diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg index 8c057a6bc8f..f8119cb248b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-common-path-group.cfg @@ -256,11 +256,7 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:511 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.42.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.2:511 additive ! @@ -308,7 +304,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2 redistribute connected route-map RM-CONN-2-BGP ! @@ -344,7 +340,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.100_vrf_IT redistribute connected @@ -354,7 +350,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.2 - neighbor 172.17.0.2 remote-as 65000 + neighbor 172.17.0.2 remote-as 65199 neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.2 description site-ha-disabled-leaf_Ethernet2.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg index 024f80a0aea..d32f1c865bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg @@ -311,11 +311,7 @@ ip prefix-list PL-STATIC-VRF-DEFAULT ip route 172.16.0.0/16 172.16.5.4 ip route 66.66.66.0/24 172.17.0.0 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN -! -route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.42.1:511 additive ! @@ -369,7 +365,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder @@ -408,7 +404,7 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.42.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.100_vrf_IT redistribute connected @@ -418,7 +414,7 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.42.1 - neighbor 172.17.0.0 remote-as 65000 + neighbor 172.17.0.0 remote-as 65199 neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.0 description site-ha-disabled-leaf_Ethernet1.42_vrf_PROD redistribute connected diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg new file mode 100644 index 00000000000..246d3315fcd --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg @@ -0,0 +1,476 @@ +!RANCID-CONTENT-TYPE: arista +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 + no shutdown +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-edge2A +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + path-group LAN_HA id 65535 + ipsec profile DP-PROFILE + flow assignment lan + ! + local interface Ethernet52 + ! + local interface Ethernet53 + ! + peer static router-ip 192.168.142.3 + name cv-pathfinder-edge2B + ipv4 address 172.17.0.9 + ipv4 address 172.17.0.11 + ! + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group INET + path-group LAN_HA + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group INET priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group INET priority 2 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.142.2 + ! + ike policy CP-IKE-POLICY + local-id 192.168.142.2 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + ip address 192.168.142.2/32 +! +interface Ethernet1 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.5/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.5/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.5/31 +! +interface Ethernet53 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.7/31 +! +interface Ethernet53.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.7/31 +! +interface Ethernet53.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.7/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.2/32 +! +interface Vxlan1 + description cv-pathfinder-edge2A_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.42.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.8/31 + seq 20 permit 172.17.0.10/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.4/31 + seq 20 permit 172.17.0.6/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.42.2:423 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.2 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 remote-as 65199 + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 remote-as 65199 + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.42.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.42.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.42.2 + neighbor 172.17.0.4 remote-as 65199 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT + neighbor 172.17.0.6 remote-as 65199 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.42.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.42.2 + neighbor 172.17.0.4 remote-as 65199 + neighbor 172.17.0.4 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.4 description site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD + neighbor 172.17.0.6 remote-as 65199 + neighbor 172.17.0.6 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.6 description site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD + redistribute connected +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg new file mode 100644 index 00000000000..36b51213649 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg @@ -0,0 +1,471 @@ +!RANCID-CONTENT-TYPE: arista +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 + no shutdown +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-edge2B +! +router adaptive-virtual-topology + topology role edge + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site423 id 423 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group LAN_HA id 65535 + ipsec profile DP-PROFILE + flow assignment lan + ! + local interface Ethernet52 + ! + local interface Ethernet53 + ! + peer static router-ip 192.168.142.2 + name cv-pathfinder-edge2A + ipv4 address 172.17.0.5 + ipv4 address 172.17.0.7 + ! + path-group MPLS id 100 + ! + local interface Ethernet2 + stun server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 172.16.0.1 + ! + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group LAN_HA + path-group MPLS priority 42 + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group MPLS +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.142.3 + ! + ike policy CP-IKE-POLICY + local-id 192.168.142.3 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + ip address 192.168.142.3/32 +! +interface Ethernet2 + no shutdown + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.15.6.6/31 +! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.9/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.9/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.9/31 +! +interface Ethernet53 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.11/31 +! +interface Ethernet53.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.11/31 +! +interface Ethernet53.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.11/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.42.3/32 +! +interface Vxlan1 + description cv-pathfinder-edge2B_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.42.2:423 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.42.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.4/31 + seq 20 permit 172.17.0.6/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.8/31 + seq 20 permit 172.17.0.10/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.42.2:423 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.42.2:423 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.42.3 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 remote-as 65199 + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 remote-as 65199 + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.42.3:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.42.3:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.42.3 + neighbor 172.17.0.8 remote-as 65199 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT + neighbor 172.17.0.10 remote-as 65199 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.42.3:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.42.3 + neighbor 172.17.0.8 remote-as 65199 + neighbor 172.17.0.8 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.8 description site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD + neighbor 172.17.0.10 remote-as 65199 + neighbor 172.17.0.10 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.10 description site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD + redistribute connected +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip address 172.16.0.1 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index 3db6c6ddd92..e570e7a4064 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -114,6 +114,9 @@ router path-selection ! local interface Ethernet3 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -124,37 +127,45 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index ad7d201a57b..87cd1f7baa1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -120,6 +120,9 @@ router path-selection name cv-pathfinder-pathfinder2 ipv4 address 10.9.9.9 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -128,36 +131,44 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index 6852bc90ef4..d15b4856665 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -120,6 +120,9 @@ router path-selection name cv-pathfinder-pathfinder1 ipv4 address 10.8.8.8 ! + path-group LAN_HA id 65535 + flow assignment lan + ! path-group LTE id 102 ! path-group MPLS id 100 @@ -134,37 +137,45 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group Equinix path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group LTE path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg similarity index 81% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg index 15212bfdfe5..34295a82050 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg @@ -14,7 +14,7 @@ service routing protocols model multi-agent ! ip as-path access-list ASPATH-WAN permit 65000 any ! -hostname cv-pathfinder-transit +hostname cv-pathfinder-transit1A ! router adaptive-virtual-topology topology role transit region @@ -122,6 +122,15 @@ router path-selection ipv4 address 10.7.7.7 ipv4 address 10.9.9.9 ! + path-group LAN_HA id 65535 + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.143.2 + name cv-pathfinder-transit1B + ipv4 address 172.17.0.3 + ! path-group MPLS id 100 ! local interface Ethernet2.42 @@ -135,35 +144,43 @@ router path-selection ! load-balance policy LB-CONTROL-PLANE-PROFILE path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 42 ! load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO path-group INET + path-group LAN_HA path-group MPLS ! load-balance policy LB-PROD-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VIDEO loss-rate 42.0 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-PROD-AVT-POLICY-VOICE jitter 42 + path-group LAN_HA path-group MPLS path-group INET priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT path-group INET + path-group LAN_HA path-group MPLS priority 2 ! load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA path-group MPLS path-group INET priority 2 ! @@ -182,6 +199,9 @@ vrf instance TRANSIT ! ip security ! + ike policy DP-IKE-POLICY + local-id 192.168.143.1 + ! ike policy CP-IKE-POLICY local-id 192.168.143.1 ! @@ -194,6 +214,7 @@ ip security pfs dh-group 14 ! profile DP-PROFILE + ike-policy DP-IKE-POLICY sa-policy DP-SA-POLICY connection start shared-key 7 ABCDEF1234567890666 @@ -238,13 +259,37 @@ interface Ethernet2.42 flow tracker hardware WAN-FLOW-TRACKER ip address 172.16.6.6/31 ! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.1/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.1/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.1/31 +! interface Loopback0 description Router_ID no shutdown ip address 192.168.43.1/32 ! interface Vxlan1 - description cv-pathfinder-transit_VTEP + description cv-pathfinder-transit1A_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -306,11 +351,27 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY seq 10 permit 192.168.43.0/24 eq 32 ! -route-map RM-BGP-UNDERLAY-PEERS-IN deny 20 - description Deny prefixes from WAN - match as-path ASPATH-WAN +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.2/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.0/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto ! route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 description Mark prefixes originated from the LAN set extcommunity soo 192.168.43.1:422 additive ! @@ -322,10 +383,17 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 description Advertise routes received from WAN iBGP towards LAN match route-type internal ! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! route-map RM-CONN-2-BGP permit 10 match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set extcommunity soo 192.168.43.1:422 additive ! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 match extcommunity ECL-EVPN-SOO ! @@ -346,6 +414,7 @@ router bgp 65000 update wait-install no bgp default ipv4-unicast neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 neighbor IPv4-UNDERLAY-PEERS send-community neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in @@ -359,6 +428,9 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 remote-as 65199 + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1 neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS neighbor 192.168.144.1 description cv-pathfinder-pathfinder redistribute connected route-map RM-CONN-2-BGP @@ -395,6 +467,9 @@ router bgp 65000 route-target import evpn 100:100 route-target export evpn 100:100 router-id 192.168.43.1 + neighbor 172.17.0.0 remote-as 65199 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.100_vrf_IT redistribute connected ! vrf PROD @@ -402,6 +477,9 @@ router bgp 65000 route-target import evpn 42:42 route-target export evpn 42:42 router-id 192.168.43.1 + neighbor 172.17.0.0 remote-as 65199 + neighbor 172.17.0.0 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.0 description site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD redistribute connected ! vrf TRANSIT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg new file mode 100644 index 00000000000..b80503236d5 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg @@ -0,0 +1,510 @@ +!RANCID-CONTENT-TYPE: arista +! +flow tracking hardware + tracker WAN-FLOW-TRACKER + record export on inactive timeout 70000 + record export on interval 5000 + exporter DPI-EXPORTER + collector 127.0.0.1 + local interface Loopback0 + template interval 5000 + no shutdown +! +service routing protocols model multi-agent +! +ip as-path access-list ASPATH-WAN permit 65000 any +! +hostname cv-pathfinder-transit1B +! +router adaptive-virtual-topology + topology role transit region + region AVD_Land_West id 42 + zone DEFAULT-ZONE id 1 + site Site422 id 422 + ! + policy DEFAULT-AVT-POLICY + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy DEFAULT-AVT-POLICY-WITH-CP + ! + match application-profile CONTROL-PLANE-APPLICATION-PROFILE + avt profile CONTROL-PLANE-PROFILE + ! + match application-profile VIDEO + avt profile DEFAULT-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile DEFAULT-AVT-POLICY-DEFAULT + ! + policy PROD-AVT-POLICY + ! + match application-profile VOICE + avt profile PROD-AVT-POLICY-VOICE + ! + match application-profile VIDEO + avt profile PROD-AVT-POLICY-VIDEO + ! + match application-profile default + avt profile PROD-AVT-POLICY-DEFAULT + ! + policy TRANSIT-AVT-POLICY + ! + match application-profile VOICE + avt profile TRANSIT-AVT-POLICY-VOICE + ! + match application-profile default + avt profile TRANSIT-AVT-POLICY-DEFAULT + ! + profile CONTROL-PLANE-PROFILE + path-selection load-balance LB-CONTROL-PLANE-PROFILE + ! + profile DEFAULT-AVT-POLICY-DEFAULT + path-selection load-balance LB-DEFAULT-AVT-POLICY-DEFAULT + ! + profile DEFAULT-AVT-POLICY-VIDEO + path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-DEFAULT + path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT + ! + profile PROD-AVT-POLICY-VIDEO + path-selection load-balance LB-PROD-AVT-POLICY-VIDEO + ! + profile PROD-AVT-POLICY-VOICE + path-selection load-balance LB-PROD-AVT-POLICY-VOICE + ! + profile TRANSIT-AVT-POLICY-DEFAULT + path-selection load-balance LB-TRANSIT-AVT-POLICY-DEFAULT + ! + profile TRANSIT-AVT-POLICY-VOICE + path-selection load-balance LB-TRANSIT-AVT-POLICY-VOICE + ! + vrf default + avt policy DEFAULT-AVT-POLICY-WITH-CP + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + avt profile CONTROL-PLANE-PROFILE id 254 + ! + vrf IT + avt policy DEFAULT-AVT-POLICY + avt profile DEFAULT-AVT-POLICY-DEFAULT id 1 + avt profile DEFAULT-AVT-POLICY-VIDEO id 3 + ! + vrf PROD + avt policy PROD-AVT-POLICY + avt profile PROD-AVT-POLICY-DEFAULT id 1 + avt profile PROD-AVT-POLICY-VOICE id 2 + avt profile PROD-AVT-POLICY-VIDEO id 4 + ! + vrf TRANSIT + avt policy TRANSIT-AVT-POLICY + avt profile TRANSIT-AVT-POLICY-DEFAULT id 1 + avt profile TRANSIT-AVT-POLICY-VOICE id 42 +! +router path-selection + tcp mss ceiling ipv4 ingress + ! + path-group INET id 101 + ipsec profile CP-PROFILE + ! + local interface Ethernet1.42 + stun server-profile INET-cv-pathfinder-pathfinder-Ethernet1 INET-cv-pathfinder-pathfinder-Ethernet3 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 10.7.7.7 + ipv4 address 10.9.9.9 + ! + path-group LAN_HA id 65535 + flow assignment lan + ! + local interface Ethernet52 + ! + peer static router-ip 192.168.143.1 + name cv-pathfinder-transit1A + ipv4 address 172.17.0.1 + ! + path-group MPLS id 100 + ! + local interface Ethernet2.42 + stun server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ! + peer dynamic + ! + peer static router-ip 192.168.144.1 + name cv-pathfinder-pathfinder + ipv4 address 172.16.0.1 + ! + load-balance policy LB-CONTROL-PLANE-PROFILE + path-group INET + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-DEFAULT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 42 + ! + load-balance policy LB-DEFAULT-AVT-POLICY-VIDEO + path-group INET + path-group LAN_HA + path-group MPLS + ! + load-balance policy LB-PROD-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VIDEO + loss-rate 42.0 + path-group LAN_HA + path-group MPLS + path-group INET priority 2 + ! + load-balance policy LB-PROD-AVT-POLICY-VOICE + jitter 42 + path-group LAN_HA + path-group MPLS + path-group INET priority 2 + ! + load-balance policy LB-TRANSIT-AVT-POLICY-DEFAULT + path-group INET + path-group LAN_HA + path-group MPLS priority 2 + ! + load-balance policy LB-TRANSIT-AVT-POLICY-VOICE + path-group LAN_HA + path-group MPLS + path-group INET priority 2 +! +spanning-tree mode none +! +no enable password +no aaa root +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +vrf instance TRANSIT +! +ip security + ! + ike policy DP-IKE-POLICY + local-id 192.168.143.2 + ! + ike policy CP-IKE-POLICY + local-id 192.168.143.2 + ! + sa policy DP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + sa policy CP-SA-POLICY + esp encryption aes128 + pfs dh-group 14 + ! + profile DP-PROFILE + ike-policy DP-IKE-POLICY + sa-policy DP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890666 + dpd 10 50 clear + mode transport + ! + profile CP-PROFILE + ike-policy CP-IKE-POLICY + sa-policy CP-SA-POLICY + connection start + shared-key 7 ABCDEF1234567890 + dpd 10 50 clear + mode transport + ! + key controller + profile DP-PROFILE +! +interface Dps1 + description DPS Interface + mtu 9214 + flow tracker hardware WAN-FLOW-TRACKER + ip address 192.168.143.2/32 +! +interface Ethernet1 + no shutdown + no switchport +! +interface Ethernet1.42 + no shutdown + encapsulation dot1q vlan 42 + flow tracker hardware WAN-FLOW-TRACKER + ip address dhcp + dhcp client accept default-route +! +interface Ethernet2 + no shutdown + no switchport +! +interface Ethernet2.42 + no shutdown + encapsulation dot1q vlan 666 + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.16.6.6/31 +! +interface Ethernet52 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + no shutdown + mtu 9214 + no switchport + flow tracker hardware WAN-FLOW-TRACKER + ip address 172.17.0.3/31 +! +interface Ethernet52.42 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.3/31 +! +interface Ethernet52.100 + description P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.3/31 +! +interface Loopback0 + description Router_ID + no shutdown + ip address 192.168.43.2/32 +! +interface Vxlan1 + description cv-pathfinder-transit1B_VTEP + vxlan source-interface Dps1 + vxlan udp-port 4789 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 + vxlan vrf TRANSIT vni 66 +! +application traffic recognition + ! + application ipv4 CONTROL-PLANE-APPLICATION + destination prefix field-set CONTROL-PLANE-APP-DEST-PREFIXES + ! + application ipv4 CUSTOM-APPLICATION-1 + source prefix field-set CUSTOM-SRC-PREFIX-1 + destination prefix field-set CUSTOM-DEST-PREFIX-1 + protocol tcp + ! + application ipv4 CUSTOM-APPLICATION-2 + protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2 + ! + category VIDEO1 + application CUSTOM-APPLICATION-2 + application microsoft-teams + ! + application-profile CONTROL-PLANE-APPLICATION-PROFILE + application CONTROL-PLANE-APPLICATION + ! + application-profile VIDEO + application CUSTOM-APPLICATION-1 + application skype + category VIDEO1 + ! + application-profile VOICE + application CUSTOM-VOICE-APPLICATION + ! + field-set ipv4 prefix CONTROL-PLANE-APP-DEST-PREFIXES + 192.168.144.1/32 + ! + field-set ipv4 prefix CUSTOM-DEST-PREFIX-1 + 6.6.6.0/24 + ! + field-set ipv4 prefix CUSTOM-SRC-PREFIX-1 + 42.42.42.0/24 + ! + field-set l4-port TCP-DEST-2 + 666, 777 + ! + field-set l4-port TCP-SRC-2 + 42 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +ip routing vrf TRANSIT +! +ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.43.1:422 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.43.0/24 eq 32 +! +ip prefix-list PL-WAN-HA-PEER-PREFIXES + seq 10 permit 172.17.0.0/31 +! +ip prefix-list PL-WAN-HA-PREFIXES + seq 10 permit 172.17.0.2/31 +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 10 + description Allow WAN HA peer interface prefixes + match ip address prefix-list PL-WAN-HA-PEER-PREFIXES +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 20 + description Allow prefixes originated from the HA peer + match extcommunity ECL-EVPN-SOO + set as-path match all replacement auto auto +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 30 + description Use WAN routes from HA peer as backup + match as-path ASPATH-WAN + set community no-advertise +! +route-map RM-BGP-UNDERLAY-PEERS-IN permit 40 + description Mark prefixes originated from the LAN + set extcommunity soo 192.168.43.1:422 additive +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10 + description Advertise local routes towards LAN + match extcommunity ECL-EVPN-SOO +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20 + description Advertise routes received from WAN iBGP towards LAN + match route-type internal +! +route-map RM-BGP-UNDERLAY-PEERS-OUT permit 30 + description Advertise WAN HA prefixes towards LAN + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set extcommunity soo 192.168.43.1:422 additive +! +route-map RM-CONN-2-BGP permit 50 + match ip address prefix-list PL-WAN-HA-PREFIXES +! +route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN deny 10 + match extcommunity ECL-EVPN-SOO +! +route-map RM-EVPN-SOO-IN permit 20 +! +route-map RM-EVPN-SOO-OUT permit 10 + set extcommunity soo 192.168.43.1:422 additive +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65000 + router-id 192.168.43.2 + maximum-paths 16 + update wait-install + no bgp default ipv4-unicast + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS allowas-in 1 + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-IN in + neighbor IPv4-UNDERLAY-PEERS route-map RM-BGP-UNDERLAY-PEERS-OUT out + neighbor WAN-OVERLAY-PEERS peer group + neighbor WAN-OVERLAY-PEERS remote-as 65000 + neighbor WAN-OVERLAY-PEERS update-source Dps1 + neighbor WAN-OVERLAY-PEERS bfd + neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10 + neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1 + neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ== + neighbor WAN-OVERLAY-PEERS send-community + neighbor WAN-OVERLAY-PEERS maximum-routes 0 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 remote-as 65199 + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2 + neighbor 192.168.144.1 peer group WAN-OVERLAY-PEERS + neighbor 192.168.144.1 description cv-pathfinder-pathfinder + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in + neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out + neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 + neighbor IPv4-UNDERLAY-PEERS activate + no neighbor WAN-OVERLAY-PEERS activate + ! + address-family ipv4 sr-te + neighbor WAN-OVERLAY-PEERS activate + ! + address-family link-state + neighbor WAN-OVERLAY-PEERS activate + path-selection + ! + address-family path-selection + bgp additional-paths receive + bgp additional-paths send any + neighbor WAN-OVERLAY-PEERS activate + ! + vrf default + rd 192.168.43.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT + ! + vrf IT + rd 192.168.43.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.43.2 + neighbor 172.17.0.2 remote-as 65199 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.43.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.43.2 + neighbor 172.17.0.2 remote-as 65199 + neighbor 172.17.0.2 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.2 description site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + redistribute connected + ! + vrf TRANSIT + rd 192.168.43.2:66 + route-target import evpn 66:66 + route-target export evpn 66:66 + router-id 192.168.43.2 + redistribute connected +! +router traffic-engineering +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +stun + client + server-profile INET-cv-pathfinder-pathfinder-Ethernet1 + ip address 10.7.7.7 + server-profile INET-cv-pathfinder-pathfinder-Ethernet3 + ip address 10.9.9.9 + server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip address 172.16.0.1 +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg index 7677a416156..0a962cbfeda 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-disabled-leaf.cfg @@ -72,12 +72,12 @@ interface Ethernet2.100 interface Loopback0 description EVPN_Overlay_Peering no shutdown - ip address 192.168.45.3/32 + ip address 192.168.45.4/32 ! interface Loopback1 description VTEP_VXLAN_Tunnel_Source no shutdown - ip address 192.168.255.3/32 + ip address 192.168.255.4/32 ! interface Vlan100 description VLAN100 @@ -112,8 +112,8 @@ route-map RM-CONN-2-BGP permit 10 router bfd multihop interval 300 min-rx 300 multiplier 3 ! -router bgp 65000 - router-id 192.168.45.3 +router bgp 65199 + router-id 192.168.45.4 maximum-paths 4 ecmp 4 update wait-install no bgp default ipv4-unicast @@ -135,12 +135,12 @@ router bgp 65000 redistribute connected route-map RM-CONN-2-BGP ! vlan 100 - rd 192.168.45.3:1100 + rd 192.168.45.4:1100 route-target both 1100:1100 redistribute learned ! vlan 101 - rd 192.168.45.3:1101 + rd 192.168.45.4:1101 route-target both 1101:1101 redistribute learned ! @@ -152,15 +152,15 @@ router bgp 65000 neighbor IPv4-UNDERLAY-PEERS activate ! vrf default - rd 192.168.45.3:1 + rd 192.168.45.4:1 route-target import evpn 1:1 route-target export evpn 1:1 ! vrf IT - rd 192.168.45.3:100 + rd 192.168.45.4:100 route-target import evpn 100:100 route-target export evpn 100:100 - router-id 192.168.45.3 + router-id 192.168.45.4 neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.100_vrf_IT @@ -170,10 +170,10 @@ router bgp 65000 redistribute connected ! vrf PROD - rd 192.168.45.3:42 + rd 192.168.45.4:42 route-target import evpn 42:42 route-target export evpn 42:42 - router-id 192.168.45.3 + router-id 192.168.45.4 neighbor 172.17.0.1 remote-as 65000 neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS neighbor 172.17.0.1 description cv-pathfinder-edge_Ethernet52.42_vrf_PROD diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg new file mode 100644 index 00000000000..b09f8c9740f --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf1.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf1 +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.0/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.0/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.0/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.2/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.2/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.2/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.1/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.1/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf1_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65199 + router-id 192.168.45.1 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.1:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.1:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.1:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.1:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.1 + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52.100_vrf_IT + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.1:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.1 + neighbor 172.17.0.1 remote-as 65000 + neighbor 172.17.0.1 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.1 description cv-pathfinder-transit1A_Ethernet52.42_vrf_PROD + neighbor 172.17.0.3 remote-as 65000 + neighbor 172.17.0.3 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.3 description cv-pathfinder-transit1B_Ethernet52.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg new file mode 100644 index 00000000000..878901518be --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2A.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf2A +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.4/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.4/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.4/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.8/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.8/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.8/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.2/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.2/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf2A_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65199 + router-id 192.168.45.2 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.2:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.2:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.2:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.2:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.2 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52.100_vrf_IT + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.2:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.2 + neighbor 172.17.0.5 remote-as 65000 + neighbor 172.17.0.5 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.5 description cv-pathfinder-edge2A_Ethernet52.42_vrf_PROD + neighbor 172.17.0.9 remote-as 65000 + neighbor 172.17.0.9 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.9 description cv-pathfinder-edge2B_Ethernet52.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg new file mode 100644 index 00000000000..a8ddf9a9f1e --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/site-ha-enabled-leaf2B.cfg @@ -0,0 +1,192 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname site-ha-enabled-leaf2B +! +no enable password +no aaa root +! +vlan 100 + name VLAN100 +! +vlan 101 + name VLAN101 +! +vrf instance IT +! +vrf instance MGMT +! +vrf instance PROD +! +interface Ethernet1 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.6/31 +! +interface Ethernet1.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.6/31 +! +interface Ethernet1.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.6/31 +! +interface Ethernet2 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53 + no shutdown + mtu 9214 + no switchport + ip address 172.17.0.10/31 +! +interface Ethernet2.42 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.42_vrf_PROD + no shutdown + mtu 9214 + encapsulation dot1q vlan 42 + vrf PROD + ip address 172.17.0.10/31 +! +interface Ethernet2.100 + description P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.100_vrf_IT + no shutdown + mtu 9214 + encapsulation dot1q vlan 100 + vrf IT + ip address 172.17.0.10/31 +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 192.168.45.3/32 +! +interface Loopback1 + description VTEP_VXLAN_Tunnel_Source + no shutdown + ip address 192.168.255.3/32 +! +interface Vlan100 + description VLAN100 + shutdown + vrf PROD + ip address virtual 10.0.100.1/24 +! +interface Vxlan1 + description site-ha-enabled-leaf2B_VTEP + vxlan source-interface Loopback1 + vxlan udp-port 4789 + vxlan vlan 100 vni 1100 + vxlan vlan 101 vni 1101 + vxlan vrf default vni 1 + vxlan vrf IT vni 100 + vxlan vrf PROD vni 42 +! +ip virtual-router mac-address 00:1c:73:00:00:01 +! +ip routing +ip routing vrf IT +no ip routing vrf MGMT +ip routing vrf PROD +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 192.168.45.0/24 eq 32 + seq 20 permit 192.168.255.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65199 + router-id 192.168.45.3 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53 + redistribute connected route-map RM-CONN-2-BGP + ! + vlan 100 + rd 192.168.45.3:1100 + route-target both 1100:1100 + redistribute learned + ! + vlan 101 + rd 192.168.45.3:1101 + route-target both 1101:1101 + redistribute learned + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate + ! + vrf default + rd 192.168.45.3:1 + route-target import evpn 1:1 + route-target export evpn 1:1 + ! + vrf IT + rd 192.168.45.3:100 + route-target import evpn 100:100 + route-target export evpn 100:100 + router-id 192.168.45.3 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53.100_vrf_IT + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53.100_vrf_IT + redistribute connected + ! + vrf PROD + rd 192.168.45.3:42 + route-target import evpn 42:42 + route-target export evpn 42:42 + router-id 192.168.45.3 + neighbor 172.17.0.7 remote-as 65000 + neighbor 172.17.0.7 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.7 description cv-pathfinder-edge2A_Ethernet53.42_vrf_PROD + neighbor 172.17.0.11 remote-as 65000 + neighbor 172.17.0.11 peer group IPv4-UNDERLAY-PEERS + neighbor 172.17.0.11 description cv-pathfinder-edge2B_Ethernet53.42_vrf_PROD + redistribute connected +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml index 0b7d19a7b90..c7723bd9586 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-common-path-group.yml @@ -38,7 +38,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-disabled-leaf description: site-ha-disabled-leaf_Ethernet2 vrfs: @@ -47,7 +47,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.100_vrf_IT rd: 192.168.42.2:100 route_targets: @@ -66,7 +66,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.2 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet2.42_vrf_PROD rd: 192.168.42.2:42 route_targets: @@ -205,12 +205,7 @@ route_maps: - extcommunity soo 192.168.42.2:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index f987f0faae8..1e0504342cb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -44,7 +44,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' peer: site-ha-disabled-leaf description: site-ha-disabled-leaf_Ethernet1 - ip_address: 192.168.144.1 @@ -57,7 +57,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.100_vrf_IT rd: 192.168.42.1:100 route_targets: @@ -76,7 +76,7 @@ router_bgp: neighbors: - ip_address: 172.17.0.0 peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' + remote_as: '65199' description: site-ha-disabled-leaf_Ethernet1.42_vrf_PROD rd: 192.168.42.1:42 route_targets: @@ -233,12 +233,7 @@ route_maps: - extcommunity soo 192.168.42.1:511 additive - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: - - sequence: 20 - type: deny - description: Deny prefixes from WAN - match: - - as-path ASPATH-WAN - - sequence: 30 + - sequence: 40 type: permit description: Mark prefixes originated from the LAN set: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml new file mode 100644 index 00000000000..6ae477f1355 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -0,0 +1,661 @@ +hostname: cv-pathfinder-edge2A +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet1 + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet1.100_vrf_IT + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet1.100_vrf_IT + rd: 192.168.42.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet1.42_vrf_PROD + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet1.42_vrf_PROD + rd: 192.168.42.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +service_routing_protocols_model: multi-agent +ip_routing: true +transceiver_qsfp_default_mode_4x10: false +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.5/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.5/31 +- name: Ethernet53 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.7/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet53.100 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.7/31 +- name: Ethernet53.42 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.7/31 +- name: Ethernet1 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: routed + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.2/32 +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.4/31 + - sequence: 20 + action: permit 172.17.0.6/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.8/31 + - sequence: 20 + action: permit 172.17.0.10/31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.2 + - name: CP-IKE-POLICY + local_id: 192.168.142.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site423 + id: 423 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + - name: Ethernet53 + static_peers: + - router_ip: 192.168.142.3 + name: cv-pathfinder-edge2B + ipv4_addresses: + - 172.17.0.9 + - 172.17.0.11 + ipsec_profile: DP-PROFILE + load_balance_policies: + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: INET + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + priority: 2 + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9214 + ip_address: 192.168.142.2/32 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge2A_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 423-01 + cv_pathfinder: + role: edge + vtep_ip: 192.168.142.2 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site423 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: 423-01 + pathgroup: INET + pathfinders: + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml new file mode 100644 index 00000000000..5a719d87e84 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -0,0 +1,655 @@ +hostname: cv-pathfinder-edge2B +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.42.3 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet2 + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet2.100_vrf_IT + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet2.100_vrf_IT + rd: 192.168.42.3:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet2.42_vrf_PROD + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet2.42_vrf_PROD + rd: 192.168.42.3:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.42.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +service_routing_protocols_model: multi-agent +ip_routing: true +transceiver_qsfp_default_mode_4x10: false +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.9/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.9/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2A_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.9/31 +- name: Ethernet53 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.11/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet53.100 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.11/31 +- name: Ethernet53.42 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF2B_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.11/31 +- name: Ethernet2 + peer_type: l3_interface + ip_address: 172.15.6.6/31 + shutdown: false + type: routed + flow_tracker: + hardware: WAN-FLOW-TRACKER +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.42.3/32 +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.8/31 + - sequence: 20 + action: permit 172.17.0.10/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.4/31 + - sequence: 20 + action: permit 172.17.0.6/31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:423 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:423 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.3 + - name: CP-IKE-POLICY + local_id: 192.168.142.3 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site423 + id: 423 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + stun: + server_profiles: + - MPLS-cv-pathfinder-pathfinder-Ethernet2 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + - name: Ethernet53 + static_peers: + - router_ip: 192.168.142.2 + name: cv-pathfinder-edge2A + ipv4_addresses: + - 172.17.0.5 + - 172.17.0.7 + ipsec_profile: DP-PROFILE + load_balance_policies: + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: MPLS + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: MPLS + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: MPLS + priority: 42 +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip_address: 172.16.0.1 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9214 + ip_address: 192.168.142.3/32 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-edge2B_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10423' + cv_pathfinder: + role: edge + vtep_ip: 192.168.142.3 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site423 + interfaces: + - name: Ethernet2 + carrier: Colt + circuit_id: '10423' + pathgroup: MPLS + pathfinders: + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 7acc88cf1cb..2b1aa9ce8d4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -300,20 +300,26 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -321,26 +327,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -521,6 +532,8 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -528,6 +541,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -535,6 +550,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -549,6 +566,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -556,6 +575,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -565,6 +586,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -575,6 +598,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -582,6 +607,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -594,6 +621,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -601,6 +630,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index d1ddd0a1567..fdf7a691b67 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -320,19 +320,25 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -340,26 +346,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -512,11 +523,15 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -524,6 +539,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -538,6 +555,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -545,6 +564,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -554,6 +575,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -564,6 +587,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -571,6 +596,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -583,6 +610,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -590,6 +619,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 32ec4a94f1f..5423793e882 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -334,20 +334,26 @@ router_path_selection: id: 103 - name: Satellite id: 104 + - name: LAN_HA + id: 65535 + flow_assignment: lan peer_dynamic_source: stun load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: LTE - name: INET @@ -355,26 +361,31 @@ router_path_selection: loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: Equinix - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -541,6 +552,8 @@ metadata: - id: 254 name: CONTROL-PLANE-PROFILE pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -548,6 +561,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -555,6 +570,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -569,6 +586,8 @@ metadata: id: 2 name: PROD-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -576,6 +595,8 @@ metadata: - id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: LTE @@ -585,6 +606,8 @@ metadata: - id: 1 name: PROD-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS @@ -595,6 +618,8 @@ metadata: - id: 3 name: DEFAULT-AVT-POLICY-VIDEO pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -602,6 +627,8 @@ metadata: - id: 1 name: DEFAULT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: Equinix @@ -614,6 +641,8 @@ metadata: - id: 42 name: TRANSIT-AVT-POLICY-VOICE pathgroups: + - name: LAN_HA + preference: preferred - name: MPLS preference: preferred - name: INET @@ -621,6 +650,8 @@ metadata: - id: 1 name: TRANSIT-AVT-POLICY-DEFAULT pathgroups: + - name: LAN_HA + preference: preferred - name: INET preference: preferred - name: MPLS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml similarity index 82% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index 9a3a9a45535..59f19216a25 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -1,4 +1,4 @@ -hostname: cv-pathfinder-transit +hostname: cv-pathfinder-transit1A is_deployed: true router_bgp: as: '65000' @@ -17,6 +17,9 @@ router_bgp: send_community: all route_map_in: RM-BGP-UNDERLAY-PEERS-IN route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 - name: WAN-OVERLAY-PEERS type: wan update_source: Dps1 @@ -39,52 +42,24 @@ router_bgp: redistribute_routes: - source_protocol: connected route_map: RM-CONN-2-BGP - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: - any: true neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet1 - ip_address: 192.168.144.1 peer_group: WAN-OVERLAY-PEERS peer: cv-pathfinder-pathfinder description: cv-pathfinder-pathfinder vrfs: - - name: default - rd: 192.168.43.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet1.100_vrf_IT rd: 192.168.43.1:100 route_targets: import: @@ -99,6 +74,11 @@ router_bgp: - source_protocol: connected - name: PROD router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet1.42_vrf_PROD rd: 192.168.43.1:42 route_targets: import: @@ -111,6 +91,18 @@ router_bgp: - '42:42' redistribute_routes: - source_protocol: connected + - name: default + rd: 192.168.43.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: TRANSIT router_id: 192.168.43.1 rd: 192.168.43.1:66 @@ -125,6 +117,32 @@ router_bgp: - 66:66 redistribute_routes: - source_protocol: connected + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true service_routing_protocols_model: multi-agent ip_routing: true transceiver_qsfp_default_mode_4x10: false @@ -147,6 +165,39 @@ management_api_http: - name: MGMT enable_https: true ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.1/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.1/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet1.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.1/31 - name: Ethernet1.42 peer_type: l3_interface ip_address: dhcp @@ -188,6 +239,14 @@ prefix_lists: sequence_numbers: - sequence: 10 action: permit 192.168.43.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.2/31 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -197,18 +256,36 @@ route_maps: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY set: - extcommunity soo 192.168.43.1:422 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-BGP-UNDERLAY-PEERS-IN sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.43.1:422 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES - sequence: 20 - type: deny - description: Deny prefixes from WAN + type: permit + description: Allow prefixes originated from the HA peer match: - - as-path ASPATH-WAN + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto - sequence: 30 type: permit - description: Mark prefixes originated from the LAN + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN set: - - extcommunity soo 192.168.43.1:422 additive + - community no-advertise - name: RM-BGP-UNDERLAY-PEERS-OUT sequence_numbers: - sequence: 10 @@ -221,6 +298,11 @@ route_maps: description: Advertise routes received from WAN iBGP towards LAN match: - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES - name: RM-EVPN-SOO-IN sequence_numbers: - sequence: 10 @@ -262,6 +344,8 @@ ip_extcommunity_lists: extcommunities: soo 192.168.43.1:422 ip_security: ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.143.1 - name: CP-IKE-POLICY local_id: 192.168.143.1 sa_policies: @@ -275,6 +359,7 @@ ip_security: pfs_dh_group: 14 profiles: - name: DP-PROFILE + ike_policy: DP-IKE-POLICY sa_policy: DP-SA-POLICY connection: start shared_key: ABCDEF1234567890666 @@ -425,44 +510,62 @@ router_path_selection: name: cv-pathfinder-pathfinder ipv4_addresses: - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.143.2 + name: cv-pathfinder-transit1B + ipv4_addresses: + - 172.17.0.3 load_balance_policies: - name: LB-CONTROL-PLANE-PROFILE path_groups: + - name: LAN_HA - name: INET - name: MPLS - name: LB-PROD-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 jitter: 42 - name: LB-PROD-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 - name: LB-DEFAULT-AVT-POLICY-VIDEO path_groups: + - name: LAN_HA - name: MPLS - name: INET - name: LB-DEFAULT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 42 - name: LB-TRANSIT-AVT-POLICY-VOICE path_groups: + - name: LAN_HA - name: MPLS - name: INET priority: 2 - name: LB-TRANSIT-AVT-POLICY-DEFAULT path_groups: + - name: LAN_HA - name: INET - name: MPLS priority: 2 @@ -538,7 +641,7 @@ dps_interfaces: hardware: WAN-FLOW-TRACKER vxlan_interface: Vxlan1: - description: cv-pathfinder-transit_VTEP + description: cv-pathfinder-transit1A_VTEP vxlan: udp_port: 4789 source_interface: Dps1 @@ -563,6 +666,10 @@ metadata: - name: Site value: Site422 interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan - interface: Ethernet1 tags: - name: Type diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml new file mode 100644 index 00000000000..8dfa33db598 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -0,0 +1,696 @@ +hostname: cv-pathfinder-transit1B +is_deployed: true +router_bgp: + as: '65000' + router_id: 192.168.43.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 16 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + allowas_in: + enabled: true + times: 1 + - name: WAN-OVERLAY-PEERS + type: wan + update_source: Dps1 + bfd: true + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + remote_as: '65000' + ttl_maximum_hops: 1 + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder + vrfs: + - name: IT + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet2.100_vrf_IT + rd: 192.168.43.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet2.42_vrf_PROD + rd: 192.168.43.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.43.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: TRANSIT + router_id: 192.168.43.2 + rd: 192.168.43.2:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + redistribute_routes: + - source_protocol: connected + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + bgp: + additional_paths: + receive: true + send: + any: true +service_routing_protocols_model: multi-agent +ip_routing: true +transceiver_qsfp_default_mode_4x10: false +spanning_tree: + mode: none +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +- name: TRANSIT + tenant: TenantB + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet52 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2 + peer_type: l3leaf + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.3/31 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet52.100 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.100 + peer_type: l3leaf + vrf: IT + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.3/31 +- name: Ethernet52.42 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.42 + peer_type: l3leaf + vrf: PROD + description: P2P_LINK_TO_SITE-HA-ENABLED-LEAF1_Ethernet2.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.3/31 +- name: Ethernet1.42 + peer_type: l3_interface + ip_address: dhcp + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + dhcp_client_accept_default_route: true + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet2.42 + peer_type: l3_interface + ip_address: 172.16.6.6/31 + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 666 + flow_tracker: + hardware: WAN-FLOW-TRACKER +- name: Ethernet1 + type: routed + peer_type: l3_interface + shutdown: false +- name: Ethernet2 + type: routed + peer_type: l3_interface + shutdown: false +loopback_interfaces: +- name: Loopback0 + description: Router_ID + shutdown: false + ip_address: 192.168.43.2/32 +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.43.0/24 eq 32 +- name: PL-WAN-HA-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.2/31 +- name: PL-WAN-HA-PEER-PREFIXES + sequence_numbers: + - sequence: 10 + action: permit 172.17.0.0/31 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.43.1:422 additive + - sequence: 50 + type: permit + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.43.1:422 additive + - sequence: 10 + type: permit + description: Allow WAN HA peer interface prefixes + match: + - ip address prefix-list PL-WAN-HA-PEER-PREFIXES + - sequence: 20 + type: permit + description: Allow prefixes originated from the HA peer + match: + - extcommunity ECL-EVPN-SOO + set: + - as-path match all replacement auto auto + - sequence: 30 + type: permit + description: Use WAN routes from HA peer as backup + match: + - as-path ASPATH-WAN + set: + - community no-advertise +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Advertise local routes towards LAN + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit + description: Advertise routes received from WAN iBGP towards LAN + match: + - route-type internal + - sequence: 30 + type: permit + description: Advertise WAN HA prefixes towards LAN + match: + - ip address prefix-list PL-WAN-HA-PREFIXES +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.43.1:422 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +flow_tracking: + hardware: + trackers: + - name: WAN-FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: DPI-EXPORTER + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 5000 + shutdown: false +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.43.1:422 +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.143.2 + - name: CP-IKE-POLICY + local_id: 192.168.143.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +router_adaptive_virtual_topology: + topology_role: transit region + region: + name: AVD_Land_West + id: 42 + zone: + name: DEFAULT-ZONE + id: 1 + site: + name: Site422 + id: 422 + profiles: + - name: CONTROL-PLANE-PROFILE + load_balance_policy: LB-CONTROL-PLANE-PROFILE + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY-VOICE + load_balance_policy: LB-TRANSIT-AVT-POLICY-VOICE + - name: TRANSIT-AVT-POLICY-DEFAULT + load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: CONTROL-PLANE-PROFILE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: TRANSIT + policy: TRANSIT-AVT-POLICY + profiles: + - name: TRANSIT-AVT-POLICY-VOICE + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + policies: + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: TRANSIT-AVT-POLICY-VOICE + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: CONTROL-PLANE-APPLICATION-PROFILE + avt_profile: CONTROL-PLANE-PROFILE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_path_selection: + tcp_mss_ceiling: + ipv4_segment_size: auto + path_groups: + - name: INET + id: 101 + local_interfaces: + - name: Ethernet1.42 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder-Ethernet1 + - INET-cv-pathfinder-pathfinder-Ethernet3 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 10.7.7.7 + - 10.9.9.9 + ipsec_profile: CP-PROFILE + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2.42 + stun: + server_profiles: + - MPLS-cv-pathfinder-pathfinder-Ethernet2 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 + - name: LAN_HA + id: 65535 + flow_assignment: lan + local_interfaces: + - name: Ethernet52 + static_peers: + - router_ip: 192.168.143.1 + name: cv-pathfinder-transit1A + ipv4_addresses: + - 172.17.0.1 + load_balance_policies: + - name: LB-CONTROL-PLANE-PROFILE + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + - name: LB-PROD-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + jitter: 42 + - name: LB-PROD-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + loss_rate: '42.0' + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 42 + - name: LB-TRANSIT-AVT-POLICY-VOICE + path_groups: + - name: LAN_HA + - name: MPLS + - name: INET + priority: 2 + - name: LB-TRANSIT-AVT-POLICY-DEFAULT + path_groups: + - name: LAN_HA + - name: INET + - name: MPLS + priority: 2 +router_traffic_engineering: + enabled: true +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 10.7.7.7 + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2 + ip_address: 172.16.0.1 +application_traffic_recognition: + application_profiles: + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: VIDEO + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: CONTROL-PLANE-APPLICATION-PROFILE + applications: + - name: CONTROL-PLANE-APPLICATION + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: microsoft-teams + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + protocols: + - tcp + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CONTROL-PLANE-APPLICATION + dest_prefix_set_name: CONTROL-PLANE-APP-DEST-PREFIXES + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: CONTROL-PLANE-APP-DEST-PREFIXES + prefix_values: + - 192.168.144.1/32 +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9214 + ip_address: 192.168.143.2/32 + flow_tracker: + hardware: WAN-FLOW-TRACKER +vxlan_interface: + Vxlan1: + description: cv-pathfinder-transit1B_VTEP + vxlan: + udp_port: 4789 + source_interface: Dps1 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 + - name: TRANSIT + vni: 66 +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: DEFAULT-ZONE + - name: Site + value: Site422 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + vtep_ip: 192.168.143.2 + region: AVD_Land_West + zone: DEFAULT-ZONE + site: Site422 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET + - name: Ethernet2.42 + carrier: Colt + circuit_id: '10666' + pathgroup: MPLS + pathfinders: + - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml index e8768da5e3f..7982092661c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml @@ -1,8 +1,8 @@ hostname: site-ha-disabled-leaf is_deployed: true router_bgp: - as: '65000' - router_id: 192.168.45.3 + as: '65199' + router_id: 192.168.45.4 bgp: default: ipv4_unicast: false @@ -45,7 +45,7 @@ router_bgp: description: cv-pathfinder-edge-no-common-path-group_Ethernet52 vrfs: - name: IT - router_id: 192.168.45.3 + router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -55,7 +55,7 @@ router_bgp: peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' description: cv-pathfinder-edge-no-common-path-group_Ethernet52.100_vrf_IT - rd: 192.168.45.3:100 + rd: 192.168.45.4:100 route_targets: import: - address_family: evpn @@ -68,7 +68,7 @@ router_bgp: redistribute_routes: - source_protocol: connected - name: PROD - router_id: 192.168.45.3 + router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -78,7 +78,7 @@ router_bgp: peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' description: cv-pathfinder-edge-no-common-path-group_Ethernet52.42_vrf_PROD - rd: 192.168.45.3:42 + rd: 192.168.45.4:42 route_targets: import: - address_family: evpn @@ -91,7 +91,7 @@ router_bgp: redistribute_routes: - source_protocol: connected - name: default - rd: 192.168.45.3:1 + rd: 192.168.45.4:1 route_targets: import: - address_family: evpn @@ -108,7 +108,7 @@ router_bgp: vlans: - id: 100 tenant: TenantA - rd: 192.168.45.3:1100 + rd: 192.168.45.4:1100 route_targets: both: - 1100:1100 @@ -116,7 +116,7 @@ router_bgp: - learned - id: 101 tenant: TenantA - rd: 192.168.45.3:1101 + rd: 192.168.45.4:1101 route_targets: both: - 1101:1101 @@ -209,11 +209,11 @@ loopback_interfaces: - name: Loopback0 description: EVPN_Overlay_Peering shutdown: false - ip_address: 192.168.45.3/32 + ip_address: 192.168.45.4/32 - name: Loopback1 description: VTEP_VXLAN_Tunnel_Source shutdown: false - ip_address: 192.168.255.3/32 + ip_address: 192.168.255.4/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml new file mode 100644 index 00000000000..7a35d7e79bd --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf1 +is_deployed: true +router_bgp: + as: '65199' + router_id: 192.168.45.1 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-transit1A + description: cv-pathfinder-transit1A_Ethernet52 + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-transit1B + description: cv-pathfinder-transit1B_Ethernet52 + vrfs: + - name: IT + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1A_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1B_Ethernet52.100_vrf_IT + rd: 192.168.45.1:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1A_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1B_Ethernet52.42_vrf_PROD + rd: 192.168.45.1:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.1:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.1:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52 + peer_type: wan_transit + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.0/31 +- name: Ethernet1.100 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52.100 + peer_type: wan_transit + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.0/31 +- name: Ethernet1.42 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52.42 + peer_type: wan_transit + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1A_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.0/31 +- name: Ethernet2 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52 + peer_type: wan_transit + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.2/31 +- name: Ethernet2.100 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52.100 + peer_type: wan_transit + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.2/31 +- name: Ethernet2.42 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52.42 + peer_type: wan_transit + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-TRANSIT1B_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.2/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.1/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.1/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf1_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml new file mode 100644 index 00000000000..b58d641ae53 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf2A +is_deployed: true +router_bgp: + as: '65199' + router_id: 192.168.45.2 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2A + description: cv-pathfinder-edge2A_Ethernet52 + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2B + description: cv-pathfinder-edge2B_Ethernet52 + vrfs: + - name: IT + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet52.100_vrf_IT + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet52.100_vrf_IT + rd: 192.168.45.2:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet52.42_vrf_PROD + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet52.42_vrf_PROD + rd: 192.168.45.2:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.2:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.2:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.4/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.4/31 +- name: Ethernet2 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.8/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.8/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet52.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.8/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.2/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.2/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf2A_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml new file mode 100644 index 00000000000..b9be0d8ac7b --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml @@ -0,0 +1,270 @@ +hostname: site-ha-enabled-leaf2B +is_deployed: true +router_bgp: + as: '65199' + router_id: 192.168.45.3 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2A + description: cv-pathfinder-edge2A_Ethernet53 + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: cv-pathfinder-edge2B + description: cv-pathfinder-edge2B_Ethernet53 + vrfs: + - name: IT + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet53.100_vrf_IT + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet53.100_vrf_IT + rd: 192.168.45.3:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + redistribute_routes: + - source_protocol: connected + - name: PROD + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet53.42_vrf_PROD + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet53.42_vrf_PROD + rd: 192.168.45.3:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + redistribute_routes: + - source_protocol: connected + - name: default + rd: 192.168.45.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.3:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.3:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + tenant: TenantA + ip_routing: true +- name: PROD + tenant: TenantA + ip_routing: true +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +ethernet_interfaces: +- name: Ethernet1 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.6/31 +- name: Ethernet1.100 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet1.42 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2A_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.6/31 +- name: Ethernet2 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53 + peer_type: wan_edge + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53 + shutdown: false + mtu: 9214 + type: routed + ip_address: 172.17.0.10/31 +- name: Ethernet2.100 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.100 + peer_type: wan_edge + vrf: IT + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.100_vrf_IT + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 100 + mtu: 9214 + ip_address: 172.17.0.10/31 +- name: Ethernet2.42 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.42 + peer_type: wan_edge + vrf: PROD + description: P2P_LINK_TO_CV-PATHFINDER-EDGE2B_Ethernet53.42_vrf_PROD + shutdown: false + type: l3dot1q + encapsulation_dot1q_vlan: 42 + mtu: 9214 + ip_address: 172.17.0.10/31 +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 192.168.45.3/32 +- name: Loopback1 + description: VTEP_VXLAN_Tunnel_Source + shutdown: false + ip_address: 192.168.255.3/32 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +vlans: +- id: 100 + name: VLAN100 + tenant: TenantA +- id: 101 + name: VLAN101 + tenant: TenantA +ip_igmp_snooping: + globally_enabled: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 +vlan_interfaces: +- name: Vlan100 + tenant: TenantA + description: VLAN100 + shutdown: true + ip_address_virtual: 10.0.100.1/24 + vrf: PROD +vxlan_interface: + Vxlan1: + description: site-ha-enabled-leaf2B_VTEP + vxlan: + udp_port: 4789 + source_interface: Loopback1 + vlans: + - id: 100 + vni: 1100 + - id: 101 + vni: 1101 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml index 2ce0d52cf49..d95f90ea84a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml @@ -2,8 +2,6 @@ # Testing cv-pathfinder wan_mode: cv-pathfinder -bgp_as: 65000 - cv_pathfinder_regions: - name: AVD_Land_West id: 42 @@ -45,7 +43,7 @@ default_node_types: - "cv-pathfinder-pathfinder.*" - node_type: wan_transit match_hostnames: - - "cv-pathfinder-transit" + - "cv-pathfinder-transit.*" - node_type: wan_edge match_hostnames: - "cv-pathfinder-edge.*" @@ -60,6 +58,8 @@ wan_edge: filter: always_include_vrfs_in_tenants: [TenantA] uplink_ipv4_pool: 172.17.0.0/16 + bgp_as: 65000 + # Testing HA and disabling HA node_groups: # SITE_HA_DISABLED - group: Site511 @@ -68,25 +68,8 @@ wan_edge: uplink_interfaces: [ Ethernet52 ] cv_pathfinder_region: AVD_Land_East cv_pathfinder_site: Site511 - id: 1 - l3_interfaces: - - name: Ethernet1 - wan_carrier: ATT - wan_circuit_id: 666 - dhcp_accept_default_route: true - ip_address: dhcp - - name: Ethernet2 - wan_carrier: Colt - wan_circuit_id: 10555 - ip_address: 172.15.5.5/31 - - name: Ethernet3 - wan_carrier: Comcast-5G - wan_circuit_id: AF830 - ip_address: 172.20.20.20/31 - connected_to_pathfinder: False - # Disabling HA - TODO once implemented, for now it is disabled by default - # wan_ha: - # enabled: False + wan_ha: + enabled: False nodes: - name: cv-pathfinder-edge id: 1 @@ -118,6 +101,31 @@ wan_edge: wan_circuit_id: S511 dhcp_accept_default_route: true ip_address: dhcp + # SITE_HA_ENABLED + - group: Site423 + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site423 + uplink_type: p2p-vrfs + uplink_switches: [ site-ha-enabled-leaf2A, site-ha-enabled-leaf2B ] + uplink_interfaces: [ Ethernet52, Ethernet53 ] + nodes: + - name: cv-pathfinder-edge2A + id: 2 + l3_interfaces: + - name: Ethernet1 + wan_carrier: ATT + wan_circuit_id: 423-01 + dhcp_accept_default_route: true + ip_address: dhcp + uplink_switch_interfaces: [Ethernet1, Ethernet1] + - name: cv-pathfinder-edge2B + id: 3 + l3_interfaces: + - name: Ethernet2 + wan_carrier: Colt + wan_circuit_id: 10423 + ip_address: 172.15.6.6/31 + uplink_switch_interfaces: [Ethernet2, Ethernet2] # Fake DC1 l3leaf: @@ -129,13 +137,14 @@ l3leaf: filter: always_include_vrfs_in_tenants: [TenantA] nodes: - # Used for HA in HA PR - #- name: site-ha-enabled-leaf1 - # id: 1 - #- name: site-ha-enabled-leaf2 - # id: 2 - - name: site-ha-disabled-leaf + - name: site-ha-enabled-leaf1 + id: 1 + - name: site-ha-enabled-leaf2A + id: 2 + - name: site-ha-enabled-leaf2B id: 3 + - name: site-ha-disabled-leaf + id: 4 wan_transit: defaults: @@ -143,27 +152,54 @@ wan_transit: vtep_loopback_ipv4_pool: 192.168.143.0/24 filter: always_include_vrfs_in_tenants: [TenantA, TenantB] - nodes: - - name: cv-pathfinder-transit - cv_pathfinder_region: AVD_Land_West - cv_pathfinder_site: Site422 - id: 1 - l3_interfaces: - - name: Ethernet1.42 - wan_carrier: Comcast - dhcp_accept_default_route: true - ip_address: dhcp - - name: Ethernet2.42 - encapsulation_dot1q_vlan: 666 - wan_carrier: Colt - wan_circuit_id: 10666 - ip_address: 172.16.6.6/31 + uplink_ipv4_pool: 172.17.0.0/16 + uplink_type: p2p-vrfs + uplink_switches: [ site-ha-enabled-leaf1 ] + uplink_interfaces: [ Ethernet52 ] + bgp_as: 65000 + node_groups: + - group: TRANSIT_SITE_HA_ENABLED + # Disable HA IPsec + wan_ha: + ipsec: false + nodes: + - name: cv-pathfinder-transit1A + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site422 + id: 1 + uplink_switch_interfaces: [Ethernet1] + l3_interfaces: + - name: Ethernet1.42 + wan_carrier: Comcast + dhcp_accept_default_route: true + ip_address: dhcp + - name: Ethernet2.42 + encapsulation_dot1q_vlan: 666 + wan_carrier: Colt + wan_circuit_id: 10666 + ip_address: 172.16.6.6/31 + - name: cv-pathfinder-transit1B + cv_pathfinder_region: AVD_Land_West + cv_pathfinder_site: Site422 + id: 2 + uplink_switch_interfaces: [Ethernet2] + l3_interfaces: + - name: Ethernet1.42 + wan_carrier: Comcast + dhcp_accept_default_route: true + ip_address: dhcp + - name: Ethernet2.42 + encapsulation_dot1q_vlan: 666 + wan_carrier: Colt + wan_circuit_id: 10666 + ip_address: 172.16.6.6/31 wan_rr: defaults: loopback_ipv4_pool: 192.168.44.0/24 vtep_loopback_ipv4_pool: 192.168.144.0/24 data_plane_cpu_allocation_max: 1 + bgp_as: 65000 nodes: - name: cv-pathfinder-pathfinder id: 1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index eff19b32db9..66f65060948 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -290,16 +290,18 @@ all: autovpn-rr2: autovpn-edge: CV_PATHFINDER_TESTS: - hosts: - cv-pathfinder-transit: children: - # TODO HA PR - #SITE_HA_ENABLED: - # hosts: - # cv-pathfinder-edge2: - # cv-pathfinder-edge3: - # site-ha-enabled-leaf1: - # site-ha-enabled-leaf2: + SITE_HA_ENABLED: + hosts: + cv-pathfinder-edge2A: + cv-pathfinder-edge2B: + site-ha-enabled-leaf2A: + site-ha-enabled-leaf2B: + TRANSIT_SITE_HA_ENABLED: + hosts: + cv-pathfinder-transit1A: + cv-pathfinder-transit1B: + site-ha-enabled-leaf1: SITE_HA_DISABLED: hosts: cv-pathfinder-edge: diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py index 509de8788e0..22fce188209 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/overlay.py @@ -142,13 +142,19 @@ def evpn_soo(self: SharedUtils) -> str: - For WAN routers this is : - Otherwise this is :1 - TODO: Implement HA logic for WAN TODO: Reconsider if suffix should just be :1 for all WAN routers. """ if self.is_wan_router: - if self.is_cv_pathfinder_edge_or_transit: + # for Pathfinder, no HA, no Site ID + if not self.is_cv_pathfinder_edge_or_transit: + return f"{self.router_id}:0" + if not self.wan_ha: return f"{self.router_id}:{self.wan_site['id']}" - return f"{self.router_id}:0" + if self.is_first_ha_peer: + return f"{self.router_id}:{self.wan_site['id']}" + else: + peer_fact = self.get_peer_facts(self.wan_ha_peer, required=True) + return f"{peer_fact['router_id']}:{self.wan_site['id']}" if self.overlay_vtep: return f"{self.vtep_ip}:1" diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py index c3bf299a24f..a5827e55112 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/wan.py @@ -375,3 +375,91 @@ def is_cv_pathfinder_edge_or_transit(self: SharedUtils) -> bool: Return True is the current wan_mode is cv-pathfinder and the device is either an edge or a transit device """ return self.wan_mode == "cv-pathfinder" and self.cv_pathfinder_role in ["edge", "transit region"] + + @cached_property + def wan_ha(self: SharedUtils) -> bool: + """ + Only trigger HA if 2 devices are in the same group and wan_ha.enabled is true + """ + if self.cv_pathfinder_role in [None, "pathfinder"]: + return False + return get(self.switch_data_combined, "wan_ha.enabled", default=True) and len(self.switch_data_node_group_nodes) == 2 + + @cached_property + def wan_ha_path_group_name(self: SharedUtils) -> str: + """ + Return HA path group name for the WAN design. + Used in both network services and overlay python modules. + + TODO make this configurable + """ + return "LAN_HA" + + @cached_property + def is_first_ha_peer(self: SharedUtils) -> bool: + """ + Returns True if the device is the first device in the node_group, + false otherwise. + + This should be called only from functions which have checked that HA is enabled. + """ + return self.switch_data_node_group_nodes[0]["name"] == self.hostname + + @cached_property + def wan_ha_peer(self: SharedUtils) -> str | None: + """ + Return the name of the WAN HA peer. + """ + if not self.wan_ha: + return None + if self.is_first_ha_peer: + return self.switch_data_node_group_nodes[1]["name"] + elif self.switch_data_node_group_nodes[1]["name"] == self.hostname: + return self.switch_data_node_group_nodes[0]["name"] + raise AristaAvdError("Unable to find WAN HA peer within same node group") + + @cached_property + def wan_ha_peer_ip_addresses(self: SharedUtils) -> list: + """ + Read the IP addresses/prefix length from HA peer uplinks + Used also to generate the prefix list of the PEER HA prefixes + """ + peer_facts = self.get_peer_facts(self.wan_ha_peer, required=True) + # For now only picking up uplink interfaces in VRF default on the router. + vrf_default_peer_uplinks = [uplink for uplink in get(peer_facts, "uplinks", required=True) if get(uplink, "vrf") is None] + + ip_addresses = [] + for uplink in vrf_default_peer_uplinks: + ip_address = get( + uplink, + "ip_address", + required=True, + org_key=f"The uplink interface {uplink['interface']} used as WAN LAN HA on the remote peer {self.wan_ha_peer} does not have an IP address", + ) + # We can use [] notation here because if there is an ip_address, there should be a prefix_length + prefix_length = uplink["prefix_length"] + ip_addresses.append(f"{ip_address}/{prefix_length}") + + return ip_addresses + + @cached_property + def wan_ha_ip_addresses(self: SharedUtils) -> list: + """ + Read the IP addresses/prefix length from this device uplinks used for HA. + Used to generate the prefix list. + """ + vrf_default_uplinks = [uplink for uplink in self.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + + ip_addresses = [] + for uplink in vrf_default_uplinks: + ip_address = get( + uplink, + "ip_address", + required=True, + org_key=f"The uplink interface {uplink['interface']} used as WAN LAN HA does not have an IP address", + ) + # We can use [] notation here because if there is an ip_address, there should be a prefix_length + prefix_length = uplink["prefix_length"] + ip_addresses.append(f"{ip_address}/{prefix_length}") + + return ip_addresses diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md index ab49180a4e6..a6820f28545 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md @@ -13,6 +13,9 @@ | [    cv_pathfinder_role](## ".defaults.cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [    cv_pathfinder_region](## ".defaults.cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [    cv_pathfinder_site](## ".defaults.cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [    wan_ha](## ".defaults.wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [      enabled](## ".defaults.wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | + | [      ipsec](## ".defaults.wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [    dps_mss_ipv4](## ".defaults.dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  node_groups](## ".node_groups") | List, items: Dictionary | | | | Define variables related to all nodes part of this group. | | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| @@ -22,11 +25,17 @@ | [          cv_pathfinder_role](## ".node_groups.[].nodes.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [          cv_pathfinder_region](## ".node_groups.[].nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [          cv_pathfinder_site](## ".node_groups.[].nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [          wan_ha](## ".node_groups.[].nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [            enabled](## ".node_groups.[].nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | + | [            ipsec](## ".node_groups.[].nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [          dps_mss_ipv4](## ".node_groups.[].nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [      wan_role](## ".node_groups.[].wan_role") | String | | | Valid Values:
- client
- server | PREVIEW: This key is currently not supported
Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [      cv_pathfinder_role](## ".node_groups.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [      cv_pathfinder_region](## ".node_groups.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".node_groups.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [      wan_ha](## ".node_groups.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [        enabled](## ".node_groups.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | + | [        ipsec](## ".node_groups.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".node_groups.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | @@ -34,6 +43,9 @@ | [      cv_pathfinder_role](## ".nodes.[].cv_pathfinder_role") | String | | | Valid Values:
- edge
- transit region
- pathfinder | PREVIEW: This key is currently not supported
Override the default CV Pathfinder role.

This key is used for Pathfinder designs only when the `wan_mode` root
key is set to `cv_pathfinder`.

`pathfinder` is only a valid if `wan_role` is `server`.
`edge` and `transit region` are only valid if `wan_role` is `client`. | | [      cv_pathfinder_region](## ".nodes.[].cv_pathfinder_region") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder region name. | | [      cv_pathfinder_site](## ".nodes.[].cv_pathfinder_site") | String | | | | PREVIEW: This key is currently not supported

The CV Pathfinder site name. | + | [      wan_ha](## ".nodes.[].wan_ha") | Dictionary | | | | PREVIEW: This key is currently not supported

The key is supported only if `wan_mode` == `cv-pathfinder`.
AutoVPN support is still to be determined.

Maximum 2 devices supported by group for HA. | + | [        enabled](## ".nodes.[].wan_ha.enabled") | Boolean | | `True` | | Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. | + | [        ipsec](## ".nodes.[].wan_ha.ipsec") | Boolean | | `True` | | Enable / Disable IPsec over HA path-group when HA is enabled. | | [      dps_mss_ipv4](## ".nodes.[].dps_mss_ipv4") | String | | `auto` | | PREVIEW: This key is currently not supported

IPv4 MSS value configured under "router path-selection" on WAN Devices. | === "YAML" @@ -76,6 +88,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -124,6 +150,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -159,6 +199,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: @@ -200,6 +254,20 @@ # PREVIEW: This key is currently not supported + # The key is supported only if `wan_mode` == `cv-pathfinder`. + # AutoVPN support is still to be determined. + + # Maximum 2 devices supported by group for HA. + wan_ha: + + # Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + enabled: + + # Enable / Disable IPsec over HA path-group when HA is enabled. + ipsec: + + # PREVIEW: This key is currently not supported + # IPv4 MSS value configured under "router path-selection" on WAN Devices. dps_mss_ipv4: ``` diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md index c3700dc5e9c..a34e2e276ac 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/wan-preview.md @@ -38,6 +38,7 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co - Policies are assigned to VRFs using the list `wan_virtual_topologies.vrfs`. A policy can be reused in multiple VRFs. - If no policy is assigned for the `default` VRF policy, AVD auto generates one with one `default_virtual_topology` entry configured to use all available local path-groups. - For the policy defined for VRF `default` (or the auto-generared one), an extra match statement is injected in the policy to match the traffic towards the Pathfinders or AutoVPN RRs, the name of the application-profile is hardcoded as `CONTROL-PLANE-APPLICATION-PROFILE`. A special policy is created by appending `-WITH-CP` at the end of the targetted policy name. + - For HA, the considered interfaces are only the `uplink_interfaces` in VRF default. It is possible to disable HA under node settings. #### LAN Designs @@ -75,7 +76,36 @@ The intention is to support both a single [AutoVPN design](https://www.arista.co ###### HA -To Be Implemented. +for eBGP LAN routing protocol the following is done to enable HA: + +- the uplink interfaces are used as HA interfaces. +- the subnets of the HA interfaces are redistributed to BGP via the `RM-CONN-2-BGP` route-map +BGP underlay peer group is configured with `allowas-in 1` to be able to learn the HA peer uplink interface subnet over the LAN as well as learning WAN routes from other sites (as backup in case all WAN links are lost). +- the Underlay peer group is configured with two route-maps + - one inbound route-map `RM-UNDERLAY-PEERS-IN` + - Match HA peer's uplink subnets (not marked) to be able to form HA tunnel (not exported to EVPN). + - Match HA peer's originated prefixes, set longer AS path and mark with SoO to export to EVPN. These will be used as backup from other sites to destinations on HA Peer Router in case all WAN connections on Peer are down. + - Match all WAN routes using AS path and set no-advertise community. This will be used as backup routes to the WAN in case this router looses all WAN connections. + - Match anything else (LAN prefixes) and mark with the SoO `:` to export to EVPN. + - one outbound route-map `RM-UNDERLAY-PEERS-OUT` + - allowing local routes marked with SoO (routes/interfaces defined via tenants + router-id) + - allowing subnets of uplink interfaces. + - allow all routes learned from iBGP (WAN) + - Implicitly denying other routes which could be learned from BGP towards a WAN provider or redistributed without marking with SoO. + +##### OSPF LAN HA + +- Configure `underlay_routing_protocol` to OSPF for both the WAN router and the uplink router. + +!!! warning + + In the current implementation, OSPF on LAN is not supported as there is no redistribution of route from OSPF to BGP and vice-versa implemented. + +###### HA + +The HA tunnel will come up properly today but route redistribution will be missing so it is not usable. + +- the HA interface(s) is(are) the uplink interface(s) which are automatically included in OSPF. ## Known limitations @@ -97,17 +127,17 @@ To Be Implemented. - All Pathfinders must be able to create a full mesh - No IPv6 support -- For WAN interfaces only physical interfaces are supported today under `node.l3_interfaces` - For WAN interfaces, NAT IP on the Pathfinder side can be supported using the `wan_route_servers.path_groups.interfaces` key. - Path-group ID is currently required under `wan_path_groups` until an algorithm is implemented to auto generate IDs. +- It is not yet supported to disable HA on a specific LAN interface on the device, nor is it supported to add HA configuration on a non-uplink interface. - The name of the AVT policies and AVT profiles are configurable in the input variables. The Load Balance policies are named `LB-` and are not configurable. - For LAN, the current supported funcitonality is to use `uplink_type: p2p-vrfs` on the WAN routers and to have the relevant VRFs present on the uplink switches via `network_services`. Other LAN scenarios will come with time. +- HA for AutoVPN is not supported ## Future work - Auto generation of Path-group IDs and other IDs. - New LAN scenarios (L2, ..) -- HA for eBGP - HA for AutoVPN - Proper OSPF-BGP redistribution in VRF default. - Support for OSPF subinterfaces. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py index 8bc67b3e8f5..6a8134cb798 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py @@ -213,20 +213,21 @@ def _wan_policy_key(self) -> str: def _generate_wan_load_balance_policy(self, name: str, input_dict: dict, context_path: str) -> dict: """ - Generate and return a router path-selection load-balance policy. + Generate and return a router path-selection load-balance policy. If HA is enabled, inject the HA path-group with priority 1. Attrs: ------ name (str): The name of the load balance policy input_dict (dict): The dictionary containing the list of path-groups and their preference. context_path (str): Key used for context for error messages. - - TODO: - * add LAN_HA with prio 1 when HA is implemented """ wan_local_path_group_names = [path_group["name"] for path_group in self.shared_utils.wan_local_path_groups] wan_load_balance_policy = {"name": name, "path_groups": [], **get(input_dict, "constraints", default={})} + if self.shared_utils.wan_ha or self.shared_utils.cv_pathfinder_role == "pathfinder": + # Adding HA path-group with priority 1 - it does not count as an entry with priority 1 + wan_load_balance_policy["path_groups"].append({"name": self.shared_utils.wan_ha_path_group_name}) + # An entry is composed of a list of path-groups in `names` and a `priority` policy_entries = get(input_dict, "path_groups", []) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py index 407741ba00c..31e97e03668 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py @@ -46,13 +46,19 @@ def _append_data_plane(self, ip_security: dict, data_plane_config: dict) -> None """ In place update of ip_security """ + if self.shared_utils.wan_ha: + ike_policy_name = get(data_plane_config, "ike_policy_name", default="DP-IKE-POLICY") + else: + ike_policy_name = None sa_policy_name = get(data_plane_config, "sa_policy_name", default="DP-SA-POLICY") profile_name = get(data_plane_config, "profile_name", default="DP-PROFILE") key = get(data_plane_config, "shared_key", required=True) # IKE policy for data-plane is not required for dynamic tunnels except for HA cases + if self.shared_utils.wan_ha: + ip_security["ike_policies"].append(self._ike_policy(ike_policy_name)) ip_security["sa_policies"].append(self._sa_policy(sa_policy_name)) - ip_security["profiles"].append(self._profile(profile_name, None, sa_policy_name, key)) + ip_security["profiles"].append(self._profile(profile_name, ike_policy_name, sa_policy_name, key)) # For data plane, adding key_controller by default ip_security["key_controller"] = self._key_controller(profile_name) diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py index d7458a85bbc..c35aa492fe1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/router_path_selection.py @@ -82,18 +82,59 @@ def _get_path_groups(self) -> list: path_groups.append(path_group_data) - if self.shared_utils.cv_pathfinder_role: - pass - # implement LAN_HA here + if (self.shared_utils.cv_pathfinder_role and self.shared_utils.wan_ha) or self.shared_utils.cv_pathfinder_role == "pathfinder": + path_groups.append(self._generate_ha_path_group()) return path_groups + def _generate_ha_path_group(self) -> dict: + """ + Called only when self.shared_utils.wan_ha is True or on Pathfinders + """ + ha_path_group = { + "name": self.shared_utils.wan_ha_path_group_name, + "id": self._get_path_group_id(self.shared_utils.wan_ha_path_group_name), + "flow_assignment": "lan", + } + if self.shared_utils.cv_pathfinder_role == "pathfinder": + return ha_path_group + + # not a pathfinder device + ha_path_group.update( + { + # This should be the LAN interface over which a DPS tunnel is built + "local_interfaces": [{"name": interface["interface"]} for interface in self._wan_ha_interfaces()], + "static_peers": [ + { + "router_ip": self._wan_ha_peer_vtep_ip(), + "name": self.shared_utils.wan_ha_peer, + "ipv4_addresses": [ip_address.split("/")[0] for ip_address in self.shared_utils.wan_ha_peer_ip_addresses], + } + ], + } + ) + if get(self.shared_utils.switch_data_combined, "wan_ha.ipsec", default=True): + ha_path_group["ipsec_profile"] = self._dp_ipsec_profile_name + + return ha_path_group + + def _wan_ha_interfaces(self) -> list: + """ + Return list of interfaces for HA + """ + return [uplink for uplink in self.shared_utils.get_switch_fact("uplinks") if get(uplink, "vrf") is None] + + def _wan_ha_peer_vtep_ip(self) -> str: + """ """ + peer_facts = self.shared_utils.get_peer_facts(self.shared_utils.wan_ha_peer, required=True) + return get(peer_facts, "vtep_ip", required=True) + def _get_path_group_id(self, path_group_name: str, config_id: int | None = None) -> int: """ TODO - implement algorithm to auto assign IDs - cf internal documenation TODO - also implement algorithm for cross connects on public path_groups """ - if path_group_name == "LAN_HA": + if path_group_name == self.shared_utils.wan_ha_path_group_name: return 65535 if config_id is not None: return config_id diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py index 125f467230a..db993f77fa6 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/prefix_lists.py @@ -3,6 +3,7 @@ # that can be found in the LICENSE file. from __future__ import annotations +import ipaddress from functools import cached_property from .utils import UtilsMixin @@ -46,6 +47,20 @@ def prefix_lists(self) -> list | None: ] prefix_lists.append({"name": "PL-LOOPBACKS-PIM-RP", "sequence_numbers": sequence_numbers}) + # TODO - may be needed in other situations + if self.shared_utils.wan_ha and self.shared_utils.underlay_routing_protocol == "ebgp": + sequence_numbers = [ + {"sequence": 10 * (index + 1), "action": f"permit {ipaddress.ip_network(ip_address, strict=False)}"} + for index, ip_address in enumerate(self.shared_utils.wan_ha_ip_addresses) + ] + prefix_lists.append({"name": "PL-WAN-HA-PREFIXES", "sequence_numbers": sequence_numbers}) + + sequence_numbers = [ + {"sequence": 10 * (index + 1), "action": f"permit {ipaddress.ip_network(ip_address, strict=False)}"} + for index, ip_address in enumerate(self.shared_utils.wan_ha_peer_ip_addresses) + ] + prefix_lists.append({"name": "PL-WAN-HA-PEER-PREFIXES", "sequence_numbers": sequence_numbers}) + return prefix_lists @cached_property diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py index 453bedaa31e..6d9f4394389 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/route_maps.py @@ -61,7 +61,14 @@ def route_maps(self) -> list | None: } ) - # TODO in WAN HA PR, use 50 for PL-WAN-HA-INTERFACES + if self.shared_utils.wan_ha: + sequence_numbers.append( + { + "sequence": 50, + "type": "permit", + "match": ["ip address prefix-list PL-WAN-HA-PREFIXES"], + } + ) route_maps.append({"name": "RM-CONN-2-BGP", "sequence_numbers": sequence_numbers}) @@ -87,48 +94,67 @@ def route_maps(self) -> list | None: # Route-map IN and OUT for SOO, rendered for WAN routers if self.shared_utils.underlay_routing_protocol == "ebgp" and self.shared_utils.wan_role == "client": - route_maps.append( + # RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers = [ { - "name": "RM-BGP-UNDERLAY-PEERS-IN", - "sequence_numbers": [ - # TODO sequence 10 is left to match prefixes from HA PEER - # on which SOO will be have been set by peer + "sequence": 40, + "type": "permit", + "description": "Mark prefixes originated from the LAN", + "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], + }, + ] + if self.shared_utils.wan_ha: + sequence_numbers.extend( + [ { - "sequence": 20, - "type": "deny", - "description": "Deny prefixes from WAN", - "match": ["as-path ASPATH-WAN"], - }, - { - "sequence": 30, + "sequence": 10, "type": "permit", - "description": "Mark prefixes originated from the LAN", - "set": [f"extcommunity soo {self.shared_utils.evpn_soo} additive"], + "description": "Allow WAN HA peer interface prefixes", + "match": ["ip address prefix-list PL-WAN-HA-PEER-PREFIXES"], }, - ], - } - ) - - route_maps.append( - { - "name": "RM-BGP-UNDERLAY-PEERS-OUT", - "sequence_numbers": [ { - "sequence": 10, + "sequence": 20, "type": "permit", - "description": "Advertise local routes towards LAN", + "description": "Allow prefixes originated from the HA peer", "match": ["extcommunity ECL-EVPN-SOO"], + "set": ["as-path match all replacement auto auto"], }, { - "sequence": 20, + "sequence": 30, "type": "permit", - "description": "Advertise routes received from WAN iBGP towards LAN", - "match": ["route-type internal"], + "description": "Use WAN routes from HA peer as backup", + "match": ["as-path ASPATH-WAN"], + "set": ["community no-advertise"], }, - # TODO match local HA prefix and mark them with SOO - ], - } - ) + ] + ) + route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-IN", "sequence_numbers": sequence_numbers}) + + # RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers = [ + { + "sequence": 10, + "type": "permit", + "description": "Advertise local routes towards LAN", + "match": ["extcommunity ECL-EVPN-SOO"], + }, + { + "sequence": 20, + "type": "permit", + "description": "Advertise routes received from WAN iBGP towards LAN", + "match": ["route-type internal"], + }, + ] + if self.shared_utils.wan_ha: + sequence_numbers.append( + { + "sequence": 30, + "type": "permit", + "description": "Advertise WAN HA prefixes towards LAN", + "match": ["ip address prefix-list PL-WAN-HA-PREFIXES"], + }, + ) + route_maps.append({"name": "RM-BGP-UNDERLAY-PEERS-OUT", "sequence_numbers": sequence_numbers}) if route_maps: return route_maps diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py index dc85ccfee1c..17767147cef 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/underlay/router_bgp.py @@ -43,10 +43,12 @@ def router_bgp(self) -> dict | None: "struct_cfg": self.shared_utils.bgp_peer_groups["ipv4_underlay_peers"]["structured_config"], } - # For HA will need to add allowas_in 1 if self.shared_utils.overlay_routing_protocol == "ibgp" and self.shared_utils.wan_mode == "cv-pathfinder" and self.shared_utils.wan_role is not None: peer_group["route_map_in"] = "RM-BGP-UNDERLAY-PEERS-IN" peer_group["route_map_out"] = "RM-BGP-UNDERLAY-PEERS-OUT" + if self.shared_utils.wan_ha: + # For HA need to add allowas_in 1 + peer_group["allowas_in"] = {"enabled": True, "times": 1} router_bgp["peer_groups"] = [strip_empties_from_dict(peer_group)] diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index ec482701fd6..7145402ea4f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -7559,6 +7559,30 @@ $defs: The CV Pathfinder site name.' + wan_ha: + documentation_options: + table: node-type-wan-configuration + type: dict + description: 'PREVIEW: This key is currently not supported + + + The key is supported only if `wan_mode` == `cv-pathfinder`. + + AutoVPN support is still to be determined. + + + Maximum 2 devices supported by group for HA.' + keys: + enabled: + type: bool + default: true + description: Enable / Disable auto CV-Pathfinder HA, when two nodes + are defined in the same node_group. + ipsec: + type: bool + default: true + description: Enable / Disable IPsec over HA path-group when HA is + enabled. dps_mss_ipv4: documentation_options: table: node-type-wan-configuration diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index 377a0ec5a89..3db8b35a3d1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -1161,6 +1161,27 @@ $defs: PREVIEW: This key is currently not supported The CV Pathfinder site name. + wan_ha: + documentation_options: + table: node-type-wan-configuration + type: dict + description: |- + PREVIEW: This key is currently not supported + + The key is supported only if `wan_mode` == `cv-pathfinder`. + AutoVPN support is still to be determined. + + Maximum 2 devices supported by group for HA. + + keys: + enabled: + type: bool + default: true + description: Enable / Disable auto CV-Pathfinder HA, when two nodes are defined in the same node_group. + ipsec: + type: bool + default: true + description: Enable / Disable IPsec over HA path-group when HA is enabled. dps_mss_ipv4: documentation_options: table: node-type-wan-configuration diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml index 033a2df431b..64a9487efcd 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml @@ -85,7 +85,7 @@ $defs: This is not rendered in the configuration but used for WAN designs. connected_to_pathfinder: type: bool - default: True + default: true description: |- For a WAN interface (`wan_path_group` is set), allow to disable the static tunnel towards Pathfinders. raw_eos_cli: