + - name: Run failure scenario Test + block: + - name: Trigger Error + ansible.builtin.import_role: + name: arista.avd.eos_designs + rescue: + - name: Error message + run_once: true + ansible.builtin.debug: + var: ansible_failed_result.msg + - name: Assert eos_designs failed with the expected error message + run_once: true + ansible.builtin.assert: + that: + - ansible_failed_result is defined + - ansible_failed_result.msg == expected_error_message + +- name: Converge Negative tests for 'eos_designs_facts' + hosts: fabric_wan_role_cv_pathinder_role_2 + connection: local + tasks: + - name: Run failure scenario Test + block: + - name: Trigger Error + ansible.builtin.import_role: + name: arista.avd.eos_designs + rescue: + - name: Error message + run_once: true + ansible.builtin.debug: + var: ansible_failed_result.msg + - name: Assert eos_designs failed with the expected error message + run_once: true + ansible.builtin.assert: + that: + - ansible_failed_result is defined + - ansible_failed_result.msg == expected_error_message + - name: Converge Negative tests for 'eos_designs_structured_config' hosts: EOS_DESIGNS_FAILURES gather_facts: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml index 663d72403a0..04c773e7208 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml @@ -1,4 +1,6 @@ --- +fabric_name: fabric_wan_role_cv_pathinder_role_1 + wan_mode: cv-pathfinder type: wan_edge diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml index b90d04b2a44..18415de21d8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml @@ -1,4 +1,6 @@ --- +fabric_name: fabric_wan_role_cv_pathinder_role_2 + wan_mode: cv-pathfinder type: wan_rr diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml index 868125b4dc5..cadc80c1e2d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml @@ -51,6 +51,12 @@ all: fabric_p2p_vrfs: hosts: invalid-uplink-type-p2p-vrfs-underlay-router-false: + fabric_wan_role_cv_pathinder_role_1: + hosts: + invalid-wan-role-cv-pathfinder-role-1: + fabric_wan_role_cv_pathinder_role_2: + hosts: + invalid-wan-role-cv-pathfinder-role-2: EOS_DESIGNS_FAILURES: # Add cases that fail during 'eos_designs_structured_config' phase hosts: failure-port-channel: @@ -87,8 +93,6 @@ all: failure-duplicate-evpn-vlan-bundle-name: ntp-settings-server-vrf-missing-mgmt-ip: ntp-settings-server-vrf-missing-inband-mgmt-interface: - invalid-wan-role-cv-pathfinder-role-1: - invalid-wan-role-cv-pathfinder-role-2: source-interfaces-domain-lookup-duplicate-vrf: source-interfaces-domain-lookup-missing-inband-mgmt-interface: source-interfaces-domain-lookup-missing-mgmt-ip: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index 764ed4ef440..eac65b35419 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -125,21 +125,6 @@ vrf instance PROD ! ip security ! -<<<<<<< HEAD -<<<<<<< HEAD -======= -<<<<<<< HEAD -<<<<<<< HEAD -======= - ike policy DP-IKE-POLICY - local-id 192.168.142.2 - ! ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= ->>>>>>> 31932a7a6 (Refactor: IPsec profiles for HA using Data plane) ->>>>>>> ae9d0c096 (Refactor: IPsec profiles for HA using Data plane) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ike policy CP-IKE-POLICY local-id 192.168.142.2 ! @@ -187,22 +172,7 @@ interface Ethernet52 no shutdown mtu 9214 no switchport -<<<<<<< HEAD -<<<<<<< HEAD - flow tracker hardware WAN-FLOW-TRACKER -======= -<<<<<<< HEAD -<<<<<<< HEAD flow tracker hardware WAN-FLOW-TRACKER -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= - flow tracker hardware WAN-FLOW-TRACKER ->>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) -======= - flow tracker hardware WAN-FLOW-TRACKER ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip address 172.17.0.3/31 ! interface Ethernet52.42 @@ -383,30 +353,9 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 -<<<<<<< HEAD -<<<<<<< HEAD - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT -======= -<<<<<<< HEAD -<<<<<<< HEAD - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= neighbor 172.17.0.2 remote-as 65000 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT ->>>>>>> 06d11a15d (Feat: Align underlay routing protocols) ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) -======= - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) redistribute connected ! vrf PROD @@ -414,30 +363,9 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 -<<<<<<< HEAD -<<<<<<< HEAD - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD -======= -<<<<<<< HEAD -<<<<<<< HEAD - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD ->>>>>>> 06d11a15d (Feat: Align underlay routing protocols) ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) -======= neighbor 172.17.0.2 remote-as 65000 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) redistribute connected ! router traffic-engineering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 3fb0fe1c6ef..57a17196e00 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -220,22 +220,7 @@ interface Ethernet52 no shutdown mtu 9214 no switchport -<<<<<<< HEAD -<<<<<<< HEAD flow tracker hardware WAN-FLOW-TRACKER -======= -<<<<<<< HEAD -<<<<<<< HEAD - flow tracker hardware WAN-FLOW-TRACKER -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= - flow tracker hardware WAN-FLOW-TRACKER ->>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) -======= - flow tracker hardware WAN-FLOW-TRACKER ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip address 172.17.0.1/31 ! interface Ethernet52.42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg index 6c2eb67743e..7107c39a2d0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg @@ -10,6 +10,7 @@ flow tracking hardware collector 127.0.0.1 local interface Loopback0 template interval 5000 + no shutdown ! transceiver qsfp default-mode 4x10G ! @@ -19,7 +20,79 @@ ip as-path access-list ASPATH-WAN permit 65000 any ! hostname cv-pathfinder-edge2 ! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 +! router path-selection + tcp mss ceiling ipv4 ingress ! path-group INET id 101 ipsec profile CP-PROFILE @@ -29,7 +102,7 @@ router path-selection ! peer dynamic ! - peer static router-ip 192.168.44.1 + peer static router-ip 192.168.144.1 name cv-pathfinder-pathfinder ipv4 address 10.7.7.7 ipv4 address 10.9.9.9 @@ -40,21 +113,16 @@ router path-selection ! local interface Ethernet52 ! - peer static router-ip 192.168.42.3 + local interface Ethernet53 + ! + peer static router-ip 192.168.142.3 name LAN_HA - ipv4 address 172.17.0.5 + ipv4 address 172.17.0.9 + ipv4 address 172.17.0.11 ! - load-balance policy LBPOLICY + load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET path-group LAN_HA -<<<<<<< HEAD -! -router adaptive-virtual-topology - topology role edge - region AVD_Land_West id 42 - zone DEFAULT-ZONE id 1 - site Site423 id 423 -======= ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group INET @@ -77,22 +145,25 @@ router adaptive-virtual-topology jitter 42 path-group LAN_HA path-group INET priority 2 ->>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) ! spanning-tree mode none ! no enable password no aaa root ! +vrf instance IT +! vrf instance MGMT ! +vrf instance PROD +! ip security ! ike policy DP-IKE-POLICY - local-id 192.168.42.2 + local-id 192.168.142.2 ! ike policy CP-IKE-POLICY - local-id 192.168.42.2 + local-id 192.168.142.2 ! sa policy DP-SA-POLICY esp encryption aes128 @@ -125,7 +196,7 @@ interface Dps1 description DPS Interface mtu 9214 flow tracker hardware WAN-FLOW-TRACKER - tcp mss ceiling ipv4 1000 + ip address 192.168.142.2/32 ! interface Ethernet1 no shutdown @@ -134,8 +205,6 @@ interface Ethernet1 ip address dhcp dhcp client accept default-route ! -<<<<<<< HEAD -======= interface Ethernet52 description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 no shutdown @@ -184,7 +253,6 @@ interface Ethernet53.100 vrf IT ip address 172.17.0.7/31 ! ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) interface Loopback0 description Router_ID no shutdown @@ -192,14 +260,58 @@ interface Loopback0 ! interface Vxlan1 description cv-pathfinder-edge2_VTEP - vxlan source-interface Loopback0 + vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 ! ip routing +ip routing vrf IT no ip routing vrf MGMT -<<<<<<< HEAD -======= ip routing vrf PROD ! ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 @@ -223,12 +335,8 @@ route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 set extcommunity soo 192.168.42.2:423 additive ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 -<<<<<<< HEAD - match interface Ethernet52 -======= description Advertise local routes towards LAN match extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN @@ -247,11 +355,6 @@ route-map RM-CONN-2-BGP permit 10 route-map RM-CONN-2-BGP permit 50 match ip address prefix-list PL-WAN-HA-PREFIXES ! -<<<<<<< HEAD -route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30 - match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ->>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) -======= route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 match extcommunity ECL-EVPN-SOO ! @@ -262,7 +365,6 @@ route-map RM-EVPN-SOO-IN permit 20 ! route-map RM-EVPN-SOO-OUT permit 10 set extcommunity soo 192.168.42.2:423 additive ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ! router bfd multihop interval 300 min-rx 300 multiplier 3 @@ -280,23 +382,21 @@ router bgp 65000 neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out neighbor WAN-OVERLAY-PEERS peer group neighbor WAN-OVERLAY-PEERS remote-as 65000 - neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS update-source Dps1 neighbor WAN-OVERLAY-PEERS bfd neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 -<<<<<<< HEAD - neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.44.1 description cv-pathfinder-pathfinder -======= - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder redistribute connected route-map RM-CONN-2-BGP ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) ! address-family evpn neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in @@ -318,8 +418,6 @@ router bgp 65000 bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate -<<<<<<< HEAD -======= ! vrf default rd 192.168.42.2:1 @@ -332,9 +430,12 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1.100_vrf_IT + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1.100_vrf_IT + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1.100_vrf_IT redistribute connected ! vrf PROD @@ -342,11 +443,13 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 - neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 description site-ha-enabled-leaf_Ethernet1.42_vrf_PROD + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1.42_vrf_PROD redistribute connected ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) ! router traffic-engineering ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg index fc8ef08982c..35767b3c7cd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg @@ -10,6 +10,7 @@ flow tracking hardware collector 127.0.0.1 local interface Loopback0 template interval 5000 + no shutdown ! transceiver qsfp default-mode 4x10G ! @@ -19,7 +20,79 @@ ip as-path access-list ASPATH-WAN permit 65000 any ! hostname cv-pathfinder-edge3 ! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 +! router path-selection + tcp mss ceiling ipv4 ingress ! path-group LAN_HA id 65535 ipsec profile DP-PROFILE @@ -27,9 +100,12 @@ router path-selection ! local interface Ethernet52 ! - peer static router-ip 192.168.42.2 + local interface Ethernet53 + ! + peer static router-ip 192.168.142.2 name LAN_HA - ipv4 address 172.17.0.3 + ipv4 address 172.17.0.5 + ipv4 address 172.17.0.7 ! path-group MPLS id 100 ! @@ -38,13 +114,10 @@ router path-selection ! peer dynamic ! - peer static router-ip 192.168.44.1 + peer static router-ip 192.168.144.1 name cv-pathfinder-pathfinder ipv4 address 172.16.0.1 ! -<<<<<<< HEAD - load-balance policy LBPOLICY -======= load-balance policy LB-CONTROL-PLANE-PROFILE path-group LAN_HA path-group MPLS @@ -68,30 +141,27 @@ router path-selection ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 ->>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) path-group LAN_HA path-group MPLS ! -router adaptive-virtual-topology - topology role edge - region AVD_Land_West id 42 - zone DEFAULT-ZONE id 1 - site Site423 id 423 -! spanning-tree mode none ! no enable password no aaa root ! +vrf instance IT +! vrf instance MGMT ! +vrf instance PROD +! ip security ! ike policy DP-IKE-POLICY - local-id 192.168.42.3 + local-id 192.168.142.3 ! ike policy CP-IKE-POLICY - local-id 192.168.42.3 + local-id 192.168.142.3 ! sa policy DP-SA-POLICY esp encryption aes128 @@ -124,7 +194,7 @@ interface Dps1 description DPS Interface mtu 9214 flow tracker hardware WAN-FLOW-TRACKER - tcp mss ceiling ipv4 1000 + ip address 192.168.142.3/32 ! interface Ethernet2 no shutdown @@ -132,8 +202,6 @@ interface Ethernet2 flow tracker hardware WAN-FLOW-TRACKER ip address 172.15.6.6/31 ! -<<<<<<< HEAD -======= interface Ethernet52 description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 no shutdown @@ -182,7 +250,6 @@ interface Ethernet53.100 vrf IT ip address 172.17.0.11/31 ! ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) interface Loopback0 description Router_ID no shutdown @@ -190,14 +257,58 @@ interface Loopback0 ! interface Vxlan1 description cv-pathfinder-edge3_VTEP - vxlan source-interface Loopback0 + vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 ! ip routing +ip routing vrf IT no ip routing vrf MGMT -<<<<<<< HEAD -======= ip routing vrf PROD ! ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 @@ -221,12 +332,8 @@ route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 set extcommunity soo 192.168.42.2:423 additive ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 -<<<<<<< HEAD - match interface Ethernet52 -======= description Advertise local routes towards LAN match extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN @@ -245,11 +352,6 @@ route-map RM-CONN-2-BGP permit 10 route-map RM-CONN-2-BGP permit 50 match ip address prefix-list PL-WAN-HA-PREFIXES ! -<<<<<<< HEAD -route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 30 - match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ->>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) -======= route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 match extcommunity ECL-EVPN-SOO ! @@ -260,7 +362,6 @@ route-map RM-EVPN-SOO-IN permit 20 ! route-map RM-EVPN-SOO-OUT permit 10 set extcommunity soo 192.168.42.2:423 additive ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ! router bfd multihop interval 300 min-rx 300 multiplier 3 @@ -278,23 +379,21 @@ router bgp 65000 neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out neighbor WAN-OVERLAY-PEERS peer group neighbor WAN-OVERLAY-PEERS remote-as 65000 - neighbor WAN-OVERLAY-PEERS update-source Loopback0 + neighbor WAN-OVERLAY-PEERS update-source Dps1 neighbor WAN-OVERLAY-PEERS bfd neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 -<<<<<<< HEAD - neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.44.1 description cv-pathfinder-pathfinder -======= - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder redistribute connected route-map RM-CONN-2-BGP ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) ! address-family evpn neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in @@ -316,8 +415,6 @@ router bgp 65000 bgp additional-paths receive bgp additional-paths send any neighbor WAN-OVERLAY-PEERS activate -<<<<<<< HEAD -======= ! vrf default rd 192.168.42.3:1 @@ -330,9 +427,12 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.3 - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2.100_vrf_IT + neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2.100_vrf_IT redistribute connected ! vrf PROD @@ -340,11 +440,13 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.3 - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 description site-ha-enabled-leaf_Ethernet2.42_vrf_PROD + neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2.42_vrf_PROD redistribute connected ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) ! router traffic-engineering ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg deleted file mode 100644 index 7ffd8a7e7da..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4.cfg +++ /dev/null @@ -1,164 +0,0 @@ -!RANCID-CONTENT-TYPE: arista -! -vlan internal order ascending range 1006 1199 -! -flow tracking hardware - tracker WAN-FLOW-TRACKER - record export on inactive timeout 70000 - record export on interval 5000 - exporter DPI-EXPORTER - collector 127.0.0.1 - local interface Loopback0 - template interval 5000 -! -transceiver qsfp default-mode 4x10G -! -service routing protocols model multi-agent -! -hostname cv-pathfinder-edge4 -! -router path-selection - ! - path-group INET id 101 - ipsec profile CP-PROFILE - ! - local interface Ethernet1 - stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 - ! - peer dynamic - ! - peer static router-ip 192.168.44.1 - name cv-pathfinder-pathfinder - ipv4 address 10.7.7.7 - ipv4 address 10.9.9.9 - ! - load-balance policy LBPOLICY - path-group INET -! -router adaptive-virtual-topology - topology role edge - region AVD_Land_West id 42 - zone DEFAULT-ZONE id 1 - site Site424 id 424 -! -spanning-tree mode none -! -no enable password -no aaa root -! -vrf instance MGMT -! -ip security - ! - ike policy DP-IKE-POLICY - local-id 192.168.42.4 - ! - ike policy CP-IKE-POLICY - local-id 192.168.42.4 - ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - sa policy CP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! - profile CP-PROFILE - ike-policy CP-IKE-POLICY - sa-policy CP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890 - dpd 10 50 clear - mode transport - ! - key controller - profile DP-PROFILE -! -interface Dps1 - description DPS Interface - flow tracker hardware WAN-FLOW-TRACKER - tcp mss ceiling ipv4 1000 -! -interface Ethernet1 - no shutdown - no switchport - flow tracker hardware WAN-FLOW-TRACKER - ip address dhcp - dhcp client accept default-route -! -interface Loopback0 - description Router_ID - no shutdown - ip address 192.168.42.4/32 -! -interface Vxlan1 - description cv-pathfinder-edge4_VTEP - vxlan source-interface Loopback0 - vxlan udp-port 4789 - vxlan vrf default vni 1 -! -ip routing -no ip routing vrf MGMT -! -router bfd - multihop interval 300 min-rx 300 multiplier 3 -! -router bgp 65000 - router-id 192.168.42.4 - maximum-paths 16 - update wait-install - no bgp default ipv4-unicast - neighbor WAN-OVERLAY-PEERS peer group - neighbor WAN-OVERLAY-PEERS remote-as 65000 - neighbor WAN-OVERLAY-PEERS update-source Loopback0 - neighbor WAN-OVERLAY-PEERS bfd - neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== - neighbor WAN-OVERLAY-PEERS send-community - neighbor WAN-OVERLAY-PEERS maximum-routes 0 - neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.44.1 description cv-pathfinder-pathfinder - ! - address-family evpn - neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 - no neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 sr-te - neighbor WAN-OVERLAY-PEERS activate - ! - address-family link-state - neighbor WAN-OVERLAY-PEERS activate - path-selection - ! - address-family path-selection - bgp additional-paths receive - bgp additional-paths send any - neighbor WAN-OVERLAY-PEERS activate -! -router traffic-engineering -! -management api http-commands - protocol https - no shutdown - ! - vrf MGMT - no shutdown -! -stun - client - server-profile INET-cv-pathfinder-pathfinder-Ethernet1 - ip address 10.7.7.7 - server-profile INET-cv-pathfinder-pathfinder-Ethernet3 - ip address 10.9.9.9 -! -end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg deleted file mode 100644 index 514bae17683..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge5.cfg +++ /dev/null @@ -1,149 +0,0 @@ -!RANCID-CONTENT-TYPE: arista -! -vlan internal order ascending range 1006 1199 -! -flow tracking hardware - tracker WAN-FLOW-TRACKER - record export on inactive timeout 70000 - record export on interval 5000 - exporter DPI-EXPORTER - collector 127.0.0.1 - local interface Loopback0 - template interval 5000 -! -transceiver qsfp default-mode 4x10G -! -service routing protocols model multi-agent -! -hostname cv-pathfinder-edge5 -! -router path-selection - ! - path-group MPLS id 100 - ! - local interface Ethernet2 - ! - peer dynamic - ! - load-balance policy LBPOLICY - path-group MPLS -! -router adaptive-virtual-topology - topology role edge - region AVD_Land_West id 42 - zone DEFAULT-ZONE id 1 - site Site424 id 424 -! -spanning-tree mode none -! -no enable password -no aaa root -! -vrf instance MGMT -! -ip security - ! - ike policy DP-IKE-POLICY - local-id 192.168.42.5 - ! - ike policy CP-IKE-POLICY - local-id 192.168.42.5 - ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - sa policy CP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! - profile CP-PROFILE - ike-policy CP-IKE-POLICY - sa-policy CP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890 - dpd 10 50 clear - mode transport - ! - key controller - profile DP-PROFILE -! -interface Dps1 - description DPS Interface - flow tracker hardware WAN-FLOW-TRACKER - tcp mss ceiling ipv4 1000 -! -interface Ethernet2 - no shutdown - no switchport - flow tracker hardware WAN-FLOW-TRACKER - ip address 172.14.2.4/31 -! -interface Loopback0 - description Router_ID - no shutdown - ip address 192.168.42.5/32 -! -interface Vxlan1 - description cv-pathfinder-edge5_VTEP - vxlan source-interface Loopback0 - vxlan udp-port 4789 - vxlan vrf default vni 1 -! -ip routing -no ip routing vrf MGMT -! -router bfd - multihop interval 300 min-rx 300 multiplier 3 -! -router bgp 65000 - router-id 192.168.42.5 - maximum-paths 16 - update wait-install - no bgp default ipv4-unicast - neighbor WAN-OVERLAY-PEERS peer group - neighbor WAN-OVERLAY-PEERS remote-as 65000 - neighbor WAN-OVERLAY-PEERS update-source Loopback0 - neighbor WAN-OVERLAY-PEERS bfd - neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== - neighbor WAN-OVERLAY-PEERS send-community - neighbor WAN-OVERLAY-PEERS maximum-routes 0 - neighbor 192.168.44.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.44.1 description cv-pathfinder-pathfinder - ! - address-family evpn - neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 - no neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 sr-te - neighbor WAN-OVERLAY-PEERS activate - ! - address-family link-state - neighbor WAN-OVERLAY-PEERS activate - path-selection - ! - address-family path-selection - bgp additional-paths receive - bgp additional-paths send any - neighbor WAN-OVERLAY-PEERS activate -! -router traffic-engineering -! -management api http-commands - protocol https - no shutdown - ! - vrf MGMT - no shutdown -! -end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg new file mode 100644 index 00000000000..fbcaa0d5983 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg @@ -0,0 +1,166 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.2/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.2/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.2/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.4/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.4/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.4/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.1/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.1/32 +! +interface Vxlan1 + description site-ha-enabled-leaf_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.45.1 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.1:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.1:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.1 + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52.100_vrf_IT + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.1:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.1 + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52.42_vrf_PROD + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 70059ce5913..736baa2885b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -118,64 +118,6 @@ router_bgp: receive: true send: any: true -<<<<<<< HEAD -<<<<<<< HEAD -======= -<<<<<<< HEAD -<<<<<<< HEAD -======= - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder - vrfs: - - name: default - rd: 192.168.42.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - router_id: 192.168.42.2 - rd: 192.168.42.2:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute_routes: - - source_protocol: connected - - name: PROD - router_id: 192.168.42.2 - rd: 192.168.42.2:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - redistribute_routes: - - source_protocol: connected ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= ->>>>>>> 06d11a15d (Feat: Align underlay routing protocols) ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) service_routing_protocols_model: multi-agent ip_routing: true transceiver_qsfp_default_mode_4x10: false @@ -204,26 +146,8 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.3/31 -<<<<<<< HEAD -<<<<<<< HEAD - flow_tracker: - hardware: WAN-FLOW-TRACKER -======= -<<<<<<< HEAD -<<<<<<< HEAD - flow_tracker: - hardware: WAN-FLOW-TRACKER -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= flow_tracker: hardware: WAN-FLOW-TRACKER ->>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) -======= - flow_tracker: - hardware: WAN-FLOW-TRACKER ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: Ethernet52.100 peer: site-ha-disabled-leaf peer_interface: Ethernet2.100 @@ -356,20 +280,6 @@ ip_extcommunity_lists: extcommunities: soo 192.168.42.2:511 ip_security: ike_policies: -<<<<<<< HEAD -<<<<<<< HEAD -======= -<<<<<<< HEAD -<<<<<<< HEAD -======= - - name: DP-IKE-POLICY - local_id: 192.168.142.2 ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= ->>>>>>> 31932a7a6 (Refactor: IPsec profiles for HA using Data plane) ->>>>>>> ae9d0c096 (Refactor: IPsec profiles for HA using Data plane) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: CP-IKE-POLICY local_id: 192.168.142.2 sa_policies: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 49d06eb37d2..2ec09c9a1f3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -156,26 +156,8 @@ ethernet_interfaces: mtu: 9214 type: routed ip_address: 172.17.0.1/31 -<<<<<<< HEAD -<<<<<<< HEAD flow_tracker: hardware: WAN-FLOW-TRACKER -======= -<<<<<<< HEAD -<<<<<<< HEAD - flow_tracker: - hardware: WAN-FLOW-TRACKER -======= ->>>>>>> 5b5a79993 (Refactor: Address some PR comments) -======= - flow_tracker: - hardware: WAN-FLOW-TRACKER ->>>>>>> 7de7927a1 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) -======= - flow_tracker: - hardware: WAN-FLOW-TRACKER ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: Ethernet52.100 peer: site-ha-disabled-leaf peer_interface: Ethernet1.100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml index 13fa1b49fcf..1ebd9826eb7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml @@ -22,7 +22,7 @@ router_bgp: times: 1 - name: WAN-OVERLAY-PEERS type: wan - update_source: Loopback0 + update_source: Dps1 bfd: true password: htm4AZe9mIQOO1uiMuGgYQ== send_community: all @@ -39,11 +39,16 @@ router_bgp: - source_protocol: connected route_map: RM-CONN-2-BGP neighbors: - - ip_address: 172.17.0.2 + - ip_address: 172.17.0.4 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: site-ha-enabled-leaf - description: site-ha-enabled-leaf_Ethernet1 + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet1 + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf2 + description: site-ha-enabled-leaf2_Ethernet1 - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder @@ -52,10 +57,14 @@ router_bgp: - name: IT router_id: 192.168.42.2 neighbors: - - ip_address: 172.17.0.2 + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet1.100_vrf_IT + - ip_address: 172.17.0.6 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf_Ethernet1.100_vrf_IT + description: site-ha-enabled-leaf2_Ethernet1.100_vrf_IT rd: 192.168.42.2:100 route_targets: import: @@ -71,10 +80,14 @@ router_bgp: - name: PROD router_id: 192.168.42.2 neighbors: - - ip_address: 172.17.0.2 + - ip_address: 172.17.0.4 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf_Ethernet1.42_vrf_PROD + description: site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2_Ethernet1.42_vrf_PROD rd: 192.168.42.2:42 route_targets: import: @@ -125,14 +138,6 @@ router_bgp: receive: true send: any: true -<<<<<<< HEAD - neighbors: - - ip_address: 192.168.44.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder -======= ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) service_routing_protocols_model: multi-agent ip_routing: true vlan_internal_order: @@ -145,13 +150,17 @@ spanning_tree: vrfs: - name: MGMT ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true management_api_http: enable_vrfs: - name: MGMT enable_https: true ethernet_interfaces: -<<<<<<< HEAD -======= - name: Ethernet52 peer: site-ha-enabled-leaf1 peer_interface: Ethernet1 @@ -218,7 +227,6 @@ ethernet_interfaces: encapsulation_dot1q_vlan: 42 mtu: 9214 ip_address: 172.17.0.7/31 ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) - name: Ethernet1 peer_type: l3_interface ip_address: dhcp @@ -232,25 +240,12 @@ loopback_interfaces: description: Router_ID shutdown: false ip_address: 192.168.42.2/32 -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= -ip_extcommunity_lists: -- name: ECL-WAN-HA-SOO - entries: - - type: permit - extcommunities: soo 65000:423 ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) -======= as_path: access_lists: - name: ASPATH-WAN entries: - type: permit match: '65000' ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -307,8 +302,6 @@ route_maps: description: Advertise WAN HA prefixes towards LAN and mark them with SoO match: - interface Ethernet52 -<<<<<<< HEAD -======= - interface Ethernet53 set: - extcommunity soo 192.168.42.2:423 additive @@ -318,7 +311,6 @@ route_maps: type: deny match: - extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - sequence: 20 type: permit - name: RM-EVPN-SOO-OUT @@ -332,12 +324,7 @@ route_maps: - sequence: 10 type: permit match: -<<<<<<< HEAD - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ->>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) -======= - extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) flow_tracking: hardware: trackers: @@ -351,21 +338,18 @@ flow_tracking: host: 127.0.0.1 local_interface: Loopback0 template_interval: 5000 -<<<<<<< HEAD -======= shutdown: false ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.2:423 ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip_security: ike_policies: - name: DP-IKE-POLICY - local_id: 192.168.42.2 + local_id: 192.168.142.2 - name: CP-IKE-POLICY - local_id: 192.168.42.2 + local_id: 192.168.142.2 sa_policies: - name: DP-SA-POLICY esp: @@ -409,12 +393,76 @@ router_adaptive_virtual_topology: site: name: Site423 id: 423 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto path_groups: - name: INET id: 101 @@ -427,7 +475,7 @@ router_path_selection: dynamic_peers: enabled: true static_peers: - - router_ip: 192.168.44.1 + - router_ip: 192.168.144.1 name: cv-pathfinder-pathfinder ipv4_addresses: - 10.7.7.7 @@ -438,19 +486,15 @@ router_path_selection: flow_assignment: lan local_interfaces: - name: Ethernet52 + - name: Ethernet53 static_peers: - - router_ip: 192.168.42.3 + - router_ip: 192.168.142.3 name: LAN_HA ipv4_addresses: - - 172.17.0.5 + - 172.17.0.9 + - 172.17.0.11 ipsec_profile: DP-PROFILE load_balance_policies: -<<<<<<< HEAD - - name: LBPOLICY - path_groups: - - name: INET - - name: LAN_HA -======= - name: LB-CONTROL-PLANE-PROFILE path_groups: - name: LAN_HA @@ -481,7 +525,6 @@ router_path_selection: - name: INET router_traffic_engineering: enabled: true ->>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) stun: client: server_profiles: @@ -489,16 +532,63 @@ stun: ip_address: 10.7.7.7 - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 dps_interfaces: - name: Dps1 description: DPS Interface -<<<<<<< HEAD - tcp_mss_ceiling: - ipv4: 1000 -======= mtu: 9214 ip_address: 192.168.142.2/32 ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) flow_tracker: hardware: WAN-FLOW-TRACKER vxlan_interface: @@ -506,10 +596,14 @@ vxlan_interface: description: cv-pathfinder-edge2_VTEP vxlan: udp_port: 4789 - source_interface: Loopback0 + source_interface: Dps1 vrfs: - name: default vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 metadata: cv_tags: device_tags: @@ -522,6 +616,14 @@ metadata: - name: Site value: Site423 interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan - interface: Ethernet1 tags: - name: Type @@ -532,7 +634,7 @@ metadata: value: 423-01 cv_pathfinder: role: edge - vtep_ip: 192.168.42.2 + vtep_ip: 192.168.142.2 region: AVD_Land_West zone: DEFAULT-ZONE site: Site423 @@ -542,4 +644,4 @@ metadata: circuit_id: 423-01 pathgroup: INET pathfinders: - - vtep_ip: 192.168.44.1 + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml index dc85f3d79c1..dfe75e06977 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml @@ -22,7 +22,7 @@ router_bgp: times: 1 - name: WAN-OVERLAY-PEERS type: wan - update_source: Loopback0 + update_source: Dps1 bfd: true password: htm4AZe9mIQOO1uiMuGgYQ== send_community: all @@ -39,11 +39,16 @@ router_bgp: - source_protocol: connected route_map: RM-CONN-2-BGP neighbors: - - ip_address: 172.17.0.4 + - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: site-ha-enabled-leaf - description: site-ha-enabled-leaf_Ethernet2 + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet2 + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf2 + description: site-ha-enabled-leaf2_Ethernet2 - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder @@ -52,10 +57,14 @@ router_bgp: - name: IT router_id: 192.168.42.3 neighbors: - - ip_address: 172.17.0.4 + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf_Ethernet2.100_vrf_IT + description: site-ha-enabled-leaf2_Ethernet2.100_vrf_IT rd: 192.168.42.3:100 route_targets: import: @@ -71,10 +80,14 @@ router_bgp: - name: PROD router_id: 192.168.42.3 neighbors: - - ip_address: 172.17.0.4 + - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf_Ethernet2.42_vrf_PROD + description: site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2_Ethernet2.42_vrf_PROD rd: 192.168.42.3:42 route_targets: import: @@ -125,14 +138,6 @@ router_bgp: receive: true send: any: true -<<<<<<< HEAD - neighbors: - - ip_address: 192.168.44.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder -======= ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) service_routing_protocols_model: multi-agent ip_routing: true vlan_internal_order: @@ -145,13 +150,17 @@ spanning_tree: vrfs: - name: MGMT ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true management_api_http: enable_vrfs: - name: MGMT enable_https: true ethernet_interfaces: -<<<<<<< HEAD -======= - name: Ethernet52 peer: site-ha-enabled-leaf1 peer_interface: Ethernet2 @@ -218,7 +227,6 @@ ethernet_interfaces: encapsulation_dot1q_vlan: 42 mtu: 9214 ip_address: 172.17.0.11/31 ->>>>>>> 339319bd3 (Feat(eos_designs): Add flow tracker on LAN interfaces for edges) - name: Ethernet2 peer_type: l3_interface ip_address: 172.15.6.6/31 @@ -231,25 +239,12 @@ loopback_interfaces: description: Router_ID shutdown: false ip_address: 192.168.42.3/32 -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= -ip_extcommunity_lists: -- name: ECL-WAN-HA-SOO - entries: - - type: permit - extcommunities: soo 65000:423 ->>>>>>> a53a1aba4 (Feat: Align underlay routing protocols) -======= as_path: access_lists: - name: ASPATH-WAN entries: - type: permit match: '65000' ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -306,8 +301,6 @@ route_maps: description: Advertise WAN HA prefixes towards LAN and mark them with SoO match: - interface Ethernet52 -<<<<<<< HEAD -======= - interface Ethernet53 set: - extcommunity soo 192.168.42.2:423 additive @@ -317,7 +310,6 @@ route_maps: type: deny match: - extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - sequence: 20 type: permit - name: RM-EVPN-SOO-OUT @@ -331,12 +323,7 @@ route_maps: - sequence: 10 type: permit match: -<<<<<<< HEAD - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ->>>>>>> 479d1aebd (Feat: Add underlay prefixes in route-map for BGP) -======= - extcommunity ECL-EVPN-SOO ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) flow_tracking: hardware: trackers: @@ -350,21 +337,18 @@ flow_tracking: host: 127.0.0.1 local_interface: Loopback0 template_interval: 5000 -<<<<<<< HEAD -======= shutdown: false ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.2:423 ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) ip_security: ike_policies: - name: DP-IKE-POLICY - local_id: 192.168.42.3 + local_id: 192.168.142.3 - name: CP-IKE-POLICY - local_id: 192.168.42.3 + local_id: 192.168.142.3 sa_policies: - name: DP-SA-POLICY esp: @@ -408,12 +392,76 @@ router_adaptive_virtual_topology: site: name: Site423 id: 423 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto path_groups: - name: MPLS id: 100 @@ -425,7 +473,7 @@ router_path_selection: dynamic_peers: enabled: true static_peers: - - router_ip: 192.168.44.1 + - router_ip: 192.168.144.1 name: cv-pathfinder-pathfinder ipv4_addresses: - 172.16.0.1 @@ -434,22 +482,17 @@ router_path_selection: flow_assignment: lan local_interfaces: - name: Ethernet52 + - name: Ethernet53 static_peers: - - router_ip: 192.168.42.2 + - router_ip: 192.168.142.2 name: LAN_HA ipv4_addresses: - - 172.17.0.3 + - 172.17.0.5 + - 172.17.0.7 ipsec_profile: DP-PROFILE load_balance_policies: - - name: LBPOLICY + - name: LB-CONTROL-PLANE-PROFILE path_groups: -<<<<<<< HEAD - - name: LAN_HA - - name: MPLS -<<<<<<< HEAD -======= -======= ->>>>>>> 31f086422 (Refactor: Ordering) - name: LAN_HA - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE @@ -478,22 +521,68 @@ router_path_selection: priority: 42 router_traffic_engineering: enabled: true ->>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) stun: client: server_profiles: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 ip_address: 172.16.0.1 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 dps_interfaces: - name: Dps1 description: DPS Interface -<<<<<<< HEAD - tcp_mss_ceiling: - ipv4: 1000 -======= mtu: 9214 ip_address: 192.168.142.3/32 ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) flow_tracker: hardware: WAN-FLOW-TRACKER vxlan_interface: @@ -501,10 +590,14 @@ vxlan_interface: description: cv-pathfinder-edge3_VTEP vxlan: udp_port: 4789 - source_interface: Loopback0 + source_interface: Dps1 vrfs: - name: default vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 metadata: cv_tags: device_tags: @@ -517,6 +610,14 @@ metadata: - name: Site value: Site423 interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan - interface: Ethernet2 tags: - name: Type @@ -527,7 +628,7 @@ metadata: value: '10423' cv_pathfinder: role: edge - vtep_ip: 192.168.42.3 + vtep_ip: 192.168.142.3 region: AVD_Land_West zone: DEFAULT-ZONE site: Site423 @@ -537,4 +638,4 @@ metadata: circuit_id: '10423' pathgroup: MPLS pathfinders: - - vtep_ip: 192.168.44.1 + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml deleted file mode 100644 index 424e13be947..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4.yml +++ /dev/null @@ -1,231 +0,0 @@ -hostname: cv-pathfinder-edge4 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - updates: - wait_install: true - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Loopback0 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: - any: true - neighbors: - - ip_address: 192.168.44.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - type: routed - dhcp_client_accept_default_route: true - flow_tracker: - hardware: WAN-FLOW-TRACKER -loopback_interfaces: -- name: Loopback0 - description: Router_ID - shutdown: false - ip_address: 192.168.42.4/32 -flow_tracking: - hardware: - trackers: - - name: WAN-FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: DPI-EXPORTER - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 5000 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.42.4 - - name: CP-IKE-POLICY - local_id: 192.168.42.4 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -router_adaptive_virtual_topology: - topology_role: edge - region: - name: AVD_Land_West - id: 42 - zone: - name: DEFAULT-ZONE - id: 1 - site: - name: Site424 - id: 424 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - path_groups: - - name: INET - id: 101 - local_interfaces: - - name: Ethernet1 - stun: - server_profiles: - - INET-cv-pathfinder-pathfinder-Ethernet1 - - INET-cv-pathfinder-pathfinder-Ethernet3 - dynamic_peers: - enabled: true - static_peers: - - router_ip: 192.168.44.1 - name: cv-pathfinder-pathfinder - ipv4_addresses: - - 10.7.7.7 - - 10.9.9.9 - ipsec_profile: CP-PROFILE - load_balance_policies: - - name: LBPOLICY - path_groups: - - name: INET -router_traffic_engineering: - enabled: true -stun: - client: - server_profiles: - - name: INET-cv-pathfinder-pathfinder-Ethernet1 - ip_address: 10.7.7.7 - - name: INET-cv-pathfinder-pathfinder-Ethernet3 - ip_address: 10.9.9.9 -dps_interfaces: -- name: Dps1 - description: DPS Interface - tcp_mss_ceiling: - ipv4: 1000 - flow_tracker: - hardware: WAN-FLOW-TRACKER -vxlan_interface: - Vxlan1: - description: cv-pathfinder-edge4_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback0 - vrfs: - - name: default - vni: 1 -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: DEFAULT-ZONE - - name: Site - value: Site424 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: 424-01 - cv_pathfinder: - role: edge - vtep_ip: 192.168.42.4 - region: AVD_Land_West - zone: DEFAULT-ZONE - site: Site424 - interfaces: - - name: Ethernet1 - carrier: ATT - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.44.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml index a96ca3e6191..1b3d2d4dad0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml @@ -10,10 +10,13 @@ router_bgp: paths: 16 updates: wait_install: true + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP peer_groups: - name: WAN-OVERLAY-PEERS type: wan - update_source: Loopback0 + update_source: Dps1 bfd: true password: htm4AZe9mIQOO1uiMuGgYQ== send_community: all @@ -48,10 +51,51 @@ router_bgp: send: any: true neighbors: - - ip_address: 192.168.44.1 + - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder description: cv-pathfinder-pathfinder + vrfs: + - name: default + rd: 192.168.42.5:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + router_id: 192.168.42.5 + rd: 192.168.42.5:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.5 + rd: 192.168.42.5:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected service_routing_protocols_model: multi-agent ip_routing: true vlan_internal_order: @@ -64,11 +108,48 @@ spanning_tree: vrfs: - name: MGMT ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true management_api_http: enable_vrfs: - name: MGMT enable_https: true ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-disabled-leaf + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.9/31 +- name: Ethernet52.100 + peer: site-ha-disabled-leaf + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.9/31 +- name: Ethernet52.42 + peer: site-ha-disabled-leaf + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.9/31 - name: Ethernet2 peer_type: l3_interface ip_address: 172.14.2.4/31 @@ -81,6 +162,24 @@ loopback_interfaces: description: Router_ID shutdown: false ip_address: 192.168.42.5/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 30 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY flow_tracking: hardware: trackers: @@ -94,12 +193,13 @@ flow_tracking: host: 127.0.0.1 local_interface: Loopback0 template_interval: 5000 + shutdown: false ip_security: ike_policies: - name: DP-IKE-POLICY - local_id: 192.168.42.5 + local_id: 192.168.142.5 - name: CP-IKE-POLICY - local_id: 192.168.42.5 + local_id: 192.168.142.5 sa_policies: - name: DP-SA-POLICY esp: @@ -143,12 +243,76 @@ router_adaptive_virtual_topology: site: name: Site424 id: 424 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto path_groups: - name: MPLS id: 100 @@ -157,11 +321,15 @@ router_path_selection: dynamic_peers: enabled: true load_balance_policies: - - name: LBPOLICY + - name: LB-CONTROL-PLANE-PROFILE + - name: LB-PROD-AVT-POLICY-VOICE path_groups: - name: MPLS <<<<<<< HEAD +<<<<<<< HEAD ======= +======= +>>>>>>> 74c971c45 (Test: Run molecule) jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: @@ -178,8 +346,11 @@ router_path_selection: path_groups: - name: MPLS priority: 42 +<<<<<<< HEAD router_traffic_engineering: enabled: true +======= +>>>>>>> 74c971c45 (Test: Run molecule) application_traffic_recognition: application_profiles: - name: VOICE @@ -231,13 +402,19 @@ application_traffic_recognition: - 6.6.6.0/24 - name: CONTROL-PLANE-APP-DEST-PREFIXES prefix_values: +<<<<<<< HEAD - 192.168.44.1/32 +<<<<<<< HEAD >>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) +======= +>>>>>>> 74c971c45 (Test: Run molecule) +======= + - 192.168.144.1/32 +>>>>>>> 910c5ab09 (Test: Add LAN to molecule) dps_interfaces: - name: Dps1 description: DPS Interface - tcp_mss_ceiling: - ipv4: 1000 + ip_address: 192.168.142.5/32 flow_tracker: hardware: WAN-FLOW-TRACKER vxlan_interface: @@ -245,10 +422,14 @@ vxlan_interface: description: cv-pathfinder-edge5_VTEP vxlan: udp_port: 4789 - source_interface: Loopback0 + source_interface: Dps1 vrfs: - name: default vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 metadata: cv_tags: device_tags: @@ -261,6 +442,10 @@ metadata: - name: Site value: Site424 interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan - interface: Ethernet2 tags: - name: Type @@ -271,7 +456,7 @@ metadata: value: '10424' cv_pathfinder: role: edge - vtep_ip: 192.168.42.5 + vtep_ip: 192.168.142.5 region: AVD_Land_West zone: DEFAULT-ZONE site: Site424 @@ -280,4 +465,4 @@ metadata: carrier: Colt pathgroup: MPLS pathfinders: - - vtep_ip: 192.168.44.1 + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 7017d2aab02..2b1aa9ce8d4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -517,16 +517,6 @@ metadata: id: 423 location: address: Somewhere-warm -<<<<<<< HEAD -<<<<<<< HEAD -======= - - name: Site424 - id: 424 - location: - address: Somewhere-cold ->>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index 75b3d4ce857..fdf7a691b67 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -508,16 +508,6 @@ metadata: id: 423 location: address: Somewhere-warm -<<<<<<< HEAD -<<<<<<< HEAD -======= - - name: Site424 - id: 424 - location: - address: Somewhere-cold ->>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 978a5867e19..5423793e882 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -537,16 +537,6 @@ metadata: id: 423 location: address: Somewhere-warm -<<<<<<< HEAD -<<<<<<< HEAD -======= - - name: Site424 - id: 424 - location: - address: Somewhere-cold ->>>>>>> e5dc3ea72 (Feat(eos_designs): Add HA support for CV Pathfinder) -======= ->>>>>>> d804f23f5 (Refactor: Use first ha peer loopback0 as SOO) - name: AVD_Land_East id: 43 zones: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml new file mode 100644 index 00000000000..8dd6a4cd2ac --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml @@ -0,0 +1,234 @@ +hostname: site-ha-enabled-leaf +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.45.1 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2 + description: cv-pathfinder-edge2_Ethernet52 + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge3 + description: cv-pathfinder-edge3_Ethernet52 + vrfs: + - name: IT + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet52.100_vrf_IT + rd: 192.168.45.1:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + rd: 192.168.45.1:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.2/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.2/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2 + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.2/31 +- name: Ethernet2 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.4/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge3 + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.4/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.1/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.1/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +ip_igmp_snooping: + globally_enabled: true +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 +application_traffic_recognition: null diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 9337f2fca14..40ab92d6b66 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -60,6 +60,7 @@ wan_edge: filter: always_include_vrfs_in_tenants: [TenantA] uplink_ipv4_pool: 172.17.0.0/16 + # Testing HA and disabling HA node_groups: # SITE_HA_DISABLED - group: Site511 @@ -68,7 +69,6 @@ wan_edge: uplink_interfaces: [ Ethernet52 ] cv_pathfinder_region: AVD_Land_East cv_pathfinder_site: Site511 - # Disabling HA wan_ha: enabled: False nodes: @@ -102,12 +102,13 @@ wan_edge: wan_circuit_id: S511 dhcp_accept_default_route: true ip_address: dhcp + # SITE_HA_ENABLED - group: Site423 cv_pathfinder_region: AVD_Land_West cv_pathfinder_site: Site423 uplink_type: p2p-vrfs - uplink_switches: [ site-ha-enabled-leaf ] - uplink_interfaces: [ Ethernet52 ] + uplink_switches: [ site-ha-enabled-leaf1, site-ha-enabled-leaf2 ] + uplink_interfaces: [ Ethernet52, Ethernet53 ] # Manual HA disable to try it out.. # wan_ha: # ipsec: false @@ -120,6 +121,7 @@ wan_edge: wan_circuit_id: 423-01 dhcp_accept_default_route: true ip_address: dhcp + uplink_switch_interfaces: [Ethernet1, Ethernet1] - name: cv-pathfinder-edge3 id: 3 l3_interfaces: @@ -127,6 +129,7 @@ wan_edge: wan_carrier: Colt wan_circuit_id: 10423 ip_address: 172.15.6.6/31 + uplink_switch_interfaces: [Ethernet2, Ethernet2] # Fake DC1 l3leaf: @@ -138,7 +141,6 @@ l3leaf: filter: always_include_vrfs_in_tenants: [TenantA] nodes: - # Used for HA in HA PR - name: site-ha-enabled-leaf1 id: 1 - name: site-ha-enabled-leaf2 diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py index b38ace80d2e..684fa81d8e4 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_facts/wan.py @@ -30,19 +30,3 @@ def wan_path_groups(self: EosDesignsFacts) -> list | None: return None return self.shared_utils.wan_local_path_groups - - @cached_property - def wan_ha_interfaces(self: EosDesignsFacts) -> str | None: - return self.shared_utils.wan_ha_interfaces if self.shared_utils.wan_ha else None - - @cached_property - def wan_ha_peer(self: EosDesignsFacts) -> str | None: - return self.shared_utils.wan_ha_peer if self.shared_utils.wan_ha else None - - @cached_property - def wan_ha_router_id(self: EosDesignsFacts) -> str | None: - return self.shared_utils.wan_ha_router_id if self.shared_utils.wan_ha else None - - @cached_property - def wan_ha_ip_addresses(self: EosDesignsFacts) -> list | None: - return self.shared_utils.wan_ha_ip_addresses if self.shared_utils.wan_ha else None diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index e2700bf8658..938bce096d1 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -389,33 +389,12 @@ def wan_ha(self: SharedUtils) -> bool: def wan_ha_path_group_name(self) -> str: """ Return HA path group name for the WAN design. + Used in both network services and overlay python modules. TODO make this configurable """ return "LAN_HA" - @cached_property - def wan_ha_interfaces(self: SharedUtils) -> list: - """ - Return the list of WAN HA interfaces - For now only picking up uplink interfaces in VRF default on the router. - """ - # TODO probably does not need the whole uplink - return [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] - - @cached_property - def wan_ha_peer_interfaces(self: SharedUtils) -> str: - return self.get_wan_peer_fact("wan_ha_interfaces") - - @cached_property - def wan_ha_interfaces(self) -> list: - """ - Return list of interfaces for HA - - TODO: Used in overlay only for now see if needs to be changed - """ - return [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] - @cached_property def is_first_ha_peer(self) -> bool: """ diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index aa6d7491630..975addf5033 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -103,12 +103,12 @@ def _generate_ha_path_group(self) -> dict: ha_path_group.update( { # This should be the LAN interface over which a DPS tunnel is built - "local_interfaces": [{"name": interface["interface"]} for interface in self.shared_utils.wan_ha_interfaces], + "local_interfaces": [{"name": interface["interface"]} for interface in self._wan_ha_interfaces()], "static_peers": [ { - "router_ip": self.shared_utils.wan_ha_peer_router_id, + "router_ip": self._wan_ha_peer_vtep_ip(), "name": self.shared_utils.wan_ha_path_group_name, - "ipv4_addresses": self.shared_utils.wan_ha_peer_ip_addresses, + "ipv4_addresses": self._wan_ha_peer_ip_addresses(), } ], } @@ -118,6 +118,12 @@ def _generate_ha_path_group(self) -> dict: return ha_path_group + def _wan_ha_interfaces(self) -> list: + """ + Return list of interfaces for HA + """ + return [uplink for uplink in self.shared_utils.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + def _wan_ha_peer_ip_addresses(self) -> list: """ Read the IP addresses from HA peer uplinks diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index c672f021382..3d8fe200508 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -1174,7 +1174,7 @@ $defs: Maximum 2 devices supported by group for HA. keys: - enabled: + enabled: type: bool default: true description: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. From 1395be90ef4a74e1917f5ddf47db340c988329a5 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Tue, 30 Jan 2024 12:53:37 +0100 Subject: [PATCH 03/11] Doc: Add documentation --- .../avd/roles/eos_designs/docs/wan-preview.md | 4 +- .../network-services-multicast-settings.md | 399 ------------------ 2 files changed, 2 insertions(+), 401 deletions(-) delete mode 100644 python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index ac79d3470cd..6c021114f15 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -38,6 +38,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - Policies are assigned to VRFs using the list `wan_virtual_topologies.vrfs`. A policy can be reused in multiple VRFs. - If no policy is assigned for the `default` VRF policy, AVD auto generates one with one `default_virtual_topology` entry configured to use all available local path-groups. - For the policy defined for VRF `default` (or the auto-generared one), an extra match statement is injected in the policy to match the traffic towards the Pathfinders or AutoVPN RRs, the name of the application-profile is hardcoded as `CONTROL-PLANE-APPLICATION-PROFILE`. A special policy is created by appending `-WITH-CP` at the end of the targetted policy name. + - For HA, the considered interfaces are only the `uplink_interfaces` in VRF default. It is possible to disable HA at the site level. #### LAN Designs @@ -118,9 +119,9 @@ The HA tunnel will come up properly today but route redistribution will be missi - All Pathfinders must be able to create a full mesh - No IPv6 support -- For WAN interfaces only physical interfaces are supported today under `node.l3_interfaces` - For WAN interfaces, NAT IP on the Pathfinder side can be supported using the `wan_route_servers.path_groups.interfaces` key. - Path-group ID is currently required under `wan_path_groups` until an algorithm is implemented to auto generate IDs. +- It is not yet supported to disable HA on a specific LAN interface on the device, nor is it supported to add HA configuration on a non-uplink interface. - The name of the AVT policies and AVT profiles are configurable in the input variables. The Load Balance policies are named `LB-` and are not configurable. - For LAN, the current supported funcitonality is to use `uplink_type: p2p-vrfs` on the WAN routers and to have the relevant VRFs present on the uplink switches via `network_services`. Other LAN scenarios will come with time. - HA for AutoVPN is not supported @@ -129,7 +130,6 @@ The HA tunnel will come up properly today but route redistribution will be missi - Auto generation of Path-group IDs and other IDs. - New LAN scenarios (L2, ..) -- HA for eBGP - HA for AutoVPN - Proper OSPF-BGP redistribution in VRF default. - Support for OSPF subinterfaces. diff --git a/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md b/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md deleted file mode 100644 index cc8ee7378f1..00000000000 --- a/python-avd/tests/schema/artifacts/output/network-services-multicast-settings.md +++ /dev/null @@ -1,399 +0,0 @@ - -=== "Table" - - | Variable | Type | Required | Default | Value Restrictions | Description | - | -------- | ---- | -------- | ------- | ------------------ | ----------- | - | [<network_services_keys.name>](## "") | List, items: Dictionary | | | | | - | [  - name](## ".[].name") | String | Required, Unique | | | Specify a tenant name.
Tenant provide a construct to group L3 VRFs and L2 VLANs.
Networks services can be filtered by tenant name.
| - | [    evpn_l2_multicast](## ".[].evpn_l2_multicast") | Dictionary | | | | Enable EVPN L2 Multicast for all SVIs and l2vlans within Tenant.
- Multicast group binding is created only for Multicast traffic. BULL traffic will use ingress-replication.
- Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula:
< evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool > + < vlan_id - 1 > + < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset >.
- The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range.
- Enables `redistribute igmp` on the router bgp MAC VRF.
- When evpn_l2_multicast.enabled is true for a VLAN or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled - overriding those individual settings.
| - | [      enabled](## ".[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [      underlay_l2_multicast_group_ipv4_pool](## ".[].evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool") | String | | | | IPv4_address/Mask | - | [      underlay_l2_multicast_group_ipv4_pool_offset](## ".[].evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset") | Integer | | | | | - | [    evpn_l3_multicast](## ".[].evpn_l3_multicast") | Dictionary | | | | Enable L3 Multicast for all SVIs and l3vlans within Tenant.
- In the evpn-l3ls design type, this enables L3 EVPN Multicast (aka OISM)'.
- Multicast group binding for VRF is created only for Multicast traffic. BULL traffic will use ingress-replication.
- Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula:
< l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool > + < vrf_vni - 1 > + < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset >.
- The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range.
- If enabled on an SVI using the anycast default gateway feature, a diagnostic loopback (see below) MUST be configured to source IGMP traffic.
- Enables `evpn multicast` on the router bgp VRF.
- When enabled on an SVI:
- If switch is part of an MLAG pair, enables "pim ipv4 sparse-mode" on the SVI.
- If switch is standalone or A-A MH, enables "ip igmp" on the SVI.
- If "ip address virtual" is configured, enables "pim ipv4 local-interface" and uses the diagnostic Loopback defined in the VRF
| - | [      enabled](## ".[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [      evpn_underlay_l3_multicast_group_ipv4_pool](## ".[].evpn_l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool") | String | Required | | | IPv4_address/Mask | - | [      evpn_underlay_l3_multicast_group_ipv4_pool_offset](## ".[].evpn_l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset") | Integer | | | | | - | [      evpn_peg](## ".[].evpn_l3_multicast.evpn_peg") | List, items: Dictionary | | | | For each group of nodes, allow configuration of EVPN PEG options.
The first group of settings where the device's hostname is present in the 'nodes' list will be used.
| - | [        - nodes](## ".[].evpn_l3_multicast.evpn_peg.[].nodes") | List, items: String | | | | A description will be applied to all nodes with RP addresses configured if not set. | - | [            - <str>](## ".[].evpn_l3_multicast.evpn_peg.[].nodes.[]") | String | | | | | - | [          transit](## ".[].evpn_l3_multicast.evpn_peg.[].transit") | Boolean | | | | Enable EVPN PEG transit mode. | - | [    pim_rp_addresses](## ".[].pim_rp_addresses") | List, items: Dictionary | | | | For each group of nodes, allow configuration of RP Addresses & associated groups.
| - | [      - rps](## ".[].pim_rp_addresses.[].rps") | List, items: String | | | Min Length: 1 | List of Rendevouz Points. | - | [          - <str>](## ".[].pim_rp_addresses.[].rps.[]") | String | | | | RP address. | - | [        nodes](## ".[].pim_rp_addresses.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Configuration Will be applied to all nodes if not set.
| - | [          - <str>](## ".[].pim_rp_addresses.[].nodes.[]") | String | | | | | - | [        groups](## ".[].pim_rp_addresses.[].groups") | List, items: String | | | | | - | [          - <str>](## ".[].pim_rp_addresses.[].groups.[]") | String | | | | Group_prefix/mask. | - | [    igmp_snooping_querier](## ".[].igmp_snooping_querier") | Dictionary | | | | Enable IGMP snooping querier for each SVI/l2vlan within tenant, by default using IP address of Loopback 0.
When enabled, IGMP snooping querier will only be configured on L3 devices, i.e., uplink_type: p2p.
| - | [      enabled](## ".[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if "evpn_l2_multicast" is enabled. | - | [      source_address](## ".[].igmp_snooping_querier.source_address") | String | | | Format: ipv4 | Default IP address of Loopback0 | - | [      version](## ".[].igmp_snooping_querier.version") | Integer | | `2` | Valid Values:
- 1
- 2
- 3 | | - | [    vrfs](## ".[].vrfs") | List, items: Dictionary | | | | VRFs will only be configured on a node if any of the underlying objects like `svis` or `l3_interfaces` apply to the node.

It is recommended to only define a VRF in one Tenant. If the same VRF name is used across multiple tenants and those tenants
are accepted by `filter.tenants` on the node, any object set under the duplicate VRFs must either be unique or be an exact match.

VRF "default" is partially supported under network-services. Currently the supported options for "default" vrf are route-target,
route-distinguisher settings, structured_config, raw_eos_cli in bgp and SVIs are the only supported interface type.
Vlan-aware-bundles are supported as well inside default vrf. OSPF is not supported currently.
| - | [      - name](## ".[].vrfs.[].name") | String | Required, Unique | | | | - | [        evpn_l3_multicast](## ".[].vrfs.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled`.
Allow override of `.[].evpn_l3_multicast` node_settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [          enabled](## ".[].vrfs.[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [          evpn_peg](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg") | List, items: Dictionary | | | | For each group of nodes, allow configuration of EVPN PEG features. | - | [            - nodes](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Will apply to all nodes with RP addresses configured if not set.
| - | [                - <str>](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].nodes.[]") | String | | | | | - | [              transit](## ".[].vrfs.[].evpn_l3_multicast.evpn_peg.[].transit") | Boolean | | `False` | | Enable EVPN PEG transit mode. | - | [        pim_rp_addresses](## ".[].vrfs.[].pim_rp_addresses") | List, items: Dictionary | | | | For each group of nodes, allow configuration of RP Addresses & associated groups.
| - | [          - rps](## ".[].vrfs.[].pim_rp_addresses.[].rps") | List, items: String | | | | A minimum of one RP must be specified. | - | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].rps.[]") | String | | | | RP address. | - | [            nodes](## ".[].vrfs.[].pim_rp_addresses.[].nodes") | List, items: String | | | | Restrict configuration to specific nodes.
Configuration Will be applied to all nodes if not set.
| - | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].nodes.[]") | String | | | | | - | [            groups](## ".[].vrfs.[].pim_rp_addresses.[].groups") | List, items: String | | | | | - | [              - <str>](## ".[].vrfs.[].pim_rp_addresses.[].groups.[]") | String | | | | Group_prefix/mask. | - | [        evpn_l2_multi_domain](## ".[].vrfs.[].evpn_l2_multi_domain") | Boolean | | | | Explicitly extend all VLANs/VLAN-Aware Bundles inside the VRF to remote EVPN domains.
Overrides `.[].evpn_l2_multi_domain`.
| - | [        svis](## ".[].vrfs.[].svis") | List, items: Dictionary | | | | List of SVIs.
This will create both the L3 SVI and L2 VLAN based on filters applied to the node.
| - | [          - id](## ".[].vrfs.[].svis.[].id") | Integer | Required, Unique | | Min: 1
Max: 4096 | SVI interface id and VLAN id. | - | [            nodes](## ".[].vrfs.[].svis.[].nodes") | List, items: Dictionary | | | | Define node specific configuration, such as unique IP addresses.
Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level.
| - | [              - node](## ".[].vrfs.[].svis.[].nodes.[].node") | String | Required, Unique | | | l3_leaf inventory hostname | - | [                evpn_l2_multicast](## ".[].vrfs.[].svis.[].nodes.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [                evpn_l3_multicast](## ".[].vrfs.[].svis.[].nodes.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| - | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [                igmp_snooping_enabled](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | - | [                igmp_snooping_querier](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier") | Dictionary | | | | | - | [                  enabled](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | - | [                  source_address](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| - | [                  version](## ".[].vrfs.[].svis.[].nodes.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | - | [            evpn_l2_multicast](## ".[].vrfs.[].svis.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [              enabled](## ".[].vrfs.[].svis.[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [            evpn_l3_multicast](## ".[].vrfs.[].svis.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| - | [              enabled](## ".[].vrfs.[].svis.[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [            igmp_snooping_enabled](## ".[].vrfs.[].svis.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | - | [            igmp_snooping_querier](## ".[].vrfs.[].svis.[].igmp_snooping_querier") | Dictionary | | | | | - | [              enabled](## ".[].vrfs.[].svis.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | - | [              source_address](## ".[].vrfs.[].svis.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| - | [              version](## ".[].vrfs.[].svis.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | - | [    l2vlans](## ".[].l2vlans") | List, items: Dictionary | | | | Define L2 network services organized by vlan id. | - | [      - id](## ".[].l2vlans.[].id") | Integer | Required, Unique | | Min: 1
Max: 4094 | VLAN ID | - | [        evpn_l2_multicast](## ".[].l2vlans.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, igmp snooping and igmp snooping querier will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [          enabled](## ".[].l2vlans.[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [        igmp_snooping_enabled](## ".[].l2vlans.[].igmp_snooping_enabled") | Boolean | | `True` | | Activate or deactivate IGMP snooping. | - | [        igmp_snooping_querier](## ".[].l2vlans.[].igmp_snooping_querier") | Dictionary | | | | Enable igmp snooping querier, by default using IP address of Loopback 0.
When enabled, igmp snooping querier will only be configured on l3 devices, i.e., uplink_type: p2p.
| - | [          enabled](## ".[].l2vlans.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | - | [          source_address](## ".[].l2vlans.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| - | [          version](## ".[].l2vlans.[].igmp_snooping_querier.version") | Integer | | `2` | Valid Values:
- 1
- 2
- 3 | | - | [svi_profiles](## "svi_profiles") | List, items: Dictionary | | | | Profiles to share common settings for SVIs under `.[].vrfs.svis`.
Keys are the same used under SVIs. Keys defined under SVIs take precedence.
Note: structured configuration is not merged recursively and will be taken directly from the most specific level in the following order:
1. svi.nodes[inventory_hostname].structured_config
2. svi_profile.nodes[inventory_hostname].structured_config
3. svi_parent_profile.nodes[inventory_hostname].structured_config
4. svi.structured_config
5. svi_profile.structured_config
6. svi_parent_profile.structured_config
| - | [  - profile](## "svi_profiles.[].profile") | String | Required, Unique | | | Profile name | - | [    nodes](## "svi_profiles.[].nodes") | List, items: Dictionary | | | | Define node specific configuration, such as unique IP addresses.
Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level.
| - | [      - node](## "svi_profiles.[].nodes.[].node") | String | Required, Unique | | | l3_leaf inventory hostname | - | [        evpn_l2_multicast](## "svi_profiles.[].nodes.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [          enabled](## "svi_profiles.[].nodes.[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [        evpn_l3_multicast](## "svi_profiles.[].nodes.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| - | [          enabled](## "svi_profiles.[].nodes.[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [        igmp_snooping_enabled](## "svi_profiles.[].nodes.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | - | [        igmp_snooping_querier](## "svi_profiles.[].nodes.[].igmp_snooping_querier") | Dictionary | | | | | - | [          enabled](## "svi_profiles.[].nodes.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | - | [          source_address](## "svi_profiles.[].nodes.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| - | [          version](## "svi_profiles.[].nodes.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | - | [    evpn_l2_multicast](## "svi_profiles.[].evpn_l2_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`.
When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings.
Requires `evpn_multicast` to also be set to `true`.
| - | [      enabled](## "svi_profiles.[].evpn_l2_multicast.enabled") | Boolean | | | | | - | [    evpn_l3_multicast](## "svi_profiles.[].evpn_l3_multicast") | Dictionary | | | | Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`.
Requires `evpn_multicast` to also be set to `true`.
| - | [      enabled](## "svi_profiles.[].evpn_l3_multicast.enabled") | Boolean | | | | | - | [    igmp_snooping_enabled](## "svi_profiles.[].igmp_snooping_enabled") | Boolean | | | | Enable IGMP Snooping (Enabled by default on EOS). | - | [    igmp_snooping_querier](## "svi_profiles.[].igmp_snooping_querier") | Dictionary | | | | | - | [      enabled](## "svi_profiles.[].igmp_snooping_querier.enabled") | Boolean | | | | Will be enabled automatically if evpn_l2_multicast is enabled. | - | [      source_address](## "svi_profiles.[].igmp_snooping_querier.source_address") | String | | | | IPv4_address
If not set, IP address of "Loopback0" will be used.
| - | [      version](## "svi_profiles.[].igmp_snooping_querier.version") | Integer | | | Valid Values:
- 1
- 2
- 3 | IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). | - -=== "YAML" - - ```yaml - : - - # Specify a tenant name. - # Tenant provide a construct to group L3 VRFs and L2 VLANs. - # Networks services can be filtered by tenant name. - - name: - - # Enable EVPN L2 Multicast for all SVIs and l2vlans within Tenant. - # - Multicast group binding is created only for Multicast traffic. BULL traffic will use ingress-replication. - # - Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula: - # < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool > + < vlan_id - 1 > + < evpn_l2_multicast.underlay_l2_multicast_group_ipv4_pool_offset >. - # - The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range. - # - Enables `redistribute igmp` on the router bgp MAC VRF. - # - When evpn_l2_multicast.enabled is true for a VLAN or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled - overriding those individual settings. - evpn_l2_multicast: - enabled: - - # IPv4_address/Mask - underlay_l2_multicast_group_ipv4_pool: - underlay_l2_multicast_group_ipv4_pool_offset: - - # Enable L3 Multicast for all SVIs and l3vlans within Tenant. - # - In the evpn-l3ls design type, this enables L3 EVPN Multicast (aka OISM)'. - # - Multicast group binding for VRF is created only for Multicast traffic. BULL traffic will use ingress-replication. - # - Configures binding between VXLAN, VLAN, and multicast group IPv4 address using the following formula: - # < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool > + < vrf_vni - 1 > + < l3_multicast.evpn_underlay_l3_multicast_group_ipv4_pool_offset >. - # - The recommendation is to assign a /20 block within the 232.0.0.0/8 Source-Specific Multicast range. - # - If enabled on an SVI using the anycast default gateway feature, a diagnostic loopback (see below) MUST be configured to source IGMP traffic. - # - Enables `evpn multicast` on the router bgp VRF. - # - When enabled on an SVI: - # - If switch is part of an MLAG pair, enables "pim ipv4 sparse-mode" on the SVI. - # - If switch is standalone or A-A MH, enables "ip igmp" on the SVI. - # - If "ip address virtual" is configured, enables "pim ipv4 local-interface" and uses the diagnostic Loopback defined in the VRF - evpn_l3_multicast: - enabled: - - # IPv4_address/Mask - evpn_underlay_l3_multicast_group_ipv4_pool: - evpn_underlay_l3_multicast_group_ipv4_pool_offset: - - # For each group of nodes, allow configuration of EVPN PEG options. - # The first group of settings where the device's hostname is present in the 'nodes' list will be used. - evpn_peg: - - # A description will be applied to all nodes with RP addresses configured if not set. - - nodes: - - - - # Enable EVPN PEG transit mode. - transit: - - # For each group of nodes, allow configuration of RP Addresses & associated groups. - pim_rp_addresses: - - # List of Rendevouz Points. - - rps: # >=1 items - - # RP address. - - - - # Restrict configuration to specific nodes. - # Configuration Will be applied to all nodes if not set. - nodes: - - - groups: - - # Group_prefix/mask. - - - - # Enable IGMP snooping querier for each SVI/l2vlan within tenant, by default using IP address of Loopback 0. - # When enabled, IGMP snooping querier will only be configured on L3 devices, i.e., uplink_type: p2p. - igmp_snooping_querier: - - # Will be enabled automatically if "evpn_l2_multicast" is enabled. - enabled: - - # Default IP address of Loopback0 - source_address: - version: - - # VRFs will only be configured on a node if any of the underlying objects like `svis` or `l3_interfaces` apply to the node. - - # It is recommended to only define a VRF in one Tenant. If the same VRF name is used across multiple tenants and those tenants - # are accepted by `filter.tenants` on the node, any object set under the duplicate VRFs must either be unique or be an exact match. - - # VRF "default" is partially supported under network-services. Currently the supported options for "default" vrf are route-target, - # route-distinguisher settings, structured_config, raw_eos_cli in bgp and SVIs are the only supported interface type. - # Vlan-aware-bundles are supported as well inside default vrf. OSPF is not supported currently. - vrfs: - - name: - - # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled`. - # Allow override of `.[].evpn_l3_multicast` node_settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l3_multicast: - enabled: - - # For each group of nodes, allow configuration of EVPN PEG features. - evpn_peg: - - # Restrict configuration to specific nodes. - # Will apply to all nodes with RP addresses configured if not set. - - nodes: - - - - # Enable EVPN PEG transit mode. - transit: - - # For each group of nodes, allow configuration of RP Addresses & associated groups. - pim_rp_addresses: - - # A minimum of one RP must be specified. - - rps: - - # RP address. - - - - # Restrict configuration to specific nodes. - # Configuration Will be applied to all nodes if not set. - nodes: - - - groups: - - # Group_prefix/mask. - - - - # Explicitly extend all VLANs/VLAN-Aware Bundles inside the VRF to remote EVPN domains. - # Overrides `.[].evpn_l2_multi_domain`. - evpn_l2_multi_domain: - - # List of SVIs. - # This will create both the L3 SVI and L2 VLAN based on filters applied to the node. - svis: - - # SVI interface id and VLAN id. - - id: - - # Define node specific configuration, such as unique IP addresses. - # Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level. - nodes: - - # l3_leaf inventory hostname - - node: - - # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. - # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l2_multicast: - enabled: - - # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l3_multicast: - enabled: - - # Enable IGMP Snooping (Enabled by default on EOS). - igmp_snooping_enabled: - igmp_snooping_querier: - - # Will be enabled automatically if evpn_l2_multicast is enabled. - enabled: - - # IPv4_address - # If not set, IP address of "Loopback0" will be used. - source_address: - - # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). - version: - - # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. - # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l2_multicast: - enabled: - - # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l3_multicast: - enabled: - - # Enable IGMP Snooping (Enabled by default on EOS). - igmp_snooping_enabled: - igmp_snooping_querier: - - # Will be enabled automatically if evpn_l2_multicast is enabled. - enabled: - - # IPv4_address - # If not set, IP address of "Loopback0" will be used. - source_address: - - # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). - version: - - # Define L2 network services organized by vlan id. - l2vlans: - - # VLAN ID - - id: - - # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. - # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, igmp snooping and igmp snooping querier will always be enabled, overriding those individual settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l2_multicast: - enabled: - - # Activate or deactivate IGMP snooping. - igmp_snooping_enabled: - - # Enable igmp snooping querier, by default using IP address of Loopback 0. - # When enabled, igmp snooping querier will only be configured on l3 devices, i.e., uplink_type: p2p. - igmp_snooping_querier: - - # Will be enabled automatically if evpn_l2_multicast is enabled. - enabled: - - # IPv4_address - # If not set, IP address of "Loopback0" will be used. - source_address: - version: - - # Profiles to share common settings for SVIs under `.[].vrfs.svis`. - # Keys are the same used under SVIs. Keys defined under SVIs take precedence. - # Note: structured configuration is not merged recursively and will be taken directly from the most specific level in the following order: - # 1. svi.nodes[inventory_hostname].structured_config - # 2. svi_profile.nodes[inventory_hostname].structured_config - # 3. svi_parent_profile.nodes[inventory_hostname].structured_config - # 4. svi.structured_config - # 5. svi_profile.structured_config - # 6. svi_parent_profile.structured_config - svi_profiles: - - # Profile name - - profile: - - # Define node specific configuration, such as unique IP addresses. - # Any keys set here will be merged onto the SVI config, except `structured_config` keys which will replace the `structured_config` set on SVI level. - nodes: - - # l3_leaf inventory hostname - - node: - - # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. - # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l2_multicast: - enabled: - - # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l3_multicast: - enabled: - - # Enable IGMP Snooping (Enabled by default on EOS). - igmp_snooping_enabled: - igmp_snooping_querier: - - # Will be enabled automatically if evpn_l2_multicast is enabled. - enabled: - - # IPv4_address - # If not set, IP address of "Loopback0" will be used. - source_address: - - # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). - version: - - # Explicitly enable or disable evpn_l2_multicast to override setting of `.[].evpn_l2_multicast.enabled`. - # When evpn_l2_multicast.enabled is set to true for a vlan or a tenant, "igmp snooping" and "igmp snooping querier" will always be enabled, overriding those individual settings. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l2_multicast: - enabled: - - # Explicitly enable or disable evpn_l3_multicast to override setting of `.[].evpn_l3_multicast.enabled` and `.[].vrfs.[].evpn_l3_multicast.enabled`. - # Requires `evpn_multicast` to also be set to `true`. - evpn_l3_multicast: - enabled: - - # Enable IGMP Snooping (Enabled by default on EOS). - igmp_snooping_enabled: - igmp_snooping_querier: - - # Will be enabled automatically if evpn_l2_multicast is enabled. - enabled: - - # IPv4_address - # If not set, IP address of "Loopback0" will be used. - source_address: - - # IGMP Version (By default EOS uses IGMP version 2 for IGMP querier). - version: - ``` From d07ebf4c6bb7e860ed2c363a4202dee2d22d3e12 Mon Sep 17 00:00:00 2001 From: gmulocher Date: Tue, 20 Feb 2024 14:31:54 +0000 Subject: [PATCH 04/11] Refactor: Cleaning post rebase --- ...v-pathfinder-edge-no-common-path-group.cfg | 9 - .../intended/configs/cv-pathfinder-edge.cfg | 9 - .../intended/configs/cv-pathfinder-edge2.cfg | 3 +- .../intended/configs/cv-pathfinder-edge3.cfg | 3 +- .../configs/cv-pathfinder-transit.cfg | 8 - .../intended/configs/site-ha-enabled-leaf.cfg | 166 ------- ...v-pathfinder-edge-no-common-path-group.yml | 12 - .../structured_configs/cv-pathfinder-edge.yml | 12 - .../cv-pathfinder-edge2.yml | 13 +- .../cv-pathfinder-edge3.yml | 13 +- .../cv-pathfinder-edge5.yml | 468 ------------------ .../cv-pathfinder-transit.yml | 11 - .../site-ha-enabled-leaf.yml | 234 --------- .../python_modules/underlay/route_maps.py | 100 ++-- 14 files changed, 63 insertions(+), 998 deletions(-) delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index eac65b35419..8c057a6bc8f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -256,10 +256,6 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:511 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 - description Deny prefixes with our SoO set - match extcommunity ECL-EVPN-SOO -! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -276,11 +272,6 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN and mark them with SoO - match interface Ethernet52 - set extcommunity soo 192.168.42.2:511 additive -! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.42.2:511 additive diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 57a17196e00..024f80a0aea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -311,10 +311,6 @@ ip prefix-list PL-STATIC-VRF-DEFAULT ip route 172.16.0.0/16 172.16.5.4 ip route 66.66.66.0/24 172.17.0.0 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 - description Deny prefixes with our SoO set - match extcommunity ECL-EVPN-SOO -! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -331,11 +327,6 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN and mark them with SoO - match interface Ethernet52 - set extcommunity soo 192.168.42.1:511 additive -! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.42.1:511 additive diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg index 7107c39a2d0..4dfb23eaf3d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg @@ -344,8 +344,7 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 description Advertise WAN HA prefixes towards LAN and mark them with SoO - match interface Ethernet52 - match interface Ethernet53 + match ip address prefix-list PL-WAN-HA-PREFIXES set extcommunity soo 192.168.42.2:423 additive ! route-map RM-CONN-2-BGP permit 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg index 35767b3c7cd..65db3c3cbd8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg @@ -341,8 +341,7 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 description Advertise WAN HA prefixes towards LAN and mark them with SoO - match interface Ethernet52 - match interface Ethernet53 + match ip address prefix-list PL-WAN-HA-PREFIXES set extcommunity soo 192.168.42.2:423 additive ! route-map RM-CONN-2-BGP permit 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 43ffc9f3697..15212bfdfe5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -306,10 +306,6 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.43.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 - description Deny prefixes with our SoO set - match extcommunity ECL-EVPN-SOO -! route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 description Deny prefixes from WAN match as-path ASPATH-WAN @@ -326,10 +322,6 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN and mark them with SoO - set extcommunity soo 192.168.43.1:422 additive -! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.43.1:422 additive diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg deleted file mode 100644 index fbcaa0d5983..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf.cfg +++ /dev/null @@ -1,166 +0,0 @@ -!RANCID-CONTENT-TYPE: arista -! -vlan internal order ascending range 1006 1199 -! -transceiver qsfp default-mode 4x10G -! -service routing protocols model multi-agent -! -hostname site-ha-enabled-leaf -! -no enable password -no aaa root -! -vrf instance IT -! -vrf instance MGMT -! -vrf instance PROD -! -interface Ethernet1 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 - no shutdown - mtu 9214 - no switchport - ip address 172.17.0.2/31 -! -interface Ethernet1.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.2/31 -! -interface Ethernet1.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.2/31 -! -interface Ethernet2 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 - no shutdown - mtu 9214 - no switchport - ip address 172.17.0.4/31 -! -interface Ethernet2.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.4/31 -! -interface Ethernet2.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.4/31 -! -interface Loopback0 - description EVPN_Overlay_Peering - no shutdown - ip address 192.168.45.1/32 -! -interface Loopback1 - description VTEP_VXLAN_Tunnel_Source - no shutdown - ip address 192.168.255.1/32 -! -interface Vxlan1 - description site-ha-enabled-leaf_VTEP - vxlan source-interface Loopback1 - vxlan udp-port 4789 - vxlan vrf default vni 1 - vxlan vrf IT vni 100 - vxlan vrf PROD vni 42 -! -ip routing -ip routing vrf IT -no ip routing vrf MGMT -ip routing vrf PROD -! -ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY - seq 10 permit 192.168.45.0/24 eq 32 - seq 20 permit 192.168.255.0/24 eq 32 -! -route-map RM-CONN-2-BGP permit 10 - match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -! -router bfd - multihop interval 300 min-rx 300 multiplier 3 -! -router bgp 65000 - router-id 192.168.45.1 - maximum-paths 4 ecmp 4 - update wait-install - no bgp default ipv4-unicast - neighbor EVPN-OVERLAY-PEERS peer group - neighbor EVPN-OVERLAY-PEERS update-source Loopback0 - neighbor EVPN-OVERLAY-PEERS bfd - neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 - neighbor EVPN-OVERLAY-PEERS send-community - neighbor EVPN-OVERLAY-PEERS maximum-routes 0 - neighbor IPv4-UNDERLAY-PEERS peer group - neighbor IPv4-UNDERLAY-PEERS send-community - neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 - neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.3 remote-as 65000 - neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52 - redistribute connected route-map RM-CONN-2-BGP - ! - address-family evpn - neighbor EVPN-OVERLAY-PEERS activate - ! - address-family ipv4 - no neighbor EVPN-OVERLAY-PEERS activate - neighbor IPv4-UNDERLAY-PEERS activate - ! - vrf default - rd 192.168.45.1:1 - route-target import evpn 1:1 - route-target export evpn 1:1 - ! - vrf IT - rd 192.168.45.1:100 - route-target import evpn 100:100 - route-target export evpn 100:100 - router-id 192.168.45.1 - neighbor 172.17.0.3 remote-as 65000 - neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52.100_vrf_IT - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52.100_vrf_IT - redistribute connected - ! - vrf PROD - rd 192.168.45.1:42 - route-target import evpn 42:42 - route-target export evpn 42:42 - router-id 192.168.45.1 - neighbor 172.17.0.3 remote-as 65000 - neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.3 description cv-pathfinder-edge2_Ethernet52.42_vrf_PROD - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 description cv-pathfinder-edge3_Ethernet52.42_vrf_PROD - redistribute connected -! -management api http-commands - protocol https - no shutdown - ! - vrf MGMT - no shutdown -! -end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 736baa2885b..0b7d19a7b90 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -205,11 +205,6 @@ route_maps: - extcommunity soo 192.168.42.2:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 10 - type: deny - description: Deny prefixes with our SoO set - match: - - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -232,13 +227,6 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal - - sequence: 30 - type: permit - description: Advertise WAN HA prefixes towards LAN and mark them with SoO - match: - - interface Ethernet52 - set: - - extcommunity soo 192.168.42.2:511 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 2ec09c9a1f3..f987f0faae8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -233,11 +233,6 @@ route_maps: - extcommunity soo 192.168.42.1:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 10 - type: deny - description: Deny prefixes with our SoO set - match: - - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -260,13 +255,6 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal - - sequence: 30 - type: permit - description: Advertise WAN HA prefixes towards LAN and mark them with SoO - match: - - interface Ethernet52 - set: - - extcommunity soo 192.168.42.1:511 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml index 1ebd9826eb7..99e2d68387b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml @@ -270,11 +270,6 @@ route_maps: - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 10 - type: deny - description: Deny prefixes with our SoO set - match: - - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -285,6 +280,11 @@ route_maps: description: Mark prefixes originated from the LAN set: - extcommunity soo 192.168.42.2:423 additive + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -301,8 +301,7 @@ route_maps: type: permit description: Advertise WAN HA prefixes towards LAN and mark them with SoO match: - - interface Ethernet52 - - interface Ethernet53 + - ip address prefix-list PL-WAN-HA-PREFIXES set: - extcommunity soo 192.168.42.2:423 additive - name: RM-EVPN-SOO-IN diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml index dfe75e06977..134891428ec 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml @@ -269,11 +269,6 @@ route_maps: - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 10 - type: deny - description: Deny prefixes with our SoO set - match: - - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -284,6 +279,11 @@ route_maps: description: Mark prefixes originated from the LAN set: - extcommunity soo 192.168.42.2:423 additive + - sequence: 10 + type: deny + description: Deny prefixes with our SoO set + match: + - extcommunity ECL-EVPN-SOO - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -300,8 +300,7 @@ route_maps: type: permit description: Advertise WAN HA prefixes towards LAN and mark them with SoO match: - - interface Ethernet52 - - interface Ethernet53 + - ip address prefix-list PL-WAN-HA-PREFIXES set: - extcommunity soo 192.168.42.2:423 additive - name: RM-EVPN-SOO-IN diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml deleted file mode 100644 index 1b3d2d4dad0..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge5.yml +++ /dev/null @@ -1,468 +0,0 @@ -hostname: cv-pathfinder-edge5 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.5 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - updates: - wait_install: true - redistribute_routes: - - source_protocol: connected - route_map: RM-CONN-2-BGP - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: - any: true - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder - vrfs: - - name: default - rd: 192.168.42.5:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - router_id: 192.168.42.5 - rd: 192.168.42.5:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute_routes: - - source_protocol: connected - - name: PROD - router_id: 192.168.42.5 - rd: 192.168.42.5:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - redistribute_routes: - - source_protocol: connected -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet52 - peer: site-ha-disabled-leaf - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.9/31 -- name: Ethernet52.100 - peer: site-ha-disabled-leaf - peer_interface: Ethernet2.100 - peer_type: l3leaf - vrf: IT - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.9/31 -- name: Ethernet52.42 - peer: site-ha-disabled-leaf - peer_interface: Ethernet2.42 - peer_type: l3leaf - vrf: PROD - description: P2P_LINK_TO_SITE-HA-DISABLED-LEAF_Ethernet2.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.9/31 -- name: Ethernet2 - peer_type: l3_interface - ip_address: 172.14.2.4/31 - shutdown: false - type: routed - flow_tracker: - hardware: WAN-FLOW-TRACKER -loopback_interfaces: -- name: Loopback0 - description: Router_ID - shutdown: false - ip_address: 192.168.42.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 30 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -flow_tracking: - hardware: - trackers: - - name: WAN-FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: DPI-EXPORTER - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 5000 - shutdown: false -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.142.5 - - name: CP-IKE-POLICY - local_id: 192.168.142.5 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -router_adaptive_virtual_topology: - topology_role: edge - region: - name: AVD_Land_West - id: 42 - zone: - name: DEFAULT-ZONE - id: 1 - site: - name: Site424 - id: 424 - profiles: - - name: CONTROL-PLANE-PROFILE - load_balance_policy: LB-CONTROL-PLANE-PROFILE - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: CONTROL-PLANE-PROFILE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: CONTROL-PLANE-APPLICATION-PROFILE - avt_profile: CONTROL-PLANE-PROFILE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 100 - local_interfaces: - - name: Ethernet2 - dynamic_peers: - enabled: true - load_balance_policies: - - name: LB-CONTROL-PLANE-PROFILE - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: - - name: MPLS -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= ->>>>>>> 74c971c45 (Test: Run molecule) - jitter: 42 - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: MPLS - priority: 2 - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: MPLS - priority: 42 -<<<<<<< HEAD -router_traffic_engineering: - enabled: true -======= ->>>>>>> 74c971c45 (Test: Run molecule) -application_traffic_recognition: - application_profiles: - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: VIDEO - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - - name: CONTROL-PLANE-APPLICATION-PROFILE - applications: - - name: CONTROL-PLANE-APPLICATION - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - protocols: - - tcp - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CONTROL-PLANE-APPLICATION - dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: CONTROL-PLANE-APP-DEST-PREFIXES - prefix_values: -<<<<<<< HEAD - - 192.168.44.1/32 -<<<<<<< HEAD ->>>>>>> 0f36051a1 (Feat: Proper handling of LAN_HA pathgroup on pathfinder) -======= ->>>>>>> 74c971c45 (Test: Run molecule) -======= - - 192.168.144.1/32 ->>>>>>> 910c5ab09 (Test: Add LAN to molecule) -dps_interfaces: -- name: Dps1 - description: DPS Interface - ip_address: 192.168.142.5/32 - flow_tracker: - hardware: WAN-FLOW-TRACKER -vxlan_interface: - Vxlan1: - description: cv-pathfinder-edge5_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: DEFAULT-ZONE - - name: Site - value: Site424 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10424' - cv_pathfinder: - role: edge - vtep_ip: 192.168.142.5 - region: AVD_Land_West - zone: DEFAULT-ZONE - site: Site424 - interfaces: - - name: Ethernet2 - carrier: Colt - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 62b665f597d..9a3a9a45535 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -199,11 +199,6 @@ route_maps: - extcommunity soo 192.168.43.1:422 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 10 - type: deny - description: Deny prefixes with our SoO set - match: - - extcommunity ECL-EVPN-SOO - sequence: 20 type: deny description: Deny prefixes from WAN @@ -226,12 +221,6 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal - - sequence: 30 - type: permit - description: Advertise WAN HA prefixes towards LAN and mark them with SoO - match: [] - set: - - extcommunity soo 192.168.43.1:422 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml deleted file mode 100644 index 8dd6a4cd2ac..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf.yml +++ /dev/null @@ -1,234 +0,0 @@ -hostname: site-ha-enabled-leaf -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.45.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - redistribute_routes: - - source_protocol: connected - route_map: RM-CONN-2-BGP - neighbors: - - ip_address: 172.17.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: cv-pathfinder-edge2 - description: cv-pathfinder-edge2_Ethernet52 - - ip_address: 172.17.0.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: cv-pathfinder-edge3 - description: cv-pathfinder-edge3_Ethernet52 - vrfs: - - name: IT - router_id: 192.168.45.1 - neighbors: - - ip_address: 172.17.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet52.100_vrf_IT - - ip_address: 172.17.0.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet52.100_vrf_IT - rd: 192.168.45.1:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute_routes: - - source_protocol: connected - - name: PROD - router_id: 192.168.45.1 - neighbors: - - ip_address: 172.17.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet52.42_vrf_PROD - - ip_address: 172.17.0.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet52.42_vrf_PROD - rd: 192.168.45.1:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - redistribute_routes: - - source_protocol: connected - - name: default - rd: 192.168.45.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet52 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.2/31 -- name: Ethernet1.100 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet52.100 - peer_type: wan_edge - vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet1.42 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet52.42 - peer_type: wan_edge - vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet2 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet52 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.4/31 -- name: Ethernet2.100 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet52.100 - peer_type: wan_edge - vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.4/31 -- name: Ethernet2.42 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet52.42 - peer_type: wan_edge - vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.4/31 -loopback_interfaces: -- name: Loopback0 - description: EVPN_Overlay_Peering - shutdown: false - ip_address: 192.168.45.1/32 -- name: Loopback1 - description: VTEP_VXLAN_Tunnel_Source - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -vxlan_interface: - Vxlan1: - description: site-ha-enabled-leaf_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback1 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 -application_traffic_recognition: null diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py index 77a375938c2..fe3b172e6c9 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py @@ -94,60 +94,58 @@ def route_maps(self) -> list | None: # Route-map IN and OUT for SOO, rendered for WAN routers if self.shared_utils.underlay_routing_protocol == "ebgp" and self.shared_utils.wan_role == "client": - route_maps.append( + # RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers = [ { - "name": "RM-BGP-UNDERLAY-PEERS-IN", - "sequence_numbers": [ - # TODO seq 10 maybe only needed when HA is true - { - "sequence": 10, - "type": "deny", - "description": "Deny prefixes with our SoO set", - "match": ["extcommunity ECL-EVPN-SOO"], - }, - { - "sequence": 20, - "type": "deny", - "description": "Deny prefixes from WAN", - "match": ["as-path ASPATH-WAN"], - }, - { - "sequence": 30, - "type": "permit", - "description": "Mark prefixes originated from the LAN", - "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], - }, - ], - } - ) + "sequence": 20, + "type": "deny", + "description": "Deny prefixes from WAN", + "match": ["as-path ASPATH-WAN"], + }, + { + "sequence": 30, + "type": "permit", + "description": "Mark prefixes originated from the LAN", + "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], + }, + ] + if self.shared_utils.wan_ha: + sequence_numbers.append( + { + "sequence": 10, + "type": "deny", + "description": "Deny prefixes with our SoO set", + "match": ["extcommunity ECL-EVPN-SOO"], + }, + ) + route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-IN", "sequence_numbers": sequence_numbers}) - route_maps.append( + # RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers = [ { - "name": "RM-BGP-UNDERLAY-PEERS-OUT", - "sequence_numbers": [ - { - "sequence": 10, - "type": "permit", - "description": "Advertise local routes towards LAN", - "match": ["extcommunity ECL-EVPN-SOO"], - }, - { - "sequence": 20, - "type": "permit", - "description": "Advertise routes received from WAN iBGP towards LAN", - "match": ["route-type internal"], - }, - # TODO seq 30 maybe only needed when HA is true - { - "sequence": 30, - "type": "permit", - "description": "Advertise WAN HA prefixes towards LAN and mark them with SoO", - "match": [f"interface {uplink['interface']}" for uplink in self._uplinks], - "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], - }, - ], - } - ) + "sequence": 10, + "type": "permit", + "description": "Advertise local routes towards LAN", + "match": ["extcommunity ECL-EVPN-SOO"], + }, + { + "sequence": 20, + "type": "permit", + "description": "Advertise routes received from WAN iBGP towards LAN", + "match": ["route-type internal"], + }, + ] + if self.shared_utils.wan_ha: + sequence_numbers.append( + { + "sequence": 30, + "type": "permit", + "description": "Advertise WAN HA prefixes towards LAN and mark them with SoO", + "match": ["ip address prefix-list PL-WAN-HA-PREFIXES"], + "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], + }, + ) + route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-OUT", "sequence_numbers": sequence_numbers}) if route_maps: return route_maps From ef4994b69b2a9dbe4019789c4912cda503063237 Mon Sep 17 00:00:00 2001 From: gmulocher Date: Wed, 21 Feb 2024 10:15:50 +0000 Subject: [PATCH 05/11] Refactor: Change route-maps again but better --- ...v-pathfinder-edge-no-common-path-group.cfg | 6 +-- .../intended/configs/cv-pathfinder-edge.cfg | 6 +-- .../intended/configs/cv-pathfinder-edge2.cfg | 26 +++++++---- .../intended/configs/cv-pathfinder-edge3.cfg | 26 +++++++---- .../configs/cv-pathfinder-transit.cfg | 6 +-- ...v-pathfinder-edge-no-common-path-group.yml | 7 +-- .../structured_configs/cv-pathfinder-edge.yml | 7 +-- .../cv-pathfinder-edge2.yml | 39 +++++++++++----- .../cv-pathfinder-edge3.yml | 39 +++++++++++----- .../cv-pathfinder-transit.yml | 7 +-- .../eos_designs_shared_utils/wan.py | 46 +++++++++++++++++++ .../overlay/router_path_selection.py | 22 +-------- .../python_modules/underlay/prefix_lists.py | 12 ++++- .../python_modules/underlay/route_maps.py | 41 ++++++++++------- 14 files changed, 179 insertions(+), 111 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index 8c057a6bc8f..968485a568b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -256,11 +256,7 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:511 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.2:511 additive ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 024f80a0aea..b7e8137e909 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -311,11 +311,7 @@ ip prefix-list PL-STATIC-VRF-DEFAULT ip route 172.16.0.0/16 172.16.5.4 ip route 66.66.66.0/24 172.17.0.0 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.1:511 additive ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg index 4dfb23eaf3d..189ae44f8ac 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg @@ -319,18 +319,29 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.8/31 + seq 20 permit 172.17.0.10/31 +! ip prefix-list PL-WAN-HA-PREFIXES - seq 10 permit 172.17.0.0/16 eq 31 + seq 10 permit 172.17.0.4/31 + seq 20 permit 172.17.0.6/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 - description Deny prefixes with our SoO set +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup match as-path ASPATH-WAN + set community no-advertise ! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.2:423 additive ! @@ -343,9 +354,8 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 match route-type internal ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN and mark them with SoO + description Advertise WAN HA prefixes towards LAN match ip address prefix-list PL-WAN-HA-PREFIXES - set extcommunity soo 192.168.42.2:423 additive ! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg index 65db3c3cbd8..d51999f13a1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg @@ -316,18 +316,29 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.4/31 + seq 20 permit 172.17.0.6/31 +! ip prefix-list PL-WAN-HA-PREFIXES - seq 10 permit 172.17.0.0/16 eq 31 + seq 10 permit 172.17.0.8/31 + seq 20 permit 172.17.0.10/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 10 - description Deny prefixes with our SoO set +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup match as-path ASPATH-WAN + set community no-advertise ! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.2:423 additive ! @@ -340,9 +351,8 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 match route-type internal ! route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN and mark them with SoO + description Advertise WAN HA prefixes towards LAN match ip address prefix-list PL-WAN-HA-PREFIXES - set extcommunity soo 192.168.42.2:423 additive ! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg index 15212bfdfe5..1afd779ecfd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg @@ -306,11 +306,7 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.43.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.43.1:422 additive ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 0b7d19a7b90..40891fabd27 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -205,12 +205,7 @@ route_maps: - extcommunity soo 192.168.42.2:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index f987f0faae8..8434d908477 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -233,12 +233,7 @@ route_maps: - extcommunity soo 192.168.42.1:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml index 99e2d68387b..3a6d938df42 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml @@ -254,7 +254,15 @@ prefix_lists: - name: PL-WAN-HA-PREFIXES sequence_numbers: - sequence: 10 - action: permit 172.17.0.0/16 eq 31 + action: permit 172.17.0.4/31 + - sequence: 20 + action: permit 172.17.0.6/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.8/31 + - sequence: 20 + action: permit 172.17.0.10/31 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -270,21 +278,30 @@ route_maps: - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: - extcommunity soo 192.168.42.2:423 additive - sequence: 10 - type: deny - description: Deny prefixes with our SoO set + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer match: - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -299,11 +316,9 @@ route_maps: - route-type internal - sequence: 30 type: permit - description: Advertise WAN HA prefixes towards LAN and mark them with SoO + description: Advertise WAN HA prefixes towards LAN match: - ip address prefix-list PL-WAN-HA-PREFIXES - set: - - extcommunity soo 192.168.42.2:423 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml index 134891428ec..6abd0d44f5e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml @@ -253,7 +253,15 @@ prefix_lists: - name: PL-WAN-HA-PREFIXES sequence_numbers: - sequence: 10 - action: permit 172.17.0.0/16 eq 31 + action: permit 172.17.0.8/31 + - sequence: 20 + action: permit 172.17.0.10/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.4/31 + - sequence: 20 + action: permit 172.17.0.6/31 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -269,21 +277,30 @@ route_maps: - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: - extcommunity soo 192.168.42.2:423 additive - sequence: 10 - type: deny - description: Deny prefixes with our SoO set + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer match: - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -298,11 +315,9 @@ route_maps: - route-type internal - sequence: 30 type: permit - description: Advertise WAN HA prefixes towards LAN and mark them with SoO + description: Advertise WAN HA prefixes towards LAN match: - ip address prefix-list PL-WAN-HA-PREFIXES - set: - - extcommunity soo 192.168.42.2:423 additive - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml index 9a3a9a45535..3973af1e089 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml @@ -199,12 +199,7 @@ route_maps: - extcommunity soo 192.168.43.1:422 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index 938bce096d1..56212442707 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -417,3 +417,49 @@ def wan_ha_peer(self: SharedUtils) -> str | None: elif self.switch_data_node_group_nodes[1]["name"] == self.hostname: return self.switch_data_node_group_nodes[0]["name"] raise AristaAvdError("Unable to find WAN HA peer within same node group") + + @cached_property + def wan_ha_peer_ip_addresses(self) -> list: + """ + Read the IP addresses/prefix length from HA peer uplinks + Used also to generate the prefix list of the PEER HA prefixes + """ + peer_facts = self.get_peer_facts(self.wan_ha_peer, required=True) + # For now only picking up uplink interfaces in VRF default on the router. + vrf_default_peer_uplinks = [uplink for uplink in get(peer_facts, "uplinks", required=True) if get(uplink, "vrf") is None] + + ip_addresses = [] + for uplink in vrf_default_peer_uplinks: + ip_address = get( + uplink, + "ip_address", + required=True, + org_key=f"The uplink interface {uplink['interface']} used as WAN LAN HA on the remote peer {self.wan_ha_peer} does not have an IP address", + ) + # We can use [] notation here because if there is an ip_address, there should be a prefix_length + prefix_length = uplink["prefix_length"] + ip_addresses.append(f"{ip_address}/{prefix_length}") + + return ip_addresses + + @cached_property + def wan_ha_ip_addresses(self) -> list: + """ + Read the IP addresses/prefix length from this device uplinks used for HA. + Used to generate the prefix list. + """ + vrf_default_uplinks = [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + + ip_addresses = [] + for uplink in vrf_default_uplinks: + ip_address = get( + uplink, + "ip_address", + required=True, + org_key=f"The uplink interface {uplink['interface']} used as WAN LAN HA does not have an IP address", + ) + # We can use [] notation here because if there is an ip_address, there should be a prefix_length + prefix_length = uplink["prefix_length"] + ip_addresses.append(f"{ip_address}/{prefix_length}") + + return ip_addresses diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index 975addf5033..cbad959ac30 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -108,7 +108,7 @@ def _generate_ha_path_group(self) -> dict: { "router_ip": self._wan_ha_peer_vtep_ip(), "name": self.shared_utils.wan_ha_path_group_name, - "ipv4_addresses": self._wan_ha_peer_ip_addresses(), + "ipv4_addresses": [ip_address.split("/")[0] for ip_address in self.shared_utils.wan_ha_peer_ip_addresses], } ], } @@ -124,26 +124,6 @@ def _wan_ha_interfaces(self) -> list: """ return [uplink for uplink in self.shared_utils.get_switch_fact("uplinks") if get(uplink, "vrf") is None] - def _wan_ha_peer_ip_addresses(self) -> list: - """ - Read the IP addresses from HA peer uplinks - """ - peer_facts = self.shared_utils.get_peer_facts(self.shared_utils.wan_ha_peer, required=True) - # For now only picking up uplink interfaces in VRF default on the router. - vrf_default_peer_uplinks = [uplink for uplink in get(peer_facts, "uplinks", required=True) if get(uplink, "vrf") is None] - return [ - get( - uplink, - "ip_address", - required=True, - org_key=( - f"The uplink interface {uplink['interface']} used as WAN LAN HA on the remote peer " - f"{self.shared_utils.wan_ha_peer} interface does not have an IP address", - ), - ) - for uplink in vrf_default_peer_uplinks - ] - def _wan_ha_peer_vtep_ip(self) -> str: """ """ peer_facts = self.shared_utils.get_peer_facts(self.shared_utils.wan_ha_peer, required=True) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py index ef0957074aa..db993f77fa6 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py @@ -3,6 +3,7 @@ # that can be found in the LICENSE file. from __future__ import annotations +import ipaddress from functools import cached_property from .utils import UtilsMixin @@ -48,9 +49,18 @@ def prefix_lists(self) -> list | None: # TODO - may be needed in other situations if self.shared_utils.wan_ha and self.shared_utils.underlay_routing_protocol == "ebgp": - sequence_numbers = [{"sequence": 10, "action": f"permit {self.shared_utils.uplink_ipv4_pool} eq 31"}] + sequence_numbers = [ + {"sequence": 10 * (index + 1), "action": f"permit {ipaddress.ip_network(ip_address, strict=False)}"} + for index, ip_address in enumerate(self.shared_utils.wan_ha_ip_addresses) + ] prefix_lists.append({"name": "PL-WAN-HA-PREFIXES", "sequence_numbers": sequence_numbers}) + sequence_numbers = [ + {"sequence": 10 * (index + 1), "action": f"permit {ipaddress.ip_network(ip_address, strict=False)}"} + for index, ip_address in enumerate(self.shared_utils.wan_ha_peer_ip_addresses) + ] + prefix_lists.append({"name": "PL-WAN-HA-PEER-PREFIXES", "sequence_numbers": sequence_numbers}) + return prefix_lists @cached_property diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py index fe3b172e6c9..6d9f4394389 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py @@ -97,26 +97,36 @@ def route_maps(self) -> list | None: # RM-BGP-UNDERLAY-PEERS-IN sequence_numbers = [ { - "sequence": 20, - "type": "deny", - "description": "Deny prefixes from WAN", - "match": ["as-path ASPATH-WAN"], - }, - { - "sequence": 30, + "sequence": 40, "type": "permit", "description": "Mark prefixes originated from the LAN", "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], }, ] if self.shared_utils.wan_ha: - sequence_numbers.append( - { - "sequence": 10, - "type": "deny", - "description": "Deny prefixes with our SoO set", - "match": ["extcommunity ECL-EVPN-SOO"], - }, + sequence_numbers.extend( + [ + { + "sequence": 10, + "type": "permit", + "description": "Allow WAN HA peer interface prefixes", + "match": ["ip address prefix-list PL-WAN-HA-PEER-PREFIXES"], + }, + { + "sequence": 20, + "type": "permit", + "description": "Allow prefixes originated from the HA peer", + "match": ["extcommunity ECL-EVPN-SOO"], + "set": ["as-path match all replacement auto auto"], + }, + { + "sequence": 30, + "type": "permit", + "description": "Use WAN routes from HA peer as backup", + "match": ["as-path ASPATH-WAN"], + "set": ["community no-advertise"], + }, + ] ) route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-IN", "sequence_numbers": sequence_numbers}) @@ -140,9 +150,8 @@ def route_maps(self) -> list | None: { "sequence": 30, "type": "permit", - "description": "Advertise WAN HA prefixes towards LAN and mark them with SoO", + "description": "Advertise WAN HA prefixes towards LAN", "match": ["ip address prefix-list PL-WAN-HA-PREFIXES"], - "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], }, ) route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-OUT", "sequence_numbers": sequence_numbers}) From 9114360c929892b4db874f9b0e06b058bbd4d37e Mon Sep 17 00:00:00 2001 From: Guillaume Mulocher Date: Wed, 21 Feb 2024 14:43:33 +0100 Subject: [PATCH 06/11] Apply suggestions from code review Co-authored-by: Claus Holbech --- .../avd/roles/eos_designs/docs/wan-preview.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index 6c021114f15..aae6625223f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -78,12 +78,20 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co for eBGP LAN routing protocol the following is done to enable HA: -- the HA interface(s) is(are) the uplink interface(s). -- the HA interface(s) subnet(s) are redistributed in BGP via the `RM-CONN-2-BGP` route-map -- BGP underlay peer group is configured with `allowas-in 1` to be able to learn the HA peer uplink interface subnet coming with the same ASN via eBGP over the LAN. +- the uplink interfaces are used as HA interfaces. +- the subnets of the HA interfaces are redistributed to BGP via the `RM-CONN-2-BGP` route-map +BGP underlay peer group is configured with `allowas-in 1` to be able to learn the HA peer uplink interface subnet over the LAN as well as learning WAN routes from other sites (as backup in case all WAN links are lost). - the Underlay peer group is configured with two route-maps - - one outbound route-map `RM-WAN-HA-SOO-OUT` to tag all the WAN received routes with the SOO `:` except the uplink interface subnet. - - one inbound route-map `RM-WAN-HA-SOO-IN` denying any route with the SOO. + - one inbound route-map `RM-UNDERLAY-PEERS-IN` + - Match HA peer's uplink subnets (not marked) to be able to form HA tunnel (not exported to EVPN). + - Match HA peer's originated prefixes, set longer AS path and mark with SoO to export to EVPN. These will be used as backup from other sites to destinations on HA Peer Router in case all WAN connections on Peer are down. + - Match all WAN routes using AS path and set no-advertise community. This will be used as backup routes to the WAN in case this router looses all WAN connections. + - Match anything else (LAN prefixes) and mark with the SoO `:` to export to EVPN. + - one outbound route-map `RM-UNDERLAY-PEERS-OUT` + - allowing local routes marked with SoO (routes/interfaces defined via tenants + router-id) + - allowing subnets of uplink interfaces. + - allow all routes learned from iBGP (WAN) + - Implicitly denying other routes which could be learned from BGP towards a WAN provider or redistributed without marking with SoO. ##### OSPF LAN HA From 5d0546ad4c9e580b6d4bad103142c7b614cfdfb0 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 21 Feb 2024 15:26:29 +0100 Subject: [PATCH 07/11] Refactor: Address PR comments --- .../converge.yml | 42 -- .../invalid-wan-role-cv-pathfinder-role-1.yml | 2 - .../invalid-wan-role-cv-pathfinder-role-2.yml | 2 - .../inventory/hosts.yml | 8 +- .../intended/configs/cv-pathfinder-edge2A.cfg | 479 ++++++++++++ ...der-edge3.cfg => cv-pathfinder-edge2B.cfg} | 28 +- ...ransit.cfg => cv-pathfinder-transit1A.cfg} | 86 ++- .../configs/cv-pathfinder-transit1B.cfg | 513 +++++++++++++ .../configs/site-ha-disabled-leaf.cfg | 20 +- .../configs/site-ha-enabled-leaf1.cfg | 60 +- .../configs/site-ha-enabled-leaf2A.cfg | 192 +++++ .../configs/site-ha-enabled-leaf2B.cfg | 192 +++++ .../cv-pathfinder-edge2A.yml | 661 +++++++++++++++++ ...der-edge3.yml => cv-pathfinder-edge2B.yml} | 44 +- ...ransit.yml => cv-pathfinder-transit1A.yml} | 192 ++++- .../cv-pathfinder-transit1B.yml | 696 ++++++++++++++++++ .../site-ha-disabled-leaf.yml | 20 +- .../site-ha-enabled-leaf1.yml | 76 +- .../site-ha-enabled-leaf2A.yml | 270 +++++++ .../site-ha-enabled-leaf2B.yml | 270 +++++++ .../group_vars/CV_PATHFINDER_TESTS.yml | 72 +- .../inventory/hosts.yml | 13 +- .../docs/tables/fabric-settings.md | 5 +- .../eos_designs/docs/tables/node-type-keys.md | 4 +- .../schemas/eos_designs.jsonschema.json | 4 +- .../schemas/eos_designs.schema.yml | 9 +- .../underlay_routing_protocol.schema.yml | 2 - 27 files changed, 3700 insertions(+), 262 deletions(-) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{cv-pathfinder-edge3.cfg => cv-pathfinder-edge2B.cfg} (93%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{cv-pathfinder-transit.cfg => cv-pathfinder-transit1A.cfg} (81%) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{cv-pathfinder-edge3.yml => cv-pathfinder-edge2B.yml} (93%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{cv-pathfinder-transit.yml => cv-pathfinder-transit1A.yml} (82%) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml index fa338760fa0..5ab89323c64 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/converge.yml @@ -182,48 +182,6 @@ - ansible_failed_result is defined - ansible_failed_result.msg == expected_error_message -- name: Converge Negative tests for 'eos_designs_facts' - hosts: fabric_wan_role_cv_pathinder_role_1 - connection: local - tasks: - - name: Run failure scenario Test - block: - - name: Trigger Error - ansible.builtin.import_role: - name: arista.avd.eos_designs - rescue: - - name: Error message - run_once: true - ansible.builtin.debug: - var: ansible_failed_result.msg - - name: Assert eos_designs failed with the expected error message - run_once: true - ansible.builtin.assert: - that: - - ansible_failed_result is defined - - ansible_failed_result.msg == expected_error_message - -- name: Converge Negative tests for 'eos_designs_facts' - hosts: fabric_wan_role_cv_pathinder_role_2 - connection: local - tasks: - - name: Run failure scenario Test - block: - - name: Trigger Error - ansible.builtin.import_role: - name: arista.avd.eos_designs - rescue: - - name: Error message - run_once: true - ansible.builtin.debug: - var: ansible_failed_result.msg - - name: Assert eos_designs failed with the expected error message - run_once: true - ansible.builtin.assert: - that: - - ansible_failed_result is defined - - ansible_failed_result.msg == expected_error_message - - name: Converge Negative tests for 'eos_designs_structured_config' hosts: EOS_DESIGNS_FAILURES gather_facts: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml index 04c773e7208..663d72403a0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-1.yml @@ -1,6 +1,4 @@ --- -fabric_name: fabric_wan_role_cv_pathinder_role_1 - wan_mode: cv-pathfinder type: wan_edge diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml index 18415de21d8..b90d04b2a44 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-cv-pathfinder-role-2.yml @@ -1,6 +1,4 @@ --- -fabric_name: fabric_wan_role_cv_pathinder_role_2 - wan_mode: cv-pathfinder type: wan_rr diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml index cadc80c1e2d..868125b4dc5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml @@ -51,12 +51,6 @@ all: fabric_p2p_vrfs: hosts: invalid-uplink-type-p2p-vrfs-underlay-router-false: - fabric_wan_role_cv_pathinder_role_1: - hosts: - invalid-wan-role-cv-pathfinder-role-1: - fabric_wan_role_cv_pathinder_role_2: - hosts: - invalid-wan-role-cv-pathfinder-role-2: EOS_DESIGNS_FAILURES: # Add cases that fail during 'eos_designs_structured_config' phase hosts: failure-port-channel: @@ -93,6 +87,8 @@ all: failure-duplicate-evpn-vlan-bundle-name: ntp-settings-server-vrf-missing-mgmt-ip: ntp-settings-server-vrf-missing-inband-mgmt-interface: + invalid-wan-role-cv-pathfinder-role-1: + invalid-wan-role-cv-pathfinder-role-2: source-interfaces-domain-lookup-duplicate-vrf: source-interfaces-domain-lookup-missing-inband-mgmt-interface: source-interfaces-domain-lookup-missing-mgmt-ip: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg new file mode 100644 index 00000000000..420667b423a --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg @@ -0,0 +1,479 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 + no shutdown +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-edge2A +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + path-group LAN_HA id 65535 + ipsec profile DP-PROFILE + flow assignment lan + ! + local interface Ethernet52 + ! + local interface Ethernet53 + ! + peer static router-ip 192.168.142.3 + name LAN_HA + ipv4 address 172.17.0.9 + ipv4 address 172.17.0.11 + ! + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group INET + path-group LAN_HA + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group INET priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group INET priority 2 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.142.2 + ! + ike policy CP-IKE-POLICY + local-id 192.168.142.2 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + ip address 192.168.142.2/32 +! +interface Ethernet1 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.5/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.5/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.5/31 +! +interface Ethernet53 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.7/31 +! +interface Ethernet53.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.7/31 +! +interface Ethernet53.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.7/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.2/32 +! +interface Vxlan1 + description cv-pathfinder-edge2A_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.42.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.8/31 + seq 20 permit 172.17.0.10/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.4/31 + seq 20 permit 172.17.0.6/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.42.2:423 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.2 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.42.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.42.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.42.2 + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.42.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.42.2 + neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD + neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD + redistribute connected +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg similarity index 93% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg index d51999f13a1..0c4cd76dc4d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg @@ -18,7 +18,7 @@ service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any ! -hostname cv-pathfinder-edge3 +hostname cv-pathfinder-edge2B ! router adaptive-virtual-topology topology role edge @@ -203,7 +203,7 @@ interface Ethernet2 ip address 172.15.6.6/31 ! interface Ethernet52 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2 no shutdown mtu 9214 no switchport @@ -211,7 +211,7 @@ interface Ethernet52 ip address 172.17.0.9/31 ! interface Ethernet52.42 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.42_vrf_PROD no shutdown mtu 9214 encapsulation dot1q vlan 42 @@ -219,7 +219,7 @@ interface Ethernet52.42 ip address 172.17.0.9/31 ! interface Ethernet52.100 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.100_vrf_IT no shutdown mtu 9214 encapsulation dot1q vlan 100 @@ -227,7 +227,7 @@ interface Ethernet52.100 ip address 172.17.0.9/31 ! interface Ethernet53 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2 no shutdown mtu 9214 no switchport @@ -235,7 +235,7 @@ interface Ethernet53 ip address 172.17.0.11/31 ! interface Ethernet53.42 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.42_vrf_PROD + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.42_vrf_PROD no shutdown mtu 9214 encapsulation dot1q vlan 42 @@ -243,7 +243,7 @@ interface Ethernet53.42 ip address 172.17.0.11/31 ! interface Ethernet53.100 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.100_vrf_IT + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.100_vrf_IT no shutdown mtu 9214 encapsulation dot1q vlan 100 @@ -256,7 +256,7 @@ interface Loopback0 ip address 192.168.42.3/32 ! interface Vxlan1 - description cv-pathfinder-edge3_VTEP + description cv-pathfinder-edge2B_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -396,10 +396,10 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.8 remote-as 65000 - neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2 + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.10 remote-as 65000 - neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2 + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder redistribute connected route-map RM-CONN-2-BGP @@ -438,10 +438,10 @@ router bgp 65000 router-id 192.168.42.3 neighbor 172.17.0.8 remote-as 65000 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT neighbor 172.17.0.10 remote-as 65000 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2.100_vrf_IT + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT redistribute connected ! vrf PROD @@ -451,10 +451,10 @@ router bgp 65000 router-id 192.168.42.3 neighbor 172.17.0.8 remote-as 65000 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.8 description site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD neighbor 172.17.0.10 remote-as 65000 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.10 description site-ha-enabled-leaf2_Ethernet2.42_vrf_PROD + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD redistribute connected ! router traffic-engineering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg similarity index 81% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg index 1afd779ecfd..14303f2d760 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg @@ -14,7 +14,7 @@ service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any ! -hostname cv-pathfinder-transit +hostname cv-pathfinder-transit1A ! router adaptive-virtual-topology topology role transit region @@ -122,6 +122,15 @@ router path-selection ipv4 address 10.7.7.7 ipv4 address 10.9.9.9 ! + path-group LAN_HA id 65535 + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.143.2 + name LAN_HA + ipv4 address 172.17.0.3 + ! path-group MPLS id 100 ! local interface Ethernet2.42 @@ -135,35 +144,43 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! @@ -182,6 +199,9 @@ vrf instance TRANSIT ! ip security ! + ike policy DP-IKE-POLICY + local-id 192.168.143.1 + ! ike policy CP-IKE-POLICY local-id 192.168.143.1 ! @@ -194,6 +214,7 @@ ip security pfs dh-group 14 ! profile DP-PROFILE + ike-policy DP-IKE-POLICY sa-policy DP-SA-POLICY connection start shared-key 7 ABCDEF1234567890666 @@ -238,13 +259,37 @@ interface Ethernet2.42 flow tracker hardware WAN-FLOW-TRACKER ip address 172.16.6.6/31 ! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.1/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.1/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.1/31 +! interface Loopback0 description Router_ID no shutdown ip address 192.168.43.1/32 ! interface Vxlan1 - description cv-pathfinder-transit_VTEP + description cv-pathfinder-transit1A_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -306,6 +351,26 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.43.0/24 eq 32 ! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.2/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.0/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.43.1:422 additive @@ -318,10 +383,17 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.43.1:422 additive ! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 match extcommunity ECL-EVPN-SOO ! @@ -342,6 +414,7 @@ router bgp 65000 update wait-install no bgp default ipv4-unicast neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 neighbor IPv4-UNDERLAY-PEERS send-community neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in @@ -355,6 +428,9 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder redistribute connected route-map RM-CONN-2-BGP @@ -391,6 +467,9 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.43.1 + neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.100_vrf_IT redistribute connected ! vrf PROD @@ -398,6 +477,9 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.43.1 + neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD redistribute connected ! vrf TRANSIT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg new file mode 100644 index 00000000000..132d94a47c5 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg @@ -0,0 +1,513 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 + no shutdown +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-transit1B +! +router adaptive-virtual-topology + topology role transit region + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site422 id 422 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + policy TRANSIT-AVT-POLICY + ! + match application-profile VOICE + avt profile TRANSIT-AVT-POLICY-VOICE + ! + match application-profile default + avt profile TRANSIT-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + profile TRANSIT-AVT-POLICY-DEFAULT + path-selection load-balance LB-TRANSIT-AVT-POLICY-DEFAULT + ! + profile TRANSIT-AVT-POLICY-VOICE + path-selection load-balance LB-TRANSIT-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 + ! + vrf TRANSIT + avt policy TRANSIT-AVT-POLICY + avt profile TRANSIT-AVT-POLICY-DEFAULT id 1 + avt profile TRANSIT-AVT-POLICY-VOICE id 42 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1.42 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + path-group LAN_HA id 65535 + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.143.1 + name LAN_HA + ipv4 address 172.17.0.1 + ! + path-group MPLS id 100 + ! + local interface Ethernet2.42 + stun server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 172.16.0.1 + ! + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group INET + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 42 + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group INET + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group MPLS + path-group INET priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group MPLS + path-group INET priority 2 + ! + load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA + path-group MPLS + path-group INET priority 2 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +vrf instance TRANSIT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.143.2 + ! + ike policy CP-IKE-POLICY + local-id 192.168.143.2 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + ip address 192.168.143.2/32 +! +interface Ethernet1 + no shutdown + no switchport +! +interface Ethernet1.42 + no shutdown + encapsulation dot1q vlan 42 + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +interface Ethernet2 + no shutdown + no switchport +! +interface Ethernet2.42 + no shutdown + encapsulation dot1q vlan 666 + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.16.6.6/31 +! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.3/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.3/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.3/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.43.2/32 +! +interface Vxlan1 + description cv-pathfinder-transit1B_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 + vxlan vrf TRANSIT vni 66 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +ip routing vrf TRANSIT +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.43.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.0/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.2/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.43.1:422 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.43.1:422 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.43.1:422 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.43.2 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.43.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.43.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.43.2 + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.43.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.43.2 + neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + redistribute connected + ! + vrf TRANSIT + rd 192.168.43.2:66 + route-target import evpn 66:66 + route-target export evpn 66:66 + router-id 192.168.43.2 + redistribute connected +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 + server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip address 172.16.0.1 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg index 7677a416156..22176b03a72 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg @@ -72,12 +72,12 @@ interface Ethernet2.100 interface Loopback0 description EVPN_Overlay_Peering no shutdown - ip address 192.168.45.3/32 + ip address 192.168.45.4/32 ! interface Loopback1 description VTEP_VXLAN_Tunnel_Source no shutdown - ip address 192.168.255.3/32 + ip address 192.168.255.4/32 ! interface Vlan100 description VLAN100 @@ -113,7 +113,7 @@ router bfd multihop interval 300 min-rx 300 multiplier 3 ! router bgp 65000 - router-id 192.168.45.3 + router-id 192.168.45.4 maximum-paths 4 ecmp 4 update wait-install no bgp default ipv4-unicast @@ -135,12 +135,12 @@ router bgp 65000 redistribute connected route-map RM-CONN-2-BGP ! vlan 100 - rd 192.168.45.3:1100 + rd 192.168.45.4:1100 route-target both 1100:1100 redistribute learned ! vlan 101 - rd 192.168.45.3:1101 + rd 192.168.45.4:1101 route-target both 1101:1101 redistribute learned ! @@ -152,15 +152,15 @@ router bgp 65000 neighbor IPv4-UNDERLAY-PEERS activate ! vrf default - rd 192.168.45.3:1 + rd 192.168.45.4:1 route-target import evpn 1:1 route-target export evpn 1:1 ! vrf IT - rd 192.168.45.3:100 + rd 192.168.45.4:100 route-target import evpn 100:100 route-target export evpn 100:100 - router-id 192.168.45.3 + router-id 192.168.45.4 neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.100_vrf_IT @@ -170,10 +170,10 @@ router bgp 65000 redistribute connected ! vrf PROD - rd 192.168.45.3:42 + rd 192.168.45.4:42 route-target import evpn 42:42 route-target export evpn 42:42 - router-id 192.168.45.3 + router-id 192.168.45.4 neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.42_vrf_PROD diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg index 0f4ff67fb0b..33eb2bc9191 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg @@ -24,50 +24,50 @@ vrf instance MGMT vrf instance PROD ! interface Ethernet1 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52 no shutdown mtu 9214 no switchport - ip address 172.17.0.4/31 + ip address 172.17.0.0/31 ! interface Ethernet1.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.42_vrf_PROD no shutdown mtu 9214 encapsulation dot1q vlan 42 vrf PROD - ip address 172.17.0.4/31 + ip address 172.17.0.0/31 ! interface Ethernet1.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.100_vrf_IT no shutdown mtu 9214 encapsulation dot1q vlan 100 vrf IT - ip address 172.17.0.4/31 + ip address 172.17.0.0/31 ! interface Ethernet2 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52 no shutdown mtu 9214 no switchport - ip address 172.17.0.8/31 + ip address 172.17.0.2/31 ! interface Ethernet2.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.42_vrf_PROD no shutdown mtu 9214 encapsulation dot1q vlan 42 vrf PROD - ip address 172.17.0.8/31 + ip address 172.17.0.2/31 ! interface Ethernet2.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.100_vrf_IT no shutdown mtu 9214 encapsulation dot1q vlan 100 vrf IT - ip address 172.17.0.8/31 + ip address 172.17.0.2/31 ! interface Loopback0 description EVPN_Overlay_Peering @@ -126,12 +126,12 @@ router bgp 65000 neighbor IPv4-UNDERLAY-PEERS peer group neighbor IPv4-UNDERLAY-PEERS send-community neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52 - neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.9 remote-as 65000 - neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52 redistribute connected route-map RM-CONN-2-BGP ! vlan 100 @@ -161,12 +161,12 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.45.1 - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52.100_vrf_IT - neighbor 172.17.0.9 remote-as 65000 - neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52.100_vrf_IT + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52.100_vrf_IT + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52.100_vrf_IT redistribute connected ! vrf PROD @@ -174,12 +174,12 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.45.1 - neighbor 172.17.0.5 remote-as 65000 - neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.5 description cv-pathfinder-edge2_Ethernet52.42_vrf_PROD - neighbor 172.17.0.9 remote-as 65000 - neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.9 description cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52.42_vrf_PROD + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52.42_vrf_PROD redistribute connected ! management api http-commands diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg new file mode 100644 index 00000000000..dcfb3fec80b --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf2A +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.4/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.4/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.4/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.8/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.8/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.8/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.2/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.2/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf2A_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.45.2 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.2:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.2:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.2 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52.100_vrf_IT + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.2 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52.42_vrf_PROD + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg new file mode 100644 index 00000000000..53b047897d6 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf2B +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.6/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.6/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.6/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.10/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.10/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.10/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.3/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.3/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf2B_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.45.3 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.3:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.3:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.3:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.3:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.3 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53.100_vrf_IT + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.3:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.3 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53.42_vrf_PROD + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml new file mode 100644 index 00000000000..4905d1a7ba8 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -0,0 +1,661 @@ +hostname: cv-pathfinder-edge2A +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet1 + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT + rd: 192.168.42.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD + rd: 192.168.42.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.5/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet53 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.7/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet53.100 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.7/31 +- name: Ethernet53.42 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.7/31 +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.2/32 +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.4/31 + - sequence: 20 + action: permit 172.17.0.6/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.8/31 + - sequence: 20 + action: permit 172.17.0.10/31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.2 + - name: CP-IKE-POLICY + local_id: 192.168.142.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site423 + id: 423 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + - name: Ethernet53 + static_peers: + - router_ip: 192.168.142.3 + name: LAN_HA + ipv4_addresses: + - 172.17.0.9 + - 172.17.0.11 + ipsec_profile: DP-PROFILE + load_balance_policies: + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: INET + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9214 + ip_address: 192.168.142.2/32 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge2A_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 423-01 + cv_pathfinder: + role: edge + vtep_ip: 192.168.142.2 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site423 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: 423-01 + pathgroup: INET + pathfinders: + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml similarity index 93% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml index 6abd0d44f5e..94a32ac1e3b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -1,4 +1,4 @@ -hostname: cv-pathfinder-edge3 +hostname: cv-pathfinder-edge2B is_deployed: true router_bgp: as: '65000' @@ -42,13 +42,13 @@ router_bgp: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: site-ha-enabled-leaf1 - description: site-ha-enabled-leaf1_Ethernet2 + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet2 - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: site-ha-enabled-leaf2 - description: site-ha-enabled-leaf2_Ethernet2 + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet2 - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder @@ -60,11 +60,11 @@ router_bgp: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + description: site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf2_Ethernet2.100_vrf_IT + description: site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT rd: 192.168.42.3:100 route_targets: import: @@ -83,11 +83,11 @@ router_bgp: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + description: site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site-ha-enabled-leaf2_Ethernet2.42_vrf_PROD + description: site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD rd: 192.168.42.3:42 route_targets: import: @@ -162,10 +162,10 @@ management_api_http: enable_https: true ethernet_interfaces: - name: Ethernet52 - peer: site-ha-enabled-leaf1 + peer: site-ha-enabled-leaf2A peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2 shutdown: false mtu: 9214 type: routed @@ -173,32 +173,32 @@ ethernet_interfaces: flow_tracker: hardware: WAN-FLOW-TRACKER - name: Ethernet52.100 - peer: site-ha-enabled-leaf1 + peer: site-ha-enabled-leaf2A peer_interface: Ethernet2.100 peer_type: l3leaf vrf: IT - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.100_vrf_IT shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 100 mtu: 9214 ip_address: 172.17.0.9/31 - name: Ethernet52.42 - peer: site-ha-enabled-leaf1 + peer: site-ha-enabled-leaf2A peer_interface: Ethernet2.42 peer_type: l3leaf vrf: PROD - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.42_vrf_PROD shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 42 mtu: 9214 ip_address: 172.17.0.9/31 - name: Ethernet53 - peer: site-ha-enabled-leaf2 + peer: site-ha-enabled-leaf2B peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2 + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2 shutdown: false mtu: 9214 type: routed @@ -206,22 +206,22 @@ ethernet_interfaces: flow_tracker: hardware: WAN-FLOW-TRACKER - name: Ethernet53.100 - peer: site-ha-enabled-leaf2 + peer: site-ha-enabled-leaf2B peer_interface: Ethernet2.100 peer_type: l3leaf vrf: IT - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.100_vrf_IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.100_vrf_IT shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 100 mtu: 9214 ip_address: 172.17.0.11/31 - name: Ethernet53.42 - peer: site-ha-enabled-leaf2 + peer: site-ha-enabled-leaf2B peer_interface: Ethernet2.42 peer_type: l3leaf vrf: PROD - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet2.42_vrf_PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.42_vrf_PROD shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 42 @@ -601,7 +601,7 @@ dps_interfaces: hardware: WAN-FLOW-TRACKER vxlan_interface: Vxlan1: - description: cv-pathfinder-edge3_VTEP + description: cv-pathfinder-edge2B_VTEP vxlan: udp_port: 4789 source_interface: Dps1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml similarity index 82% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index 3973af1e089..5da5410e4e2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -1,4 +1,4 @@ -hostname: cv-pathfinder-transit +hostname: cv-pathfinder-transit1A is_deployed: true router_bgp: as: '65000' @@ -17,6 +17,9 @@ router_bgp: send_community: all route_map_in: RM-BGP-UNDERLAY-PEERS-IN route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 - name: WAN-OVERLAY-PEERS type: wan update_source: Dps1 @@ -39,52 +42,24 @@ router_bgp: redistribute_routes: - source_protocol: connected route_map: RM-CONN-2-BGP - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: - any: true neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet1 - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder description: cv-pathfinder-pathfinder vrfs: - - name: default - rd: 192.168.43.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet1.100_vrf_IT rd: 192.168.43.1:100 route_targets: import: @@ -99,6 +74,11 @@ router_bgp: - source_protocol: connected - name: PROD router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD rd: 192.168.43.1:42 route_targets: import: @@ -111,6 +91,18 @@ router_bgp: - '42:42' redistribute_routes: - source_protocol: connected + - name: default + rd: 192.168.43.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: TRANSIT router_id: 192.168.43.1 rd: 192.168.43.1:66 @@ -125,6 +117,32 @@ router_bgp: - 66:66 redistribute_routes: - source_protocol: connected + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true service_routing_protocols_model: multi-agent ip_routing: true transceiver_qsfp_default_mode_4x10: false @@ -147,6 +165,39 @@ management_api_http: - name: MGMT enable_https: true ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.1/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.1/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.1/31 - name: Ethernet1.42 peer_type: l3_interface ip_address: dhcp @@ -188,6 +239,14 @@ prefix_lists: sequence_numbers: - sequence: 10 action: permit 192.168.43.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.2/31 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -197,6 +256,10 @@ route_maps: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set: - extcommunity soo 192.168.43.1:422 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - sequence: 40 @@ -204,6 +267,25 @@ route_maps: description: Mark prefixes originated from the LAN set: - extcommunity soo 192.168.43.1:422 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -216,6 +298,11 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 @@ -257,6 +344,8 @@ ip_extcommunity_lists: extcommunities: soo 192.168.43.1:422 ip_security: ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.143.1 - name: CP-IKE-POLICY local_id: 192.168.143.1 sa_policies: @@ -270,6 +359,7 @@ ip_security: pfs_dh_group: 14 profiles: - name: DP-PROFILE + ike_policy: DP-IKE-POLICY sa_policy: DP-SA-POLICY connection: start shared_key: ABCDEF1234567890666 @@ -420,44 +510,62 @@ router_path_selection: name: cv-pathfinder-pathfinder ipv4_addresses: - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.143.2 + name: LAN_HA + ipv4_addresses: + - 172.17.0.3 load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -533,7 +641,7 @@ dps_interfaces: hardware: WAN-FLOW-TRACKER vxlan_interface: Vxlan1: - description: cv-pathfinder-transit_VTEP + description: cv-pathfinder-transit1A_VTEP vxlan: udp_port: 4789 source_interface: Dps1 @@ -558,6 +666,10 @@ metadata: - name: Site value: Site422 interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan - interface: Ethernet1 tags: - name: Type diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml new file mode 100644 index 00000000000..da7469d8e6a --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -0,0 +1,696 @@ +hostname: cv-pathfinder-transit1B +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.43.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + rd: 192.168.43.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + rd: 192.168.43.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.43.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: TRANSIT + router_id: 192.168.43.2 + rd: 192.168.43.2:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + redistribute_routes: + - source_protocol: connected + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +- name: TRANSIT + tenant: TenantB + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.3/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.3/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.3/31 +- name: Ethernet1.42 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet2.42 + peer_type: l3_interface + ip_address: 172.16.6.6/31 + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 666 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet1 + type: routed + peer_type: l3_interface + shutdown: false +- name: Ethernet2 + type: routed + peer_type: l3_interface + shutdown: false +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.43.2/32 +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.43.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.2/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.43.1:422 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.43.1:422 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.43.1:422 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.43.1:422 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.143.2 + - name: CP-IKE-POLICY + local_id: 192.168.143.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: transit region + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site422 + id: 422 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY-VOICE + load_balance_policy: LB-TRANSIT-AVT-POLICY-VOICE + - name: TRANSIT-AVT-POLICY-DEFAULT + load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: TRANSIT + policy: TRANSIT-AVT-POLICY + profiles: + - name: TRANSIT-AVT-POLICY-VOICE + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: TRANSIT-AVT-POLICY-VOICE + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1.42 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2.42 + stun: + server_profiles: + - MPLS-cv-pathfinder-pathfinder-Ethernet2 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.143.1 + name: LAN_HA + ipv4_addresses: + - 172.17.0.1 + load_balance_policies: + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 42 + - name: LB-TRANSIT-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + - name: LB-TRANSIT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 2 +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip_address: 172.16.0.1 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9214 + ip_address: 192.168.143.2/32 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-transit1B_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 + - name: TRANSIT + vni: 66 +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site422 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + vtep_ip: 192.168.143.2 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site422 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET + - name: Ethernet2.42 + carrier: Colt + circuit_id: '10666' + pathgroup: MPLS + pathfinders: + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml index e8768da5e3f..3d9d26c81b0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml @@ -2,7 +2,7 @@ hostname: site-ha-disabled-leaf is_deployed: true router_bgp: as: '65000' - router_id: 192.168.45.3 + router_id: 192.168.45.4 bgp: default: ipv4_unicast: false @@ -45,7 +45,7 @@ router_bgp: description: cv-pathfinder-edge-no-common-path-group_Ethernet52 vrfs: - name: IT - router_id: 192.168.45.3 + router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -55,7 +55,7 @@ router_bgp: peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' description: cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT - rd: 192.168.45.3:100 + rd: 192.168.45.4:100 route_targets: import: - address_family: evpn @@ -68,7 +68,7 @@ router_bgp: redistribute_routes: - source_protocol: connected - name: PROD - router_id: 192.168.45.3 + router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -78,7 +78,7 @@ router_bgp: peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' description: cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD - rd: 192.168.45.3:42 + rd: 192.168.45.4:42 route_targets: import: - address_family: evpn @@ -91,7 +91,7 @@ router_bgp: redistribute_routes: - source_protocol: connected - name: default - rd: 192.168.45.3:1 + rd: 192.168.45.4:1 route_targets: import: - address_family: evpn @@ -108,7 +108,7 @@ router_bgp: vlans: - id: 100 tenant: TenantA - rd: 192.168.45.3:1100 + rd: 192.168.45.4:1100 route_targets: both: - 1100:1100 @@ -116,7 +116,7 @@ router_bgp: - learned - id: 101 tenant: TenantA - rd: 192.168.45.3:1101 + rd: 192.168.45.4:1101 route_targets: both: - 1101:1101 @@ -209,11 +209,11 @@ loopback_interfaces: - name: Loopback0 description: EVPN_Overlay_Peering shutdown: false - ip_address: 192.168.45.3/32 + ip_address: 192.168.45.4/32 - name: Loopback1 description: VTEP_VXLAN_Tunnel_Source shutdown: false - ip_address: 192.168.255.3/32 + ip_address: 192.168.255.4/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml index 0b02c222724..d25b1eea39b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml @@ -33,28 +33,28 @@ router_bgp: - source_protocol: connected route_map: RM-CONN-2-BGP neighbors: - - ip_address: 172.17.0.5 + - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: cv-pathfinder-edge2 - description: cv-pathfinder-edge2_Ethernet52 - - ip_address: 172.17.0.9 + peer: cv-pathfinder-transit1A + description: cv-pathfinder-transit1A_Ethernet52 + - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - peer: cv-pathfinder-edge3 - description: cv-pathfinder-edge3_Ethernet52 + peer: cv-pathfinder-transit1B + description: cv-pathfinder-transit1B_Ethernet52 vrfs: - name: IT router_id: 192.168.45.1 neighbors: - - ip_address: 172.17.0.5 + - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet52.100_vrf_IT - - ip_address: 172.17.0.9 + description: cv-pathfinder-transit1A_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet52.100_vrf_IT + description: cv-pathfinder-transit1B_Ethernet52.100_vrf_IT rd: 192.168.45.1:100 route_targets: import: @@ -70,14 +70,14 @@ router_bgp: - name: PROD router_id: 192.168.45.1 neighbors: - - ip_address: 172.17.0.5 + - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet52.42_vrf_PROD - - ip_address: 172.17.0.9 + description: cv-pathfinder-transit1A_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet52.42_vrf_PROD + description: cv-pathfinder-transit1B_Ethernet52.42_vrf_PROD rd: 192.168.45.1:42 route_targets: import: @@ -144,67 +144,67 @@ management_api_http: enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: cv-pathfinder-edge2 + peer: cv-pathfinder-transit1A peer_interface: Ethernet52 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52 + peer_type: wan_transit + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52 shutdown: false mtu: 9214 type: routed - ip_address: 172.17.0.4/31 + ip_address: 172.17.0.0/31 - name: Ethernet1.100 - peer: cv-pathfinder-edge2 + peer: cv-pathfinder-transit1A peer_interface: Ethernet52.100 - peer_type: wan_edge + peer_type: wan_transit vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.100_vrf_IT + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.100_vrf_IT shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 100 mtu: 9214 - ip_address: 172.17.0.4/31 + ip_address: 172.17.0.0/31 - name: Ethernet1.42 - peer: cv-pathfinder-edge2 + peer: cv-pathfinder-transit1A peer_interface: Ethernet52.42 - peer_type: wan_edge + peer_type: wan_transit vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet52.42_vrf_PROD + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.42_vrf_PROD shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 42 mtu: 9214 - ip_address: 172.17.0.4/31 + ip_address: 172.17.0.0/31 - name: Ethernet2 - peer: cv-pathfinder-edge3 + peer: cv-pathfinder-transit1B peer_interface: Ethernet52 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52 + peer_type: wan_transit + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52 shutdown: false mtu: 9214 type: routed - ip_address: 172.17.0.8/31 + ip_address: 172.17.0.2/31 - name: Ethernet2.100 - peer: cv-pathfinder-edge3 + peer: cv-pathfinder-transit1B peer_interface: Ethernet52.100 - peer_type: wan_edge + peer_type: wan_transit vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.100_vrf_IT + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.100_vrf_IT shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 100 mtu: 9214 - ip_address: 172.17.0.8/31 + ip_address: 172.17.0.2/31 - name: Ethernet2.42 - peer: cv-pathfinder-edge3 + peer: cv-pathfinder-transit1B peer_interface: Ethernet52.42 - peer_type: wan_edge + peer_type: wan_transit vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet52.42_vrf_PROD + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.42_vrf_PROD shutdown: false type: l3dot1q encapsulation_dot1q_vlan: 42 mtu: 9214 - ip_address: 172.17.0.8/31 + ip_address: 172.17.0.2/31 loopback_interfaces: - name: Loopback0 description: EVPN_Overlay_Peering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml new file mode 100644 index 00000000000..322c874b6ea --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf2A +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.45.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2A + description: cv-pathfinder-edge2A_Ethernet52 + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2B + description: cv-pathfinder-edge2B_Ethernet52 + vrfs: + - name: IT + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet52.100_vrf_IT + rd: 192.168.45.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet52.42_vrf_PROD + rd: 192.168.45.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.2:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.2:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.4/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet2 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.8/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.8/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.8/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.2/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.2/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf2A_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml new file mode 100644 index 00000000000..b143799531c --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf2B +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.45.3 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2A + description: cv-pathfinder-edge2A_Ethernet53 + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2B + description: cv-pathfinder-edge2B_Ethernet53 + vrfs: + - name: IT + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet53.100_vrf_IT + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet53.100_vrf_IT + rd: 192.168.45.3:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet53.42_vrf_PROD + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet53.42_vrf_PROD + rd: 192.168.45.3:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.3:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.3:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.6/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet2 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.10/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.10/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.10/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.3/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.3/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf2B_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 40ab92d6b66..97e2262e3b4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -45,7 +45,7 @@ default_node_types: - "cv-pathfinder-pathfinder.*" - node_type: wan_transit match_hostnames: - - "cv-pathfinder-transit" + - "cv-pathfinder-transit.*" - node_type: wan_edge match_hostnames: - "cv-pathfinder-edge.*" @@ -107,13 +107,10 @@ wan_edge: cv_pathfinder_region: AVD_Land_West cv_pathfinder_site: Site423 uplink_type: p2p-vrfs - uplink_switches: [ site-ha-enabled-leaf1, site-ha-enabled-leaf2 ] + uplink_switches: [ site-ha-enabled-leaf2A, site-ha-enabled-leaf2B ] uplink_interfaces: [ Ethernet52, Ethernet53 ] - # Manual HA disable to try it out.. - # wan_ha: - # ipsec: false nodes: - - name: cv-pathfinder-edge2 + - name: cv-pathfinder-edge2A id: 2 l3_interfaces: - name: Ethernet1 @@ -122,7 +119,7 @@ wan_edge: dhcp_accept_default_route: true ip_address: dhcp uplink_switch_interfaces: [Ethernet1, Ethernet1] - - name: cv-pathfinder-edge3 + - name: cv-pathfinder-edge2B id: 3 l3_interfaces: - name: Ethernet2 @@ -143,10 +140,12 @@ l3leaf: nodes: - name: site-ha-enabled-leaf1 id: 1 - - name: site-ha-enabled-leaf2 + - name: site-ha-enabled-leaf2A id: 2 - - name: site-ha-disabled-leaf + - name: site-ha-enabled-leaf2B id: 3 + - name: site-ha-disabled-leaf + id: 4 wan_transit: defaults: @@ -154,21 +153,46 @@ wan_transit: vtep_loopback_ipv4_pool: 192.168.143.0/24 filter: always_include_vrfs_in_tenants: [TenantA, TenantB] - nodes: - - name: cv-pathfinder-transit - cv_pathfinder_region: AVD_Land_West - cv_pathfinder_site: Site422 - id: 1 - l3_interfaces: - - name: Ethernet1.42 - wan_carrier: Comcast - dhcp_accept_default_route: true - ip_address: dhcp - - name: Ethernet2.42 - encapsulation_dot1q_vlan: 666 - wan_carrier: Colt - wan_circuit_id: 10666 - ip_address: 172.16.6.6/31 + uplink_ipv4_pool: 172.17.0.0/16 + uplink_type: p2p-vrfs + uplink_switches: [ site-ha-enabled-leaf1 ] + uplink_interfaces: [ Ethernet52 ] + node_groups: + - group: TRANSIT_SITE_HA_ENABLED + # Disable HA IPsec + wan_ha: + ipsec: false + nodes: + - name: cv-pathfinder-transit1A + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site422 + id: 1 + uplink_switch_interfaces: [Ethernet1] + l3_interfaces: + - name: Ethernet1.42 + wan_carrier: Comcast + dhcp_accept_default_route: true + ip_address: dhcp + - name: Ethernet2.42 + encapsulation_dot1q_vlan: 666 + wan_carrier: Colt + wan_circuit_id: 10666 + ip_address: 172.16.6.6/31 + - name: cv-pathfinder-transit1B + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site422 + id: 2 + uplink_switch_interfaces: [Ethernet2] + l3_interfaces: + - name: Ethernet1.42 + wan_carrier: Comcast + dhcp_accept_default_route: true + ip_address: dhcp + - name: Ethernet2.42 + encapsulation_dot1q_vlan: 666 + wan_carrier: Colt + wan_circuit_id: 10666 + ip_address: 172.16.6.6/31 wan_rr: defaults: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index aabf371c89e..66f65060948 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -290,15 +290,18 @@ all: autovpn-rr2: autovpn-edge: CV_PATHFINDER_TESTS: - hosts: - cv-pathfinder-transit: children: SITE_HA_ENABLED: hosts: - cv-pathfinder-edge2: - cv-pathfinder-edge3: + cv-pathfinder-edge2A: + cv-pathfinder-edge2B: + site-ha-enabled-leaf2A: + site-ha-enabled-leaf2B: + TRANSIT_SITE_HA_ENABLED: + hosts: + cv-pathfinder-transit1A: + cv-pathfinder-transit1B: site-ha-enabled-leaf1: - site-ha-enabled-leaf2: SITE_HA_DISABLED: hosts: cv-pathfinder-edge: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md index b69108d5774..bab26d8affb 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/fabric-settings.md @@ -36,7 +36,7 @@ | [      - <str>](## "underlay_multicast_rps.[].groups.[]") | String | | | | Multicast Group IPv4 prefix/mask. | | [    access_list_name](## "underlay_multicast_rps.[].access_list_name") | String | | | | Name of standard Access-List.
| | [underlay_rfc5549](## "underlay_rfc5549") | Boolean | | `False` | | Point to Point Underlay with RFC 5549(eBGP), i.e. IPv6 Unnumbered.
Requires "underlay_routing_protocol: ebgp".
| - | [underlay_routing_protocol](## "underlay_routing_protocol") | String | | | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | - The following underlay routing protocols are supported:
- EBGP (default for l3ls-evpn)
- IBGP
- OSPF.
- OSPF-LDP*.
- ISIS.
- ISIS-SR*.
- ISIS-LDP*.
- ISIS-SR-LDP*.
- No underlay routing protocol (none)
- The variables should be applied to all devices in the fabric.
*Only supported with core_interfaces data model.
| + | [underlay_routing_protocol](## "underlay_routing_protocol") | String | | | Value is converted to lower case.
Valid Values:
- ebgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | - The following underlay routing protocols are supported:
- EBGP (default for l3ls-evpn)
- OSPF.
- OSPF-LDP*.
- ISIS.
- ISIS-SR*.
- ISIS-LDP*.
- ISIS-SR-LDP*.
- No underlay routing protocol (none)
- The variables should be applied to all devices in the fabric.
*Only supported with core_interfaces data model.
| | [uplink_ptp](## "uplink_ptp") | Dictionary | | | | Enable PTP on all infrastructure links. | | [  enable](## "uplink_ptp.enable") | Boolean | | `False` | | | @@ -163,7 +163,6 @@ # - The following underlay routing protocols are supported: # - EBGP (default for l3ls-evpn) - # - IBGP # - OSPF. # - OSPF-LDP*. # - ISIS. @@ -173,7 +172,7 @@ # - No underlay routing protocol (none) # - The variables should be applied to all devices in the fabric. # *Only supported with core_interfaces data model. - underlay_routing_protocol: + underlay_routing_protocol: # Enable PTP on all infrastructure links. uplink_ptp: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md index 6442462ce1f..5d3525dca09 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md @@ -13,7 +13,7 @@ | [    connected_endpoints](## "node_type_keys.[].connected_endpoints") | Boolean | | `False` | | Are endpoints connected to this node type. | | [    default_evpn_role](## "node_type_keys.[].default_evpn_role") | String | | `none` | Valid Values:
- none
- client
- server | Default evpn_role. Can be overridden in topology vars. | | [    default_ptp_priority1](## "node_type_keys.[].default_ptp_priority1") | Integer | | `127` | Min: 0
Max: 255 | Default PTP priority 1 | - | [    default_underlay_routing_protocol](## "node_type_keys.[].default_underlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | Set the default underlay routing_protocol.
Can be overridden by setting "underlay_routing_protocol" host/group_vars.
| + | [    default_underlay_routing_protocol](## "node_type_keys.[].default_underlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ospf
- ospf-ldp
- isis
- isis-sr
- isis-ldp
- isis-sr-ldp
- none | Set the default underlay routing_protocol.
Can be overridden by setting "underlay_routing_protocol" host/group_vars.
| | [    default_overlay_routing_protocol](## "node_type_keys.[].default_overlay_routing_protocol") | String | | `ebgp` | Value is converted to lower case.
Valid Values:
- ebgp
- ibgp
- her
- cvx
- none | Set the default overlay routing_protocol.
Can be overridden by setting "overlay_routing_protocol" host/group_vars.
| | [    default_mpls_overlay_role](## "node_type_keys.[].default_mpls_overlay_role") | String | | | Valid Values:
- client
- server
- none | Set the default mpls overlay role.
Acting role in overlay control plane.
| | [    default_overlay_address_families](## "node_type_keys.[].default_overlay_address_families") | List, items: String | | | | Set the default overlay address families.
| @@ -79,7 +79,7 @@ # Set the default underlay routing_protocol. # Can be overridden by setting "underlay_routing_protocol" host/group_vars. - default_underlay_routing_protocol: + default_underlay_routing_protocol: # Set the default overlay routing_protocol. # Can be overridden by setting "overlay_routing_protocol" host/group_vars. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 2609066a248..1375d737b79 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -14004,7 +14004,6 @@ "description": "Set the default underlay routing_protocol.\nCan be overridden by setting \"underlay_routing_protocol\" host/group_vars.\n", "enum": [ "ebgp", - "ibgp", "ospf", "ospf-ldp", "isis", @@ -24568,10 +24567,9 @@ }, "underlay_routing_protocol": { "type": "string", - "description": "- The following underlay routing protocols are supported:\n - EBGP (default for l3ls-evpn)\n - IBGP\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- The variables should be applied to all devices in the fabric.\n*Only supported with core_interfaces data model.\n", + "description": "- The following underlay routing protocols are supported:\n - EBGP (default for l3ls-evpn)\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- The variables should be applied to all devices in the fabric.\n*Only supported with core_interfaces data model.\n", "enum": [ "ebgp", - "ibgp", "ospf", "ospf-ldp", "isis", diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 93580cea451..44b58d13de5 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -3465,13 +3465,12 @@ keys: type: str convert_to_lower_case: true description: "- The following underlay routing protocols are supported:\n - EBGP - (default for l3ls-evpn)\n - IBGP\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - - ISIS-SR*.\n - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol - (none)\n- The variables should be applied to all devices in the fabric.\n*Only - supported with core_interfaces data model.\n" + (default for l3ls-evpn)\n - OSPF.\n - OSPF-LDP*.\n - ISIS.\n - ISIS-SR*.\n + \ - ISIS-LDP*.\n - ISIS-SR-LDP*.\n - No underlay routing protocol (none)\n- + The variables should be applied to all devices in the fabric.\n*Only supported + with core_interfaces data model.\n" valid_values: - ebgp - - ibgp - ospf - ospf-ldp - isis diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml index 43ec86a265a..38ba5c88c3f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/underlay_routing_protocol.schema.yml @@ -14,7 +14,6 @@ keys: description: | - The following underlay routing protocols are supported: - EBGP (default for l3ls-evpn) - - IBGP - OSPF. - OSPF-LDP*. - ISIS. @@ -26,7 +25,6 @@ keys: *Only supported with core_interfaces data model. valid_values: - "ebgp" - - "ibgp" - "ospf" - "ospf-ldp" - "isis" From 740dafd5d3fdbf2099ba21222cfe9e744640cde0 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Wed, 21 Feb 2024 15:54:41 +0100 Subject: [PATCH 08/11] Test: Molecule --- .../inventory/group_vars/CV_PATHFINDER_TESTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 97e2262e3b4..af18c1bd245 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -159,7 +159,7 @@ wan_transit: uplink_interfaces: [ Ethernet52 ] node_groups: - group: TRANSIT_SITE_HA_ENABLED - # Disable HA IPsec + # Disable HA IPsec wan_ha: ipsec: false nodes: From a02c58a330100237a65da35f532dd494a8ab38ab Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 22 Feb 2024 11:58:45 +0100 Subject: [PATCH 09/11] Test: Run molecule post rebase --- .../intended/configs/cv-pathfinder-edge2.cfg | 479 ------------- .../intended/configs/cv-pathfinder-edge2A.cfg | 5 +- .../intended/configs/cv-pathfinder-edge2B.cfg | 5 +- .../configs/cv-pathfinder-transit1B.cfg | 5 +- .../configs/site-ha-enabled-leaf2.cfg | 192 ----- .../cv-pathfinder-edge2.yml | 661 ------------------ .../cv-pathfinder-edge2A.yml | 10 +- .../cv-pathfinder-edge2B.yml | 10 +- .../cv-pathfinder-transit1B.yml | 10 +- .../site-ha-enabled-leaf2.yml | 270 ------- 10 files changed, 18 insertions(+), 1629 deletions(-) delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml delete mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg deleted file mode 100644 index 189ae44f8ac..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2.cfg +++ /dev/null @@ -1,479 +0,0 @@ -!RANCID-CONTENT-TYPE: arista -! -vlan internal order ascending range 1006 1199 -! -flow tracking hardware - tracker WAN-FLOW-TRACKER - record export on inactive timeout 70000 - record export on interval 5000 - exporter DPI-EXPORTER - collector 127.0.0.1 - local interface Loopback0 - template interval 5000 - no shutdown -! -transceiver qsfp default-mode 4x10G -! -service routing protocols model multi-agent -! -ip as-path access-list ASPATH-WAN permit 65000 any -! -hostname cv-pathfinder-edge2 -! -router adaptive-virtual-topology - topology role edge - region AVD_Land_West id 42 - zone DEFAULT-ZONE id 1 - site Site423 id 423 - ! - policy DEFAULT-AVT-POLICY - ! - match application-profile VIDEO - avt profile DEFAULT-AVT-POLICY-VIDEO - ! - match application-profile default - avt profile DEFAULT-AVT-POLICY-DEFAULT - ! - policy DEFAULT-AVT-POLICY-WITH-CP - ! - match application-profile CONTROL-PLANE-APPLICATION-PROFILE - avt profile CONTROL-PLANE-PROFILE - ! - match application-profile VIDEO - avt profile DEFAULT-AVT-POLICY-VIDEO - ! - match application-profile default - avt profile DEFAULT-AVT-POLICY-DEFAULT - ! - policy PROD-AVT-POLICY - ! - match application-profile VOICE - avt profile PROD-AVT-POLICY-VOICE - ! - match application-profile VIDEO - avt profile PROD-AVT-POLICY-VIDEO - ! - match application-profile default - avt profile PROD-AVT-POLICY-DEFAULT - ! - profile CONTROL-PLANE-PROFILE - path-selection load-balance LB-CONTROL-PLANE-PROFILE - ! - profile DEFAULT-AVT-POLICY-DEFAULT - path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT - ! - profile DEFAULT-AVT-POLICY-VIDEO - path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO - ! - profile PROD-AVT-POLICY-DEFAULT - path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT - ! - profile PROD-AVT-POLICY-VIDEO - path-selection load-balance LB-PROD-AVT-POLICY-VIDEO - ! - profile PROD-AVT-POLICY-VOICE - path-selection load-balance LB-PROD-AVT-POLICY-VOICE - ! - vrf default - avt policy DEFAULT-AVT-POLICY-WITH-CP - avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 - avt profile DEFAULT-AVT-POLICY-VIDEO id 3 - avt profile CONTROL-PLANE-PROFILE id 254 - ! - vrf IT - avt policy DEFAULT-AVT-POLICY - avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 - avt profile DEFAULT-AVT-POLICY-VIDEO id 3 - ! - vrf PROD - avt policy PROD-AVT-POLICY - avt profile PROD-AVT-POLICY-DEFAULT id 1 - avt profile PROD-AVT-POLICY-VOICE id 2 - avt profile PROD-AVT-POLICY-VIDEO id 4 -! -router path-selection - tcp mss ceiling ipv4 ingress - ! - path-group INET id 101 - ipsec profile CP-PROFILE - ! - local interface Ethernet1 - stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 - ! - peer dynamic - ! - peer static router-ip 192.168.144.1 - name cv-pathfinder-pathfinder - ipv4 address 10.7.7.7 - ipv4 address 10.9.9.9 - ! - path-group LAN_HA id 65535 - ipsec profile DP-PROFILE - flow assignment lan - ! - local interface Ethernet52 - ! - local interface Ethernet53 - ! - peer static router-ip 192.168.142.3 - name LAN_HA - ipv4 address 172.17.0.9 - ipv4 address 172.17.0.11 - ! - load-balance policy LB-CONTROL-PLANE-PROFILE - path-group INET - path-group LAN_HA - ! - load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT - path-group INET - path-group LAN_HA - ! - load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO - path-group INET - path-group LAN_HA - ! - load-balance policy LB-PROD-AVT-POLICY-DEFAULT - path-group INET - path-group LAN_HA - ! - load-balance policy LB-PROD-AVT-POLICY-VIDEO - loss-rate 42.0 - path-group LAN_HA - path-group INET priority 2 - ! - load-balance policy LB-PROD-AVT-POLICY-VOICE - jitter 42 - path-group LAN_HA - path-group INET priority 2 -! -spanning-tree mode none -! -no enable password -no aaa root -! -vrf instance IT -! -vrf instance MGMT -! -vrf instance PROD -! -ip security - ! - ike policy DP-IKE-POLICY - local-id 192.168.142.2 - ! - ike policy CP-IKE-POLICY - local-id 192.168.142.2 - ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - sa policy CP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! - profile CP-PROFILE - ike-policy CP-IKE-POLICY - sa-policy CP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890 - dpd 10 50 clear - mode transport - ! - key controller - profile DP-PROFILE -! -interface Dps1 - description DPS Interface - mtu 9214 - flow tracker hardware WAN-FLOW-TRACKER - ip address 192.168.142.2/32 -! -interface Ethernet1 - no shutdown - no switchport - flow tracker hardware WAN-FLOW-TRACKER - ip address dhcp - dhcp client accept default-route -! -interface Ethernet52 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 - no shutdown - mtu 9214 - no switchport - flow tracker hardware WAN-FLOW-TRACKER - ip address 172.17.0.5/31 -! -interface Ethernet52.42 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.5/31 -! -interface Ethernet52.100 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.5/31 -! -interface Ethernet53 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1 - no shutdown - mtu 9214 - no switchport - flow tracker hardware WAN-FLOW-TRACKER - ip address 172.17.0.7/31 -! -interface Ethernet53.42 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.7/31 -! -interface Ethernet53.100 - description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.7/31 -! -interface Loopback0 - description Router_ID - no shutdown - ip address 192.168.42.2/32 -! -interface Vxlan1 - description cv-pathfinder-edge2_VTEP - vxlan source-interface Dps1 - vxlan udp-port 4789 - vxlan vrf default vni 1 - vxlan vrf IT vni 100 - vxlan vrf PROD vni 42 -! -application traffic recognition - ! - application ipv4 CONTROL-PLANE-APPLICATION - destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES - ! - application ipv4 CUSTOM-APPLICATION-1 - source prefix field-set CUSTOM-SRC-PREFIX-1 - destination prefix field-set CUSTOM-DEST-PREFIX-1 - protocol tcp - ! - application ipv4 CUSTOM-APPLICATION-2 - protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 - ! - category VIDEO1 - application CUSTOM-APPLICATION-2 - application microsoft-teams - ! - application-profile CONTROL-PLANE-APPLICATION-PROFILE - application CONTROL-PLANE-APPLICATION - ! - application-profile VIDEO - application CUSTOM-APPLICATION-1 - application skype - category VIDEO1 - ! - application-profile VOICE - application CUSTOM-VOICE-APPLICATION - ! - field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES - 192.168.144.1/32 - ! - field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 - 6.6.6.0/24 - ! - field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 - 42.42.42.0/24 - ! - field-set l4-port TCP-DEST-2 - 666, 777 - ! - field-set l4-port TCP-SRC-2 - 42 -! -ip routing -ip routing vrf IT -no ip routing vrf MGMT -ip routing vrf PROD -! -ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 -! -ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY - seq 10 permit 192.168.42.0/24 eq 32 -! -ip prefix-list PL-WAN-HA-PEER-PREFIXES - seq 10 permit 172.17.0.8/31 - seq 20 permit 172.17.0.10/31 -! -ip prefix-list PL-WAN-HA-PREFIXES - seq 10 permit 172.17.0.4/31 - seq 20 permit 172.17.0.6/31 -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 - description Allow WAN HA peer interface prefixes - match ip address prefix-list PL-WAN-HA-PEER-PREFIXES -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 - description Allow prefixes originated from the HA peer - match extcommunity ECL-EVPN-SOO - set as-path match all replacement auto auto -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 - description Use WAN routes from HA peer as backup - match as-path ASPATH-WAN - set community no-advertise -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 - description Mark prefixes originated from the LAN - set extcommunity soo 192.168.42.2:423 additive -! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 - description Advertise local routes towards LAN - match extcommunity ECL-EVPN-SOO -! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 - description Advertise routes received from WAN iBGP towards LAN - match route-type internal -! -route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 - description Advertise WAN HA prefixes towards LAN - match ip address prefix-list PL-WAN-HA-PREFIXES -! -route-map RM-CONN-2-BGP permit 10 - match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set extcommunity soo 192.168.42.2:423 additive -! -route-map RM-CONN-2-BGP permit 50 - match ip address prefix-list PL-WAN-HA-PREFIXES -! -route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 - match extcommunity ECL-EVPN-SOO -! -route-map RM-EVPN-SOO-IN deny 10 - match extcommunity ECL-EVPN-SOO -! -route-map RM-EVPN-SOO-IN permit 20 -! -route-map RM-EVPN-SOO-OUT permit 10 - set extcommunity soo 192.168.42.2:423 additive -! -router bfd - multihop interval 300 min-rx 300 multiplier 3 -! -router bgp 65000 - router-id 192.168.42.2 - maximum-paths 16 - update wait-install - no bgp default ipv4-unicast - neighbor IPv4-UNDERLAY-PEERS peer group - neighbor IPv4-UNDERLAY-PEERS allowas-in 1 - neighbor IPv4-UNDERLAY-PEERS send-community - neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 - neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in - neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out - neighbor WAN-OVERLAY-PEERS peer group - neighbor WAN-OVERLAY-PEERS remote-as 65000 - neighbor WAN-OVERLAY-PEERS update-source Dps1 - neighbor WAN-OVERLAY-PEERS bfd - neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 - neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== - neighbor WAN-OVERLAY-PEERS send-community - neighbor WAN-OVERLAY-PEERS maximum-routes 0 - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1 - neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.6 remote-as 65000 - neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1 - neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.144.1 description cv-pathfinder-pathfinder - redistribute connected route-map RM-CONN-2-BGP - ! - address-family evpn - neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in - neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out - neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 - neighbor IPv4-UNDERLAY-PEERS activate - no neighbor WAN-OVERLAY-PEERS activate - ! - address-family ipv4 sr-te - neighbor WAN-OVERLAY-PEERS activate - ! - address-family link-state - neighbor WAN-OVERLAY-PEERS activate - path-selection - ! - address-family path-selection - bgp additional-paths receive - bgp additional-paths send any - neighbor WAN-OVERLAY-PEERS activate - ! - vrf default - rd 192.168.42.2:1 - route-target import evpn 1:1 - route-target export evpn 1:1 - route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT - ! - vrf IT - rd 192.168.42.2:100 - route-target import evpn 100:100 - route-target export evpn 100:100 - router-id 192.168.42.2 - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1.100_vrf_IT - neighbor 172.17.0.6 remote-as 65000 - neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1.100_vrf_IT - redistribute connected - ! - vrf PROD - rd 192.168.42.2:42 - route-target import evpn 42:42 - route-target export evpn 42:42 - router-id 192.168.42.2 - neighbor 172.17.0.4 remote-as 65000 - neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 description site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD - neighbor 172.17.0.6 remote-as 65000 - neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.6 description site-ha-enabled-leaf2_Ethernet1.42_vrf_PROD - redistribute connected -! -router traffic-engineering -! -management api http-commands - protocol https - no shutdown - ! - vrf MGMT - no shutdown -! -stun - client - server-profile INET-cv-pathfinder-pathfinder-Ethernet1 - ip address 10.7.7.7 - server-profile INET-cv-pathfinder-pathfinder-Ethernet3 - ip address 10.9.9.9 -! -end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg index 420667b423a..9420a118ccf 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg @@ -1,7 +1,5 @@ !RANCID-CONTENT-TYPE: arista ! -vlan internal order ascending range 1006 1199 -! flow tracking hardware tracker WAN-FLOW-TRACKER record export on inactive timeout 70000 @@ -12,8 +10,6 @@ flow tracking hardware template interval 5000 no shutdown ! -transceiver qsfp default-mode 4x10G -! service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any @@ -393,6 +389,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS remote-as 65000 neighbor WAN-OVERLAY-PEERS update-source Dps1 neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg index 0c4cd76dc4d..6acb361e21e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg @@ -1,7 +1,5 @@ !RANCID-CONTENT-TYPE: arista ! -vlan internal order ascending range 1006 1199 -! flow tracking hardware tracker WAN-FLOW-TRACKER record export on inactive timeout 70000 @@ -12,8 +10,6 @@ flow tracking hardware template interval 5000 no shutdown ! -transceiver qsfp default-mode 4x10G -! service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any @@ -390,6 +386,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS remote-as 65000 neighbor WAN-OVERLAY-PEERS update-source Dps1 neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg index 132d94a47c5..34f2cede657 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg @@ -1,7 +1,5 @@ !RANCID-CONTENT-TYPE: arista ! -vlan internal order ascending range 1006 1199 -! flow tracking hardware tracker WAN-FLOW-TRACKER record export on inactive timeout 70000 @@ -12,8 +10,6 @@ flow tracking hardware template interval 5000 no shutdown ! -transceiver qsfp default-mode 4x10G -! service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any @@ -427,6 +423,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS remote-as 65000 neighbor WAN-OVERLAY-PEERS update-source Dps1 neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg deleted file mode 100644 index bdb2d8f347a..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2.cfg +++ /dev/null @@ -1,192 +0,0 @@ -!RANCID-CONTENT-TYPE: arista -! -vlan internal order ascending range 1006 1199 -! -transceiver qsfp default-mode 4x10G -! -service routing protocols model multi-agent -! -hostname site-ha-enabled-leaf2 -! -no enable password -no aaa root -! -vlan 100 - name VLAN100 -! -vlan 101 - name VLAN101 -! -vrf instance IT -! -vrf instance MGMT -! -vrf instance PROD -! -interface Ethernet1 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53 - no shutdown - mtu 9214 - no switchport - ip address 172.17.0.6/31 -! -interface Ethernet1.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.6/31 -! -interface Ethernet1.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.6/31 -! -interface Ethernet2 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53 - no shutdown - mtu 9214 - no switchport - ip address 172.17.0.10/31 -! -interface Ethernet2.42 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.42_vrf_PROD - no shutdown - mtu 9214 - encapsulation dot1q vlan 42 - vrf PROD - ip address 172.17.0.10/31 -! -interface Ethernet2.100 - description P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.100_vrf_IT - no shutdown - mtu 9214 - encapsulation dot1q vlan 100 - vrf IT - ip address 172.17.0.10/31 -! -interface Loopback0 - description EVPN_Overlay_Peering - no shutdown - ip address 192.168.45.2/32 -! -interface Loopback1 - description VTEP_VXLAN_Tunnel_Source - no shutdown - ip address 192.168.255.2/32 -! -interface Vlan100 - description VLAN100 - shutdown - vrf PROD - ip address virtual 10.0.100.1/24 -! -interface Vxlan1 - description site-ha-enabled-leaf2_VTEP - vxlan source-interface Loopback1 - vxlan udp-port 4789 - vxlan vlan 100 vni 1100 - vxlan vlan 101 vni 1101 - vxlan vrf default vni 1 - vxlan vrf IT vni 100 - vxlan vrf PROD vni 42 -! -ip virtual-router mac-address 00:1c:73:00:00:01 -! -ip routing -ip routing vrf IT -no ip routing vrf MGMT -ip routing vrf PROD -! -ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY - seq 10 permit 192.168.45.0/24 eq 32 - seq 20 permit 192.168.255.0/24 eq 32 -! -route-map RM-CONN-2-BGP permit 10 - match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -! -router bfd - multihop interval 300 min-rx 300 multiplier 3 -! -router bgp 65000 - router-id 192.168.45.2 - maximum-paths 4 ecmp 4 - update wait-install - no bgp default ipv4-unicast - neighbor EVPN-OVERLAY-PEERS peer group - neighbor EVPN-OVERLAY-PEERS update-source Loopback0 - neighbor EVPN-OVERLAY-PEERS bfd - neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 - neighbor EVPN-OVERLAY-PEERS send-community - neighbor EVPN-OVERLAY-PEERS maximum-routes 0 - neighbor IPv4-UNDERLAY-PEERS peer group - neighbor IPv4-UNDERLAY-PEERS send-community - neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 - neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.7 remote-as 65000 - neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53 - neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.11 remote-as 65000 - neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53 - redistribute connected route-map RM-CONN-2-BGP - ! - vlan 100 - rd 192.168.45.2:1100 - route-target both 1100:1100 - redistribute learned - ! - vlan 101 - rd 192.168.45.2:1101 - route-target both 1101:1101 - redistribute learned - ! - address-family evpn - neighbor EVPN-OVERLAY-PEERS activate - ! - address-family ipv4 - no neighbor EVPN-OVERLAY-PEERS activate - neighbor IPv4-UNDERLAY-PEERS activate - ! - vrf default - rd 192.168.45.2:1 - route-target import evpn 1:1 - route-target export evpn 1:1 - ! - vrf IT - rd 192.168.45.2:100 - route-target import evpn 100:100 - route-target export evpn 100:100 - router-id 192.168.45.2 - neighbor 172.17.0.7 remote-as 65000 - neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53.100_vrf_IT - neighbor 172.17.0.11 remote-as 65000 - neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53.100_vrf_IT - redistribute connected - ! - vrf PROD - rd 192.168.45.2:42 - route-target import evpn 42:42 - route-target export evpn 42:42 - router-id 192.168.45.2 - neighbor 172.17.0.7 remote-as 65000 - neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.7 description cv-pathfinder-edge2_Ethernet53.42_vrf_PROD - neighbor 172.17.0.11 remote-as 65000 - neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.11 description cv-pathfinder-edge3_Ethernet53.42_vrf_PROD - redistribute connected -! -management api http-commands - protocol https - no shutdown - ! - vrf MGMT - no shutdown -! -end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml deleted file mode 100644 index 3a6d938df42..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2.yml +++ /dev/null @@ -1,661 +0,0 @@ -hostname: cv-pathfinder-edge2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - redistribute_routes: - - source_protocol: connected - route_map: RM-CONN-2-BGP - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: site-ha-enabled-leaf1 - description: site-ha-enabled-leaf1_Ethernet1 - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: site-ha-enabled-leaf2 - description: site-ha-enabled-leaf2_Ethernet1 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder - vrfs: - - name: IT - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site-ha-enabled-leaf1_Ethernet1.100_vrf_IT - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site-ha-enabled-leaf2_Ethernet1.100_vrf_IT - rd: 192.168.42.2:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute_routes: - - source_protocol: connected - - name: PROD - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site-ha-enabled-leaf2_Ethernet1.42_vrf_PROD - rd: 192.168.42.2:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - redistribute_routes: - - source_protocol: connected - - name: default - rd: 192.168.42.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: - any: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet52 - peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.5/31 - flow_tracker: - hardware: WAN-FLOW-TRACKER -- name: Ethernet52.100 - peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1.100 - peer_type: l3leaf - vrf: IT - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.5/31 -- name: Ethernet52.42 - peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1.42 - peer_type: l3leaf - vrf: PROD - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.5/31 -- name: Ethernet53 - peer: site-ha-enabled-leaf2 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.7/31 - flow_tracker: - hardware: WAN-FLOW-TRACKER -- name: Ethernet53.100 - peer: site-ha-enabled-leaf2 - peer_interface: Ethernet1.100 - peer_type: l3leaf - vrf: IT - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.7/31 -- name: Ethernet53.42 - peer: site-ha-enabled-leaf2 - peer_interface: Ethernet1.42 - peer_type: l3leaf - vrf: PROD - description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2_Ethernet1.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.7/31 -- name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - type: routed - dhcp_client_accept_default_route: true - flow_tracker: - hardware: WAN-FLOW-TRACKER -loopback_interfaces: -- name: Loopback0 - description: Router_ID - shutdown: false - ip_address: 192.168.42.2/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -- name: PL-WAN-HA-PREFIXES - sequence_numbers: - - sequence: 10 - action: permit 172.17.0.4/31 - - sequence: 20 - action: permit 172.17.0.6/31 -- name: PL-WAN-HA-PEER-PREFIXES - sequence_numbers: - - sequence: 10 - action: permit 172.17.0.8/31 - - sequence: 20 - action: permit 172.17.0.10/31 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.2:423 additive - - sequence: 50 - type: permit - match: - - ip address prefix-list PL-WAN-HA-PREFIXES -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.2:423 additive - - sequence: 10 - type: permit - description: Allow WAN HA peer interface prefixes - match: - - ip address prefix-list PL-WAN-HA-PEER-PREFIXES - - sequence: 20 - type: permit - description: Allow prefixes originated from the HA peer - match: - - extcommunity ECL-EVPN-SOO - set: - - as-path match all replacement auto auto - - sequence: 30 - type: permit - description: Use WAN routes from HA peer as backup - match: - - as-path ASPATH-WAN - set: - - community no-advertise -- name: RM-BGP-UNDERLAY-PEERS-OUT - sequence_numbers: - - sequence: 10 - type: permit - description: Advertise local routes towards LAN - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit - description: Advertise routes received from WAN iBGP towards LAN - match: - - route-type internal - - sequence: 30 - type: permit - description: Advertise WAN HA prefixes towards LAN - match: - - ip address prefix-list PL-WAN-HA-PREFIXES -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.2:423 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -flow_tracking: - hardware: - trackers: - - name: WAN-FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: DPI-EXPORTER - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 5000 - shutdown: false -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.2:423 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.142.2 - - name: CP-IKE-POLICY - local_id: 192.168.142.2 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -router_adaptive_virtual_topology: - topology_role: edge - region: - name: AVD_Land_West - id: 42 - zone: - name: DEFAULT-ZONE - id: 1 - site: - name: Site423 - id: 423 - profiles: - - name: CONTROL-PLANE-PROFILE - load_balance_policy: LB-CONTROL-PLANE-PROFILE - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: CONTROL-PLANE-PROFILE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: CONTROL-PLANE-APPLICATION-PROFILE - avt_profile: CONTROL-PLANE-PROFILE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: INET - id: 101 - local_interfaces: - - name: Ethernet1 - stun: - server_profiles: - - INET-cv-pathfinder-pathfinder-Ethernet1 - - INET-cv-pathfinder-pathfinder-Ethernet3 - dynamic_peers: - enabled: true - static_peers: - - router_ip: 192.168.144.1 - name: cv-pathfinder-pathfinder - ipv4_addresses: - - 10.7.7.7 - - 10.9.9.9 - ipsec_profile: CP-PROFILE - - name: LAN_HA - id: 65535 - flow_assignment: lan - local_interfaces: - - name: Ethernet52 - - name: Ethernet53 - static_peers: - - router_ip: 192.168.142.3 - name: LAN_HA - ipv4_addresses: - - 172.17.0.9 - - 172.17.0.11 - ipsec_profile: DP-PROFILE - load_balance_policies: - - name: LB-CONTROL-PLANE-PROFILE - path_groups: - - name: LAN_HA - - name: INET - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: - - name: LAN_HA - - name: INET - priority: 2 - jitter: 42 - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: LAN_HA - - name: INET - priority: 2 - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: LAN_HA - - name: INET - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: - - name: LAN_HA - - name: INET - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: LAN_HA - - name: INET -router_traffic_engineering: - enabled: true -stun: - client: - server_profiles: - - name: INET-cv-pathfinder-pathfinder-Ethernet1 - ip_address: 10.7.7.7 - - name: INET-cv-pathfinder-pathfinder-Ethernet3 - ip_address: 10.9.9.9 -application_traffic_recognition: - application_profiles: - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: VIDEO - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - - name: CONTROL-PLANE-APPLICATION-PROFILE - applications: - - name: CONTROL-PLANE-APPLICATION - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - protocols: - - tcp - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CONTROL-PLANE-APPLICATION - dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: CONTROL-PLANE-APP-DEST-PREFIXES - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9214 - ip_address: 192.168.142.2/32 - flow_tracker: - hardware: WAN-FLOW-TRACKER -vxlan_interface: - Vxlan1: - description: cv-pathfinder-edge2_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: DEFAULT-ZONE - - name: Site - value: Site423 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet53 - tags: - - name: Type - value: lan - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: 423-01 - cv_pathfinder: - role: edge - vtep_ip: 192.168.142.2 - region: AVD_Land_West - zone: DEFAULT-ZONE - site: Site423 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: 423-01 - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml index 4905d1a7ba8..4e8194a1a74 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -29,6 +29,10 @@ router_bgp: maximum_routes: 0 remote_as: '65000' ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS @@ -140,11 +144,7 @@ router_bgp: any: true service_routing_protocols_model: multi-agent ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 +transceiver_qsfp_default_mode_4x10: false spanning_tree: mode: none vrfs: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml index 94a32ac1e3b..01060224e90 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -29,6 +29,10 @@ router_bgp: maximum_routes: 0 remote_as: '65000' ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS @@ -140,11 +144,7 @@ router_bgp: any: true service_routing_protocols_model: multi-agent ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 +transceiver_qsfp_default_mode_4x10: false spanning_tree: mode: none vrfs: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml index da7469d8e6a..41dda1e6af2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -29,6 +29,10 @@ router_bgp: maximum_routes: 0 remote_as: '65000' ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS @@ -141,11 +145,7 @@ router_bgp: any: true service_routing_protocols_model: multi-agent ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 +transceiver_qsfp_default_mode_4x10: false spanning_tree: mode: none vrfs: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml deleted file mode 100644 index f59c2bd8427..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2.yml +++ /dev/null @@ -1,270 +0,0 @@ -hostname: site-ha-enabled-leaf2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.45.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - redistribute_routes: - - source_protocol: connected - route_map: RM-CONN-2-BGP - neighbors: - - ip_address: 172.17.0.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: cv-pathfinder-edge2 - description: cv-pathfinder-edge2_Ethernet53 - - ip_address: 172.17.0.11 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: cv-pathfinder-edge3 - description: cv-pathfinder-edge3_Ethernet53 - vrfs: - - name: IT - router_id: 192.168.45.2 - neighbors: - - ip_address: 172.17.0.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet53.100_vrf_IT - - ip_address: 172.17.0.11 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet53.100_vrf_IT - rd: 192.168.45.2:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute_routes: - - source_protocol: connected - - name: PROD - router_id: 192.168.45.2 - neighbors: - - ip_address: 172.17.0.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2_Ethernet53.42_vrf_PROD - - ip_address: 172.17.0.11 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge3_Ethernet53.42_vrf_PROD - rd: 192.168.45.2:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - redistribute_routes: - - source_protocol: connected - - name: default - rd: 192.168.45.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 100 - tenant: TenantA - rd: 192.168.45.2:1100 - route_targets: - both: - - 1100:1100 - redistribute_routes: - - learned - - id: 101 - tenant: TenantA - rd: 192.168.45.2:1101 - route_targets: - both: - - 1101:1101 - redistribute_routes: - - learned -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet53 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.6/31 -- name: Ethernet1.100 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet53.100 - peer_type: wan_edge - vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.6/31 -- name: Ethernet1.42 - peer: cv-pathfinder-edge2 - peer_interface: Ethernet53.42 - peer_type: wan_edge - vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE2_Ethernet53.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.6/31 -- name: Ethernet2 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet53 - peer_type: wan_edge - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53 - shutdown: false - mtu: 9214 - type: routed - ip_address: 172.17.0.10/31 -- name: Ethernet2.100 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet53.100 - peer_type: wan_edge - vrf: IT - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.100_vrf_IT - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 100 - mtu: 9214 - ip_address: 172.17.0.10/31 -- name: Ethernet2.42 - peer: cv-pathfinder-edge3 - peer_interface: Ethernet53.42 - peer_type: wan_edge - vrf: PROD - description: P2P_LINK_TO_CV-PATHFINDER-EDGE3_Ethernet53.42_vrf_PROD - shutdown: false - type: l3dot1q - encapsulation_dot1q_vlan: 42 - mtu: 9214 - ip_address: 172.17.0.10/31 -loopback_interfaces: -- name: Loopback0 - description: EVPN_Overlay_Peering - shutdown: false - ip_address: 192.168.45.2/32 -- name: Loopback1 - description: VTEP_VXLAN_Tunnel_Source - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 100 - name: VLAN100 - tenant: TenantA -- id: 101 - name: VLAN101 - tenant: TenantA -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan100 - tenant: TenantA - description: VLAN100 - shutdown: true - ip_address_virtual: 10.0.100.1/24 - vrf: PROD -vxlan_interface: - Vxlan1: - description: site-ha-enabled-leaf2_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback1 - vlans: - - id: 100 - vni: 1100 - - id: 101 - vni: 1101 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 From b7f8f48b9a34edf0d71a18261f0bb4aeb84635e7 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Thu, 22 Feb 2024 13:58:46 +0100 Subject: [PATCH 10/11] Fix: Correct name for HA static peer --- .../cv-pathfinder-edge-no-common-path-group.cfg | 6 +++--- .../intended/configs/cv-pathfinder-edge.cfg | 6 +++--- .../intended/configs/cv-pathfinder-edge2A.cfg | 14 +++++++------- .../intended/configs/cv-pathfinder-edge2B.cfg | 14 +++++++------- .../intended/configs/cv-pathfinder-transit1A.cfg | 8 ++++---- .../intended/configs/cv-pathfinder-transit1B.cfg | 8 ++++---- .../intended/configs/site-ha-disabled-leaf.cfg | 2 +- .../intended/configs/site-ha-enabled-leaf1.cfg | 2 +- .../intended/configs/site-ha-enabled-leaf2A.cfg | 2 +- .../intended/configs/site-ha-enabled-leaf2B.cfg | 2 +- .../cv-pathfinder-edge-no-common-path-group.yml | 6 +++--- .../structured_configs/cv-pathfinder-edge.yml | 6 +++--- .../structured_configs/cv-pathfinder-edge2A.yml | 14 +++++++------- .../structured_configs/cv-pathfinder-edge2B.yml | 14 +++++++------- .../structured_configs/cv-pathfinder-transit1A.yml | 8 ++++---- .../structured_configs/cv-pathfinder-transit1B.yml | 8 ++++---- .../structured_configs/site-ha-disabled-leaf.yml | 2 +- .../structured_configs/site-ha-enabled-leaf1.yml | 2 +- .../structured_configs/site-ha-enabled-leaf2A.yml | 2 +- .../structured_configs/site-ha-enabled-leaf2B.yml | 2 +- .../inventory/group_vars/CV_PATHFINDER_TESTS.yml | 5 +++-- .../overlay/router_path_selection.py | 2 +- 22 files changed, 68 insertions(+), 67 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index 968485a568b..f8119cb248b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -304,7 +304,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2 redistribute connected route-map RM-CONN-2-BGP ! @@ -340,7 +340,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT redistribute connected @@ -350,7 +350,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index b7e8137e909..d32f1c865bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -365,7 +365,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -404,7 +404,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.100_vrf_IT redistribute connected @@ -414,7 +414,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg index 9420a118ccf..246d3315fcd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg @@ -112,7 +112,7 @@ router path-selection local interface Ethernet53 ! peer static router-ip 192.168.142.3 - name LAN_HA + name cv-pathfinder-edge2B ipv4 address 172.17.0.9 ipv4 address 172.17.0.11 ! @@ -395,10 +395,10 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 remote-as 65199 neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1 neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 remote-as 65199 neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -436,10 +436,10 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 - neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 remote-as 65199 neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT - neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 remote-as 65199 neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT redistribute connected @@ -449,10 +449,10 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 - neighbor 172.17.0.4 remote-as 65000 + neighbor 172.17.0.4 remote-as 65199 neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD - neighbor 172.17.0.6 remote-as 65000 + neighbor 172.17.0.6 remote-as 65199 neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg index 6acb361e21e..36b51213649 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg @@ -99,7 +99,7 @@ router path-selection local interface Ethernet53 ! peer static router-ip 192.168.142.2 - name LAN_HA + name cv-pathfinder-edge2A ipv4 address 172.17.0.5 ipv4 address 172.17.0.7 ! @@ -392,10 +392,10 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 remote-as 65199 neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 remote-as 65199 neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -433,10 +433,10 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.3 - neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 remote-as 65199 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT - neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 remote-as 65199 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT redistribute connected @@ -446,10 +446,10 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.3 - neighbor 172.17.0.8 remote-as 65000 + neighbor 172.17.0.8 remote-as 65199 neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD - neighbor 172.17.0.10 remote-as 65000 + neighbor 172.17.0.10 remote-as 65199 neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg index 14303f2d760..34295a82050 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg @@ -128,7 +128,7 @@ router path-selection local interface Ethernet52 ! peer static router-ip 192.168.143.2 - name LAN_HA + name cv-pathfinder-transit1B ipv4 address 172.17.0.3 ! path-group MPLS id 100 @@ -429,7 +429,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -467,7 +467,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.43.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.100_vrf_IT redistribute connected @@ -477,7 +477,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.43.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg index 34f2cede657..b80503236d5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg @@ -128,7 +128,7 @@ router path-selection local interface Ethernet52 ! peer static router-ip 192.168.143.1 - name LAN_HA + name cv-pathfinder-transit1A ipv4 address 172.17.0.1 ! path-group MPLS id 100 @@ -429,7 +429,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -467,7 +467,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.43.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.100_vrf_IT redistribute connected @@ -477,7 +477,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.43.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg index 22176b03a72..0a962cbfeda 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg @@ -112,7 +112,7 @@ route-map RM-CONN-2-BGP permit 10 router bfd multihop interval 300 min-rx 300 multiplier 3 ! -router bgp 65000 +router bgp 65199 router-id 192.168.45.4 maximum-paths 4 ecmp 4 update wait-install diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg index 33eb2bc9191..b09f8c9740f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg @@ -112,7 +112,7 @@ route-map RM-CONN-2-BGP permit 10 router bfd multihop interval 300 min-rx 300 multiplier 3 ! -router bgp 65000 +router bgp 65199 router-id 192.168.45.1 maximum-paths 4 ecmp 4 update wait-install diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg index dcfb3fec80b..878901518be 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg @@ -112,7 +112,7 @@ route-map RM-CONN-2-BGP permit 10 router bfd multihop interval 300 min-rx 300 multiplier 3 ! -router bgp 65000 +router bgp 65199 router-id 192.168.45.2 maximum-paths 4 ecmp 4 update wait-install diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg index 53b047897d6..a8ddf9a9f1e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg @@ -112,7 +112,7 @@ route-map RM-CONN-2-BGP permit 10 router bfd multihop interval 300 min-rx 300 multiplier 3 ! -router bgp 65000 +router bgp 65199 router-id 192.168.45.3 maximum-paths 4 ecmp 4 update wait-install diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 40891fabd27..c7723bd9586 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -38,7 +38,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-disabled-leaf description: site-ha-disabled-leaf_Ethernet2 vrfs: @@ -47,7 +47,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.100_vrf_IT rd: 192.168.42.2:100 route_targets: @@ -66,7 +66,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.42_vrf_PROD rd: 192.168.42.2:42 route_targets: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 8434d908477..1e0504342cb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -44,7 +44,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-disabled-leaf description: site-ha-disabled-leaf_Ethernet1 - ip_address: 192.168.144.1 @@ -57,7 +57,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.100_vrf_IT rd: 192.168.42.1:100 route_targets: @@ -76,7 +76,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.42_vrf_PROD rd: 192.168.42.1:42 route_targets: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml index 4e8194a1a74..6ae477f1355 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -45,12 +45,12 @@ router_bgp: neighbors: - ip_address: 172.17.0.4 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf2A description: site-ha-enabled-leaf2A_Ethernet1 - ip_address: 172.17.0.6 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf2B description: site-ha-enabled-leaf2B_Ethernet1 - ip_address: 192.168.144.1 @@ -63,11 +63,11 @@ router_bgp: neighbors: - ip_address: 172.17.0.4 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT - ip_address: 172.17.0.6 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT rd: 192.168.42.2:100 route_targets: @@ -86,11 +86,11 @@ router_bgp: neighbors: - ip_address: 172.17.0.4 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD - ip_address: 172.17.0.6 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD rd: 192.168.42.2:42 route_targets: @@ -503,7 +503,7 @@ router_path_selection: - name: Ethernet53 static_peers: - router_ip: 192.168.142.3 - name: LAN_HA + name: cv-pathfinder-edge2B ipv4_addresses: - 172.17.0.9 - 172.17.0.11 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml index 01060224e90..5a719d87e84 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -45,12 +45,12 @@ router_bgp: neighbors: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf2A description: site-ha-enabled-leaf2A_Ethernet2 - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf2B description: site-ha-enabled-leaf2B_Ethernet2 - ip_address: 192.168.144.1 @@ -63,11 +63,11 @@ router_bgp: neighbors: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT rd: 192.168.42.3:100 route_targets: @@ -86,11 +86,11 @@ router_bgp: neighbors: - ip_address: 172.17.0.8 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD - ip_address: 172.17.0.10 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD rd: 192.168.42.3:42 route_targets: @@ -499,7 +499,7 @@ router_path_selection: - name: Ethernet53 static_peers: - router_ip: 192.168.142.2 - name: LAN_HA + name: cv-pathfinder-edge2A ipv4_addresses: - 172.17.0.5 - 172.17.0.7 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index 5da5410e4e2..59f19216a25 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -45,7 +45,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf1 description: site-ha-enabled-leaf1_Ethernet1 - ip_address: 192.168.144.1 @@ -58,7 +58,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf1_Ethernet1.100_vrf_IT rd: 192.168.43.1:100 route_targets: @@ -77,7 +77,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD rd: 192.168.43.1:42 route_targets: @@ -517,7 +517,7 @@ router_path_selection: - name: Ethernet52 static_peers: - router_ip: 192.168.143.2 - name: LAN_HA + name: cv-pathfinder-transit1B ipv4_addresses: - 172.17.0.3 load_balance_policies: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml index 41dda1e6af2..8dfa33db598 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -45,7 +45,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-enabled-leaf1 description: site-ha-enabled-leaf1_Ethernet2 - ip_address: 192.168.144.1 @@ -58,7 +58,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf1_Ethernet2.100_vrf_IT rd: 192.168.43.2:100 route_targets: @@ -77,7 +77,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD rd: 192.168.43.2:42 route_targets: @@ -517,7 +517,7 @@ router_path_selection: - name: Ethernet52 static_peers: - router_ip: 192.168.143.1 - name: LAN_HA + name: cv-pathfinder-transit1A ipv4_addresses: - 172.17.0.1 load_balance_policies: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml index 3d9d26c81b0..7982092661c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml @@ -1,7 +1,7 @@ hostname: site-ha-disabled-leaf is_deployed: true router_bgp: - as: '65000' + as: '65199' router_id: 192.168.45.4 bgp: default: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml index d25b1eea39b..7a35d7e79bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml @@ -1,7 +1,7 @@ hostname: site-ha-enabled-leaf1 is_deployed: true router_bgp: - as: '65000' + as: '65199' router_id: 192.168.45.1 bgp: default: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml index 322c874b6ea..b58d641ae53 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml @@ -1,7 +1,7 @@ hostname: site-ha-enabled-leaf2A is_deployed: true router_bgp: - as: '65000' + as: '65199' router_id: 192.168.45.2 bgp: default: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml index b143799531c..b9be0d8ac7b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml @@ -1,7 +1,7 @@ hostname: site-ha-enabled-leaf2B is_deployed: true router_bgp: - as: '65000' + as: '65199' router_id: 192.168.45.3 bgp: default: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index af18c1bd245..d95f90ea84a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -2,8 +2,6 @@ # Testing cv-pathfinder wan_mode: cv-pathfinder -bgp_as: 65000 - cv_pathfinder_regions: - name: AVD_Land_West id: 42 @@ -60,6 +58,7 @@ wan_edge: filter: always_include_vrfs_in_tenants: [TenantA] uplink_ipv4_pool: 172.17.0.0/16 + bgp_as: 65000 # Testing HA and disabling HA node_groups: # SITE_HA_DISABLED @@ -157,6 +156,7 @@ wan_transit: uplink_type: p2p-vrfs uplink_switches: [ site-ha-enabled-leaf1 ] uplink_interfaces: [ Ethernet52 ] + bgp_as: 65000 node_groups: - group: TRANSIT_SITE_HA_ENABLED # Disable HA IPsec @@ -199,6 +199,7 @@ wan_rr: loopback_ipv4_pool: 192.168.44.0/24 vtep_loopback_ipv4_pool: 192.168.144.0/24 data_plane_cpu_allocation_max: 1 + bgp_as: 65000 nodes: - name: cv-pathfinder-pathfinder id: 1 diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index cbad959ac30..c35aa492fe1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -107,7 +107,7 @@ def _generate_ha_path_group(self) -> dict: "static_peers": [ { "router_ip": self._wan_ha_peer_vtep_ip(), - "name": self.shared_utils.wan_ha_path_group_name, + "name": self.shared_utils.wan_ha_peer, "ipv4_addresses": [ip_address.split("/")[0] for ip_address in self.shared_utils.wan_ha_peer_ip_addresses], } ], From f99d38c34a8b2d267e0a717666bc869f1059ee7e Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Fri, 23 Feb 2024 08:59:04 +0100 Subject: [PATCH 11/11] Address review comments --- .../plugin_utils/eos_designs_shared_utils/wan.py | 8 ++++---- .../docs/tables/node-type-wan-configuration.md | 16 ++++++++-------- .../avd/roles/eos_designs/docs/wan-preview.md | 2 +- .../python_modules/network_services/utils.py | 2 +- .../eos_designs/schemas/eos_designs.schema.yml | 2 +- .../schema_fragments/defs_node_type.schema.yml | 2 +- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index 56212442707..a5827e55112 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -386,7 +386,7 @@ def wan_ha(self: SharedUtils) -> bool: return get(self.switch_data_combined, "wan_ha.enabled", default=True) and len(self.switch_data_node_group_nodes) == 2 @cached_property - def wan_ha_path_group_name(self) -> str: + def wan_ha_path_group_name(self: SharedUtils) -> str: """ Return HA path group name for the WAN design. Used in both network services and overlay python modules. @@ -396,7 +396,7 @@ def wan_ha_path_group_name(self) -> str: return "LAN_HA" @cached_property - def is_first_ha_peer(self) -> bool: + def is_first_ha_peer(self: SharedUtils) -> bool: """ Returns True if the device is the first device in the node_group, false otherwise. @@ -419,7 +419,7 @@ def wan_ha_peer(self: SharedUtils) -> str | None: raise AristaAvdError("Unable to find WAN HA peer within same node group") @cached_property - def wan_ha_peer_ip_addresses(self) -> list: + def wan_ha_peer_ip_addresses(self: SharedUtils) -> list: """ Read the IP addresses/prefix length from HA peer uplinks Used also to generate the prefix list of the PEER HA prefixes @@ -443,7 +443,7 @@ def wan_ha_peer_ip_addresses(self) -> list: return ip_addresses @cached_property - def wan_ha_ip_addresses(self) -> list: + def wan_ha_ip_addresses(self: SharedUtils) -> list: """ Read the IP addresses/prefix length from this device uplinks used for HA. Used to generate the prefix list. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md index 7be22a86bef..a6820f28545 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md @@ -14,7 +14,7 @@ | [    cv_pathfinder_region](## ".defaults.cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [    cv_pathfinder_site](## ".defaults.cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | | [    wan_ha](## ".defaults.wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | - | [      enabled](## ".defaults.wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [      enabled](## ".defaults.wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | | [      ipsec](## ".defaults.wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [    dps_mss_ipv4](## ".defaults.dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  node_groups](## ".node_groups") | List, items: Dictionary | | | | Define variables related to all nodes part of this group. | @@ -26,7 +26,7 @@ | [          cv_pathfinder_region](## ".node_groups.[].nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [          cv_pathfinder_site](## ".node_groups.[].nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | | [          wan_ha](## ".node_groups.[].nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | - | [            enabled](## ".node_groups.[].nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [            enabled](## ".node_groups.[].nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | | [            ipsec](## ".node_groups.[].nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [          dps_mss_ipv4](## ".node_groups.[].nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [      wan_role](## ".node_groups.[].wan_role") | String | | | Valid Values:
- client
- server | PREVIEW: This key is currently not supported
Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | @@ -34,7 +34,7 @@ | [      cv_pathfinder_region](## ".node_groups.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".node_groups.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | | [      wan_ha](## ".node_groups.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | - | [        enabled](## ".node_groups.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [        enabled](## ".node_groups.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | | [        ipsec](## ".node_groups.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".node_groups.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | @@ -44,7 +44,7 @@ | [      cv_pathfinder_region](## ".nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | | [      wan_ha](## ".nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | - | [        enabled](## ".nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. | + | [        enabled](## ".nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | | [        ipsec](## ".nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | @@ -94,7 +94,7 @@ # Maximum 2 devices supported by group for HA. wan_ha: - # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. enabled: # Enable / Disable IPsec over HA path-group when HA is enabled. @@ -156,7 +156,7 @@ # Maximum 2 devices supported by group for HA. wan_ha: - # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. enabled: # Enable / Disable IPsec over HA path-group when HA is enabled. @@ -205,7 +205,7 @@ # Maximum 2 devices supported by group for HA. wan_ha: - # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. enabled: # Enable / Disable IPsec over HA path-group when HA is enabled. @@ -260,7 +260,7 @@ # Maximum 2 devices supported by group for HA. wan_ha: - # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. enabled: # Enable / Disable IPsec over HA path-group when HA is enabled. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index aae6625223f..a34e2e276ac 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -38,7 +38,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - Policies are assigned to VRFs using the list `wan_virtual_topologies.vrfs`. A policy can be reused in multiple VRFs. - If no policy is assigned for the `default` VRF policy, AVD auto generates one with one `default_virtual_topology` entry configured to use all available local path-groups. - For the policy defined for VRF `default` (or the auto-generared one), an extra match statement is injected in the policy to match the traffic towards the Pathfinders or AutoVPN RRs, the name of the application-profile is hardcoded as `CONTROL-PLANE-APPLICATION-PROFILE`. A special policy is created by appending `-WITH-CP` at the end of the targetted policy name. - - For HA, the considered interfaces are only the `uplink_interfaces` in VRF default. It is possible to disable HA at the site level. + - For HA, the considered interfaces are only the `uplink_interfaces` in VRF default. It is possible to disable HA under node settings. #### LAN Designs diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py index 05717883364..6a8134cb798 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py @@ -224,7 +224,7 @@ def _generate_wan_load_balance_policy(self, name: str, input_dict: dict, context wan_local_path_group_names = [path_group["name"] for path_group in self.shared_utils.wan_local_path_groups] wan_load_balance_policy = {"name": name, "path_groups": [], **get(input_dict, "constraints", default={})} - if self.shared_utils.wan_ha is True or self.shared_utils.cv_pathfinder_role == "pathfinder": + if self.shared_utils.wan_ha or self.shared_utils.cv_pathfinder_role == "pathfinder": # Adding HA path-group with priority 1 - it does not count as an entry with priority 1 wan_load_balance_policy["path_groups"].append({"name": self.shared_utils.wan_ha_path_group_name}) diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 44b58d13de5..7145402ea4f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -7577,7 +7577,7 @@ $defs: type: bool default: true description: Enable / Disable auto CV-Pathfinder HA, when two nodes - are defined in node group. + are defined in the same node_group. ipsec: type: bool default: true diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index 3d8fe200508..3db8b35a3d1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -1177,7 +1177,7 @@ $defs: enabled: type: bool default: true - description: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in node group. + description: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. ipsec: type: bool default: true